Download as
Browse Code »

Commit ecc7cab2da26f62d4c53115b5e3a0acdf2d84269

Authored by PauloGladson
1 parent bb29ed79

Segurança

Showing 25 changed files with 695 additions and 568 deletions   Show diff stats
.gitignore
  Diff comments   View file @ecc7cab
... ... @@ -4,3 +4,6 @@
4 4 /security/target/
5 5 /.project
6 6 /.settings/
  7 +/basic/target/
  8 +/basic (cópia)/target/
  9 +/jwt/target/
7 10 \ No newline at end of file
... ...
basic/.gitignore 0 → 100644
  Diff comments   View file @ecc7cab
... ... @@ -0,0 +1,3 @@
  1 +/.settings/
  2 +/.classpath
  3 +/.project
... ...
basic/pom.xml 0 → 100644
  Diff comments   View file @ecc7cab
... ... @@ -0,0 +1,34 @@
  1 +<?xml version="1.0" encoding="UTF-8"?>
  2 +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  3 + <modelVersion>4.0.0</modelVersion>
  4 + <groupId>org.demoiselle.jee</groupId>
  5 + <artifactId>demoiselle-security-basic</artifactId>
  6 + <version>3.0.0-SNAPSHOT</version>
  7 + <packaging>jar</packaging>
  8 + <properties>
  9 + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  10 + <maven.compiler.source>1.8</maven.compiler.source>
  11 + <maven.compiler.target>1.8</maven.compiler.target>
  12 + </properties>
  13 + <dependencies>
  14 +
  15 + <dependency>
  16 + <groupId>${project.groupId}</groupId>
  17 + <artifactId>demoiselle-core</artifactId>
  18 + <version>${project.version}</version>
  19 + </dependency>
  20 +
  21 + <dependency>
  22 + <groupId>${project.groupId}</groupId>
  23 + <artifactId>demoiselle-ws</artifactId>
  24 + <version>${project.version}</version>
  25 + </dependency>
  26 +
  27 + <dependency>
  28 + <groupId>${project.groupId}</groupId>
  29 + <artifactId>demoiselle-security</artifactId>
  30 + <version>${project.version}</version>
  31 + </dependency>
  32 +
  33 + </dependencies>
  34 +</project>
... ...
basic/src/main/java/org/demoiselle/jee/security/basic/impl/SecurityContextImpl.java 0 → 100644
  Diff comments   View file @ecc7cab
... ... @@ -0,0 +1,117 @@
  1 +package org.demoiselle.jee.security.basic.impl;
  2 +
  3 +import javax.enterprise.context.Dependent;
  4 +import java.io.Serializable;
  5 +import java.security.Principal;
  6 +import java.util.Map;
  7 +import java.util.Set;
  8 +import javax.inject.Inject;
  9 +import org.demoiselle.jee.core.util.ResourceBundle;
  10 +import org.demoiselle.jee.security.SecurityContext;
  11 +import org.demoiselle.jee.security.TokensManager;
  12 +import org.demoiselle.jee.security.exception.NotLoggedInException;
  13 +
  14 +/**
  15 + * <p>
  16 + * This is the default implementation of {@link SecurityContext} interface.
  17 + * </p>
  18 + *
  19 + * @author SERPRO
  20 + */
  21 +@Dependent
  22 +public class SecurityContextImpl implements SecurityContext {
  23 +
  24 + private static final long serialVersionUID = 1L;
  25 +
  26 + private String token;
  27 +
  28 + private Principal user;
  29 +
  30 + @Inject
  31 + private TokensManager tm;
  32 +
  33 + @Inject
  34 + private ResourceBundle bundle;
  35 +
  36 + /**
  37 + * @see org.demoiselle.security.SecurityContext#hasPermission(String,
  38 + * String)
  39 + */
  40 + @Override
  41 + public boolean hasPermission(String resource, String operation) {
  42 + boolean result = true;
  43 +
  44 + return result;
  45 + }
  46 +
  47 + /**
  48 + * @see org.demoiselle.security.SecurityContext#hasRole(String)
  49 + */
  50 + @Override
  51 + public boolean hasRole(String role) {
  52 + boolean result = true;
  53 +
  54 + return result;
  55 + }
  56 +
  57 + /**
  58 + * @see org.demoiselle.security.SecurityContext#isLoggedIn()
  59 + */
  60 + @Override
  61 + public boolean isLoggedIn() {
  62 + return getUser() != null;
  63 + }
  64 +
  65 + /**
  66 + * @see org.demoiselle.security.SecurityContext#getUser()
  67 + */
  68 + @Override
  69 + public Principal getUser() {
  70 + return this.user;
  71 + }
  72 +
  73 + public void checkLoggedIn() throws NotLoggedInException {
  74 + if (!isLoggedIn()) {
  75 + throw new NotLoggedInException(bundle.getString("user-not-authenticated"));
  76 + }
  77 + }
  78 +
  79 + @Override
  80 + public void setRoles(Set<String> roles) {
  81 + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
  82 + }
  83 +
  84 + @Override
  85 + public void setPermission(Map<String, String> permissions) {
  86 + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
  87 + }
  88 +
  89 + @Override
  90 + public Set<String> getResources(String operation) {
  91 + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
  92 + }
  93 +
  94 + @Override
  95 + public Set<String> getOperations(String resources) {
  96 + throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
  97 + }
  98 +
  99 + @Override
  100 + public void setUser(Principal principal) {
  101 + this.token = tm.create(principal);
  102 + this.user = principal;
  103 + }
  104 +
  105 + @Override
  106 + public String getToken() {
  107 + return token;
  108 + }
  109 +
  110 + @Override
  111 + public void setToken(String token) {
  112 + this.user = tm.getUser(token);
  113 + this.token = token;
  114 + }
  115 +
  116 +
  117 +}
... ...
basic/src/main/java/org/demoiselle/jee/security/basic/impl/TokensManagerImpl.java 0 → 100644
  Diff comments   View file @ecc7cab
... ... @@ -0,0 +1,48 @@
  1 +/*
  2 + * To change this license header, choose License Headers in Project Properties.
  3 + * To change this template file, choose Tools | Templates
  4 + * and open the template in the editor.
  5 + */
  6 +package org.demoiselle.jee.security.basic.impl;
  7 +
  8 +import java.security.Principal;
  9 +import java.util.UUID;
  10 +import java.util.concurrent.ConcurrentHashMap;
  11 +import javax.enterprise.context.Dependent;
  12 +import org.demoiselle.jee.security.TokensManager;
  13 +
  14 +/**
  15 + *
  16 + * @author 70744416353
  17 + */
  18 +@Dependent
  19 +public class TokensManagerImpl implements TokensManager {
  20 +
  21 + private static ConcurrentHashMap<String, Principal> repo = new ConcurrentHashMap<>();
  22 +
  23 + @Override
  24 + public Principal getUser(String token) {
  25 + return repo.get(token);
  26 + }
  27 +
  28 + @Override
  29 + public String create(Principal user) {
  30 + String value = null;
  31 + if (!repo.containsValue(user)) {
  32 + value = UUID.randomUUID().toString();
  33 + repo.put(value, user);
  34 + }
  35 + return value;
  36 + }
  37 +
  38 + @Override
  39 + public void remove(String token) {
  40 + repo.remove(token);
  41 + }
  42 +
  43 + @Override
  44 + public boolean validate(String token) {
  45 + return repo.containsKey(token);
  46 + }
  47 +
  48 +}
... ...
basic/src/main/resources/demoiselle.properties 0 → 100644
  Diff comments   View file @ecc7cab
core/src/main/resources/demoiselle-core-bundle.properties 0 → 100644
  Diff comments   View file @ecc7cab
... ... @@ -0,0 +1,130 @@
  1 +# Demoiselle Framework
  2 +# Copyright (C) 2010 SERPRO
  3 +# ----------------------------------------------------------------------------
  4 +# This file is part of Demoiselle Framework.
  5 +#
  6 +# Demoiselle Framework is free software; you can redistribute it and/or
  7 +# modify it under the terms of the GNU Lesser General Public License version 3
  8 +# as published by the Free Software Foundation.
  9 +#
  10 +# This program is distributed in the hope that it will be useful,
  11 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13 +# GNU General Public License for more details.
  14 +#
  15 +# You should have received a copy of the GNU Lesser General Public License version 3
  16 +# along with this program; if not, see <http://www.gnu.org/licenses/>
  17 +# or write to the Free Software Foundation, Inc., 51 Franklin Street,
  18 +# Fifth Floor, Boston, MA 02110-1301, USA.
  19 +# ----------------------------------------------------------------------------
  20 +# Este arquivo \u00E9 parte do Framework Demoiselle.
  21 +#
  22 +# O Framework Demoiselle \u00E9 um software livre; voc\u00EA pode redistribu\u00ED-lo e/ou
  23 +# modific\u00E1-lo dentro dos termos da GNU LGPL vers\u00E3o 3 como publicada pela Funda\u00E7\u00E3o
  24 +# do Software Livre (FSF).
  25 +#
  26 +# Este programa \u00E9 distribu\u00EDdo na esperan\u00E7a que possa ser \u00FAtil, mas SEM NENHUMA
  27 +# GARANTIA; sem uma garantia impl\u00EDcita de ADEQUA\u00C7\u00C3O a qualquer MERCADO ou
  28 +# APLICA\u00C7\u00C3O EM PARTICULAR. Veja a Licen\u00E7a P\u00FAblica Geral GNU/LGPL em portugu\u00EAs
  29 +# para maiores detalhes.
  30 +#
  31 +# Voc\u00EA deve ter recebido uma c\u00F3pia da GNU LGPL vers\u00E3o 3, sob o t\u00EDtulo
  32 +# "LICENCA.txt", junto com esse programa. Se n\u00E3o, acesse <http://www.gnu.org/licenses/>
  33 +# ou escreva para a Funda\u00E7\u00E3o do Software Livre (FSF) Inc.,
  34 +# 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  35 +
  36 +version=${project.version}
  37 +engine-on=Iniciando o Demoiselle Framework ${project.version} (Neo)
  38 +resource-not-found=Arquivo {0} n\u00E3o foi encontrado
  39 +key-not-found=A chave {0} n\u00E3o foi encontrada
  40 +ambiguous-strategy-resolution=Foi detectada ambiguidade da interface {0} com as seguintes implementa\u00E7\u00F5es\: {1}. Para resolver o conflito, defina explicitamente a implementa\u00E7\u00E3o no demoiselle.properties.
  41 +ambiguous-bean-resolution=Falha ao obter {0} pois foi detectada ambiguidade nas seguintes implementa\u00E7\u00F5es\: {1}
  42 +bean-not-found=Voc\u00EA est\u00E1 tentando obter um objeto n\u00E3o reconhecido pelo CDI via Beans.getReference({0})
  43 +store-not-found=O objeto do tipo [{0}] n\u00E3o pode ser armazenado no escopo indicado\: {1}
  44 +more-than-one-exceptionhandler-defined-for-same-class=Foi definido mais de um m\u00E9todo na classe {0} para tratar a exce\u00E7\u00E3o {1}
  45 +handling-exception=Tratando a exce\u00E7\u00E3o {0}
  46 +taking-off=O Demoiselle ${project.version} decolou
  47 +engine-off=Desligando os motores do Demoiselle ${project.version}
  48 +setting-up-bean-manager=BeanManager dispon\u00EDvel atrav\u00E9s do utilit\u00E1rio {0}
  49 +
  50 +user-transaction-lookup-fail=N\u00E3o foi encontrada nenhuma transa\u00E7\u00E3o com o nome {0} no contexto JNDI
  51 +transactional-execution=Execu\u00E7\u00E3o transacional de {0}
  52 +begin-transaction=Transa\u00E7\u00E3o iniciada
  53 +transaction-marked-rollback=Transa\u00E7\u00E3o marcada para rollback [{0}]
  54 +transaction-already-finalized=A transa\u00E7\u00E3o j\u00E1 havia sido finalizada
  55 +transaction-commited=Transa\u00E7\u00E3o finalizada com sucesso
  56 +transaction-rolledback=Transa\u00E7\u00E3o finalizada com rollback
  57 +
  58 +bootstrap.configuration.processing=Processando {0}
  59 +bootstrap-context-already-managed=O contexto {0} para o escopo {1} j\u00E1 foi adicionado
  60 +bootstrap-context-added=Adicionando o contexto {0} para o escopo {1}
  61 +
  62 +loading-configuration-class=Carregando a classe de configura\u00E7\u00E3o {0}
  63 +configuration-field-loaded={0}: {2}
  64 +configuration-attribute-is-mandatory=A configura\u00E7\u00E3o {0} \u00E9 obrigat\u00F3ria, mas n\u00E3o foi encontrada em {1}
  65 +configuration-name-attribute-cant-be-empty=A nota\u00E7\u00E3o @Name n\u00E3o pode estar em branco
  66 +configuration-generic-extraction-error=Ocorreu um erro durante a extra\u00E7\u00E3o do tipo {0} com o extrator {1}
  67 +configuration-dot-after-prefix=N\u00E3o \u00E9 necess\u00E1rio adicionar o ponto ap\u00F3s o prefixo para uma classe de configura\u00E7\u00E3o. \u00C9 recomendado que sejam retirados, pois poder\u00E3o causar erros em vers\u00F5es futuras do Framework.
  68 +configuration-key-not-found={0}\: [n\u00E3o encontrada]
  69 +configuration-extractor-not-found=N\u00E3o foi poss\u00EDvel encontrar a classe extratora para o atributo {0}. Implemente a interface {1} para criar sua classe extratora.
  70 +configuration-not-conversion=N\u00E3o \u00E9 poss\u00EDvel converter o valor {0} para o tipo {1}
  71 +
  72 +transaction-not-defined=Nenhuma transa\u00E7\u00E3o foi definida. Para utilizar @{0} \u00E9 preciso definir a propriedade frameworkdemoiselle.transaction.class com a estrat\u00E9gia de transa\u00E7\u00E3o desejada no arquivo demoiselle.properties
  73 +executing-all=Executando m\u00E9todos anotados com @{0}
  74 +custom-context-selected=Produzindo inst\u00E2ncia do contexto {0}
  75 +custom-context-was-activated=O contexto {0} foi ativado para o escopo {1}
  76 +custom-context-was-deactivated=O contexto {0} foi desativado para o escopo {1}
  77 +custom-context-already-activated=N\u00E3o foi poss\u00EDvel ativar o contexto {0}, o escopo {1} j\u00E1 est\u00E1 ativo no contexto {2}
  78 +custom-context-not-found=N\u00E3o foi encontrado um contexto gerenciado do tipo [{0}] para o escopo [{1}]
  79 +custom-context-manager-not-initialized=ContextManager n\u00E3o foi inicializado. Chame [initialize] ao capturar o evento [AfterBeanDiscovery] em uma extens\u00E3o CDI
  80 +
  81 +error-creating-new-instance-for=Error creating a new instance for "{0}"
  82 +executed-successfully={0} execultado com sucesso
  83 +must-declare-one-single-parameter=Voc\u00EA deve declarar um par\u00E2metro \u00FAnico em {0}
  84 +loading-default-transaction-manager=Carregando o gerenciador de transa\u00E7\u00E3o padr\u00E3o {0}
  85 +results-count-greater-page-size=Quantidade de resultados {0} \u00E9 maior que o tamanho da p\u00E1gina {1}
  86 +page-result=Resultado paginado [p\u00E1gina\={0}, total de resultados\={1}]
  87 +pagination-not-initialized=Pagina\u00E7\u00E3o n\u00E3o inicializada. Inicialize o sistema de pagina\u00E7\u00E3o definindo a p\u00E1gina atual ou o total de resultados ao menos uma vez na requisi\u00E7\u00E3o.
  88 +pagination-invalid-value=Valor inv\u00E1lido para paginador: [{0}].
  89 +page=P\u00E1gina [n\u00FAmero\={0}, tamanho\={1}]
  90 +processing=Processando\: {0}
  91 +processing-fail=Falha no processamento devido a uma exce\u00E7\u00E3o lan\u00E7ada pela aplica\u00E7\u00E3o
  92 +for= \ para\:
  93 +file-not-found=O arquivo {0} n\u00E3o foi encontrado
  94 +
  95 +adding-message-to-context=Adicionando uma mensagem no contexto: [{0}]
  96 +access-checking=Verificando permiss\u00E3o do usu\u00E1rio {0} para executar a a\u00E7\u00E3o {1} no recurso {2}
  97 +access-allowed=O usu\u00E1rio {0} acessou o recurso {2} com a a\u00E7\u00E3o {1}
  98 +access-denied=O usu\u00E1rio {0} n\u00E3o possui permiss\u00E3o para executar a a\u00E7\u00E3o {1} no recurso {2}
  99 +access-denied-ui=Voc\u00EA n\u00E3o est\u00E1 autorizado a executar a a\u00E7\u00E3o {1} no recurso {0}
  100 +authorizer-not-defined=Nenhuma regra de resolu\u00E7\u00E3o de permiss\u00F5es foi definida. Para utilizar @{0} \u00E9 preciso definir a propriedade frameworkdemoiselle.security.authorizer.class como regra de resolu\u00E7\u00E3o de permiss\u00F5es desejada no arquivo demoiselle.properties.
  101 +user-not-authenticated=Usu\u00E1rio n\u00E3o autenticado
  102 +invalid-credentials=Usu\u00E1rio ou senha inv\u00E1lidos
  103 +has-role-verification=Verificando se o usu\u00E1rio {0} possui a(s) role(s)\: {1}
  104 +does-not-have-role=Usu\u00E1rio {0} n\u00E3o possui a(s) role(s)\: {1}
  105 +does-not-have-role-ui=Para acessar este recurso \u00E9 necess\u00E1rio ser {0}
  106 +user-has-role=Usu\u00E1rio {0} possui a(s) role(s)\: {1}
  107 +
  108 +authenticator-not-defined=Nenhum mecanismo de autentica\u00E7\u00E3o foi definido. Para utilizar {0} \u00E9 preciso definir a propriedade frameworkdemoiselle.security.authenticator.class como mecanismo de autentica\u00E7\u00E3o desejado no arquivo demoiselle.properties.
  109 +
  110 +management-notification-attribute-changed=O atributo [{0}] da classe gerenciada [{1}] foi alterado
  111 +management-null-class-defined=O controlador de gerenciamento informado n\u00E3o pode ser [null]
  112 +management-abstract-class-defined=O controlador de gerenciamento [{0}] precisa ser uma classe concreta
  113 +management-no-annotation-found=Classe {0} precisa ser anotada com @ManagementController
  114 +management-invalid-property-no-getter-setter=Falha ao inicializar classe gerenciada {0}, n\u00E3o foi encontrado um m\u00E9todo get ou m\u00E9todo set para a propriedade {1}
  115 +management-invalid-property-as-operation=Falha ao inicializar classe gerenciada {0}, n\u00E3o \u00E9 poss\u00EDvel declarar uma propriedade cujo m\u00E9todo get ou set \u00E9 uma opera\u00E7\u00E3o
  116 +management-introspection-error=Erro ao ler atributos da classe gerenciada {0}
  117 +management-type-not-found=A classe gerenciada informada n\u00E3o existe\: {0}
  118 +management-invoke-error=Erro ao tentar invocar a opera\u00E7\u00E3o "{0}" da classe gerenciada, a opera\u00E7\u00E3o n\u00E3o foi encontrada
  119 +management-write-value-error=N\u00E3o foi poss\u00EDvel definir um valor para a propriedade {0}
  120 +management-read-value-error=N\u00E3o foi poss\u00EDvel ler o valor da propriedade {0}
  121 +management-debug-acessing-property=Acessando propriedade {0} da classe gerenciada {1}
  122 +management-debug-setting-property=Definindo novo valor para propriedade {0} da classe gerenciada {1}
  123 +management-debug-invoking-operation=Invocando opera\u00E7\u00E3o {0} da classe gerenciada {1}
  124 +management-debug-starting-custom-context=Levantando contexto {0} para executar comando na classe gerenciada {1}
  125 +management-debug-stoping-custom-context=Desligando contexto {0} para classe gerenciada {1}
  126 +management-debug-registering-managed-type=Registrando classe gerenciada [{0}]
  127 +management-debug-processing-management-extension=Processando extens\u00E3o de gerenciamento [{0}]
  128 +management-debug-removing-management-extension=Desativando extens\u00E3o de gerenciamento [{0}]
  129 +management-validation-constraint-violation=Ocorreu um erro de valida\u00E7\u00E3o na classe [{0}] ao definir um valor para a propriedade [{1}]\: [{2}]
  130 +management-validation-validator-not-found=Nenhum provedor de valida\u00E7\u00E3o de beans encontrado, as anota\u00E7\u00F5es de valida\u00E7\u00E3o n\u00E3o ser\u00E3o processadas
... ...
core/src/main/resources/demoiselle.properties 0 → 100644
  Diff comments   View file @ecc7cab
... ... @@ -0,0 +1,5 @@
  1 +# Enables JPA transaction strategy, automatically detected if demoiselle-jpa component is detected. Use only if you need to overwrite the default behaviour
  2 +#frameworkdemoiselle.transaction.class=br.gov.frameworkdemoiselle.transaction.JPATransaction
  3 +
  4 +# Enables JTA transaction strategy, automatically detected if demoiselle-jta component is detected. Use only if you need to overwrite the default behaviour
  5 +#frameworkdemoiselle.transaction.class=br.gov.frameworkdemoiselle.transaction.JTATransaction
... ...
jwt/.gitignore 0 → 100644
  Diff comments   View file @ecc7cab
... ... @@ -0,0 +1,3 @@
  1 +/.settings/
  2 +/.classpath
  3 +/.project
... ...
jwt/pom.xml 0 → 100644
  Diff comments   View file @ecc7cab
... ... @@ -0,0 +1,33 @@
  1 +<?xml version="1.0" encoding="UTF-8"?>
  2 +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  3 + <modelVersion>4.0.0</modelVersion>
  4 + <groupId>org.demoiselle.jee</groupId>
  5 + <artifactId>demoiselle-security-jwt</artifactId>
  6 + <version>3.0.0-SNAPSHOT</version>
  7 + <packaging>jar</packaging>
  8 + <properties>
  9 + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  10 + <maven.compiler.source>1.8</maven.compiler.source>
  11 + <maven.compiler.target>1.8</maven.compiler.target>
  12 + </properties>
  13 + <dependencies>
  14 + <dependency>
  15 + <groupId>${project.groupId}</groupId>
  16 + <artifactId>demoiselle-core</artifactId>
  17 + <version>${project.version}</version>
  18 + </dependency>
  19 +
  20 + <dependency>
  21 + <groupId>${project.groupId}</groupId>
  22 + <artifactId>demoiselle-ws</artifactId>
  23 + <version>${project.version}</version>
  24 + </dependency>
  25 +
  26 + <dependency>
  27 + <groupId>${project.groupId}</groupId>
  28 + <artifactId>demoiselle-security</artifactId>
  29 + <version>${project.version}</version>
  30 + </dependency>
  31 +
  32 + </dependencies>
  33 +</project>
... ...
pom.xml
  Diff comments   View file @ecc7cab
... ... @@ -23,7 +23,8 @@
23 23 <module>persistence</module>
24 24 <module>ws</module>
25 25 <!--<module>swagger</module>-->
26   - <!--<module>security</module>-->
  26 + <module>security</module>
  27 + <module>basic</module>
27 28 </modules>
28 29  
29 30 <dependencyManagement>
... ...
security/src/main/java/org/demoiselle/jee/security/AfterLoginSuccessful.java
View file @bb29ed7
... ... @@ -1,50 +0,0 @@
1   -/*
2   - * Demoiselle Framework
3   - * Copyright (C) 2010 SERPRO
4   - * ----------------------------------------------------------------------------
5   - * This file is part of Demoiselle Framework.
6   - *
7   - * Demoiselle Framework is free software; you can redistribute it and/or
8   - * modify it under the terms of the GNU Lesser General Public License version 3
9   - * as published by the Free Software Foundation.
10   - *
11   - * This program is distributed in the hope that it will be useful,
12   - * but WITHOUT ANY WARRANTY; without even the implied warranty of
13   - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14   - * GNU General Public License for more details.
15   - *
16   - * You should have received a copy of the GNU Lesser General Public License version 3
17   - * along with this program; if not, see <http://www.gnu.org/licenses/>
18   - * or write to the Free Software Foundation, Inc., 51 Franklin Street,
19   - * Fifth Floor, Boston, MA 02110-1301, USA.
20   - * ----------------------------------------------------------------------------
21   - * Este arquivo é parte do Framework Demoiselle.
22   - *
23   - * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
24   - * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
25   - * do Software Livre (FSF).
26   - *
27   - * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
28   - * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
29   - * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
30   - * para maiores detalhes.
31   - *
32   - * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
33   - * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
34   - * ou escreva para a Fundação do Software Livre (FSF) Inc.,
35   - * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
36   - */
37   -package org.demoiselle.jee.security;
38   -
39   -import java.io.Serializable;
40   -
41   -/**
42   - * <p>
43   - * This interface represents an event that is fired when user successfully logs in.
44   - * </p>
45   - *
46   - * @author SERPRO
47   - */
48   -public interface AfterLoginSuccessful extends Serializable {
49   -
50   -}
security/src/main/java/org/demoiselle/jee/security/AfterLogoutSuccessful.java
View file @bb29ed7
... ... @@ -1,50 +0,0 @@
1   -/*
2   - * Demoiselle Framework
3   - * Copyright (C) 2010 SERPRO
4   - * ----------------------------------------------------------------------------
5   - * This file is part of Demoiselle Framework.
6   - *
7   - * Demoiselle Framework is free software; you can redistribute it and/or
8   - * modify it under the terms of the GNU Lesser General Public License version 3
9   - * as published by the Free Software Foundation.
10   - *
11   - * This program is distributed in the hope that it will be useful,
12   - * but WITHOUT ANY WARRANTY; without even the implied warranty of
13   - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14   - * GNU General Public License for more details.
15   - *
16   - * You should have received a copy of the GNU Lesser General Public License version 3
17   - * along with this program; if not, see <http://www.gnu.org/licenses/>
18   - * or write to the Free Software Foundation, Inc., 51 Franklin Street,
19   - * Fifth Floor, Boston, MA 02110-1301, USA.
20   - * ----------------------------------------------------------------------------
21   - * Este arquivo é parte do Framework Demoiselle.
22   - *
23   - * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
24   - * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
25   - * do Software Livre (FSF).
26   - *
27   - * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
28   - * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
29   - * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
30   - * para maiores detalhes.
31   - *
32   - * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
33   - * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
34   - * ou escreva para a Fundação do Software Livre (FSF) Inc.,
35   - * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
36   - */
37   -package org.demoiselle.jee.security;
38   -
39   -import java.io.Serializable;
40   -
41   -/**
42   - * <p>
43   - * This interface represents an event fired just after the user unauthenticates.
44   - * </p>
45   - *
46   - * @author SERPRO
47   - */
48   -public interface AfterLogoutSuccessful extends Serializable {
49   -
50   -}
security/src/main/java/org/demoiselle/jee/security/Authenticator.java
View file @bb29ed7
... ... @@ -1,89 +0,0 @@
1   -/*
2   - * Demoiselle Framework
3   - * Copyright (C) 2010 SERPRO
4   - * ----------------------------------------------------------------------------
5   - * This file is part of Demoiselle Framework.
6   - *
7   - * Demoiselle Framework is free software; you can redistribute it and/or
8   - * modify it under the terms of the GNU Lesser General Public License version 3
9   - * as published by the Free Software Foundation.
10   - *
11   - * This program is distributed in the hope that it will be useful,
12   - * but WITHOUT ANY WARRANTY; without even the implied warranty of
13   - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14   - * GNU General Public License for more details.
15   - *
16   - * You should have received a copy of the GNU Lesser General Public License version 3
17   - * along with this program; if not, see <http://www.gnu.org/licenses/>
18   - * or write to the Free Software Foundation, Inc., 51 Franklin Street,
19   - * Fifth Floor, Boston, MA 02110-1301, USA.
20   - * ----------------------------------------------------------------------------
21   - * Este arquivo é parte do Framework Demoiselle.
22   - *
23   - * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
24   - * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
25   - * do Software Livre (FSF).
26   - *
27   - * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
28   - * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
29   - * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
30   - * para maiores detalhes.
31   - *
32   - * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
33   - * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
34   - * ou escreva para a Fundação do Software Livre (FSF) Inc.,
35   - * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
36   - */
37   -package org.demoiselle.jee.security;
38   -
39   -import java.io.Serializable;
40   -import java.security.Principal;
41   -
42   -/**
43   - * <p>
44   - * Defines the methods that should be implemented by anyone who wants an authentication mechanism.
45   - * </p>
46   - *
47   - * @author SERPRO
48   - */
49   -public interface Authenticator extends Serializable {
50   -
51   - /**
52   - * <p>
53   - * Executes the necessary steps to authenticate an user. After this call, {@link #getUser()} must return
54   - * the currently authenticated user, or <code>null</code> if the authentication process fails.
55   - * </p>
56   - *
57   - * @throws InvalidCredentialsException
58   - * You should throw this exception when the informed credentials are invalid.
59   - *
60   - * @throws Exception
61   - * If the underlying authentication mechanism throwns any other exception,
62   - * just throw it and leave the security context implementation to handle it.
63   - */
64   - void authenticate() throws Exception;
65   -
66   - /**
67   - * <p>
68   - * Executes the necessary steps to unauthenticate an user. After this call, {@link #getUser()} must return <code>null</code>.
69   - * </p>
70   - *
71   - * @throws Exception
72   - * If the underlying authentication mechanism throwns any other exception,
73   - * just throw it and leave the security context implementation to handle it.
74   - */
75   - void unauthenticate() throws Exception;
76   -
77   - /**
78   - * <p>
79   - * Returns the currently authenticated user.
80   - * </p>
81   - *
82   - * @return the user currently authenticated, or <code>null</code> if there is no
83   - * authenticated user.
84   - *
85   - * @see #authenticate()
86   - * @see #unauthenticate()
87   - */
88   - Principal getUser();
89   -}
security/src/main/java/org/demoiselle/jee/security/Authorizer.java
View file @bb29ed7
... ... @@ -1,75 +0,0 @@
1   -/*
2   - * Demoiselle Framework
3   - * Copyright (C) 2010 SERPRO
4   - * ----------------------------------------------------------------------------
5   - * This file is part of Demoiselle Framework.
6   - *
7   - * Demoiselle Framework is free software; you can redistribute it and/or
8   - * modify it under the terms of the GNU Lesser General Public License version 3
9   - * as published by the Free Software Foundation.
10   - *
11   - * This program is distributed in the hope that it will be useful,
12   - * but WITHOUT ANY WARRANTY; without even the implied warranty of
13   - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14   - * GNU General Public License for more details.
15   - *
16   - * You should have received a copy of the GNU Lesser General Public License version 3
17   - * along with this program; if not, see <http://www.gnu.org/licenses/>
18   - * or write to the Free Software Foundation, Inc., 51 Franklin Street,
19   - * Fifth Floor, Boston, MA 02110-1301, USA.
20   - * ----------------------------------------------------------------------------
21   - * Este arquivo é parte do Framework Demoiselle.
22   - *
23   - * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
24   - * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
25   - * do Software Livre (FSF).
26   - *
27   - * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
28   - * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
29   - * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
30   - * para maiores detalhes.
31   - *
32   - * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
33   - * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
34   - * ou escreva para a Fundação do Software Livre (FSF) Inc.,
35   - * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
36   - */
37   -package org.demoiselle.jee.security;
38   -
39   -import java.io.Serializable;
40   -
41   -/**
42   - * <p>
43   - * Defines the methods that should be implemented by anyone who wants an authorization mechanism.
44   - * </p>
45   - *
46   - * @author SERPRO
47   - */
48   -public interface Authorizer extends Serializable {
49   -
50   - /**
51   - * <p>
52   - * Checks if the logged user has a specific role.
53   - * </p>
54   - *
55   - * @param role role to be checked.
56   - * @return {@code true} if the user has the role.
57   - * @throws Exception if the underlying permission checking mechanism throwns any other exception,
58   - * just throw it and leave the security context implementation to handle it.
59   - */
60   - boolean hasRole(String role) throws Exception;
61   -
62   - /**
63   - * <p>
64   - * Checks if the logged user has permission to execute a specific operation on a specific resource.
65   - * </p>
66   - *
67   - * @param resource resource to be checked.
68   - * @param operation operation to be checked.
69   - * @return {@code true} if the user has the permission.
70   - * @throws Exception if the underlying permission checking mechanism throwns any other exception,
71   - * just throw it and leave the security context implementation to handle it.
72   - */
73   - boolean hasPermission(String resource, String operation) throws Exception;
74   -
75   -}
security/src/main/java/org/demoiselle/jee/security/JaxRsFilter.java 0 → 100644
  Diff comments   View file @ecc7cab
... ... @@ -0,0 +1,61 @@
  1 +/*
  2 + * To change this license header, choose License Headers in Project Properties.
  3 + * To change this template file, choose Tools | Templates
  4 + * and open the template in the editor.
  5 + */
  6 +package org.demoiselle.jee.security;
  7 +
  8 +import java.util.logging.Logger;
  9 +import javax.annotation.PostConstruct;
  10 +import javax.inject.Inject;
  11 +import javax.ws.rs.client.ClientRequestContext;
  12 +import javax.ws.rs.client.ClientRequestFilter;
  13 +import javax.ws.rs.client.ClientResponseContext;
  14 +import javax.ws.rs.client.ClientResponseFilter;
  15 +import javax.ws.rs.container.ContainerRequestContext;
  16 +import javax.ws.rs.container.ContainerRequestFilter;
  17 +import javax.ws.rs.container.ContainerResponseContext;
  18 +import javax.ws.rs.container.ContainerResponseFilter;
  19 +import javax.ws.rs.container.PreMatching;
  20 +import javax.ws.rs.ext.Provider;
  21 +
  22 +/**
  23 + *
  24 + * @author 70744416353
  25 + */
  26 +@Provider
  27 +@PreMatching
  28 +public class JaxRsFilter implements ClientRequestFilter, ClientResponseFilter, ContainerRequestFilter, ContainerResponseFilter {
  29 +
  30 + @Inject
  31 + private Logger LOG;
  32 +
  33 + @Inject
  34 + private SecurityContext securityContext;
  35 +
  36 + @Override
  37 + public void filter(ClientRequestContext requestContext) {
  38 + String token = requestContext.getHeaders().get("Authorization").toString();
  39 + if (!token.isEmpty()) {
  40 + securityContext.setToken(token);
  41 + }
  42 + }
  43 +
  44 + @Override
  45 + public void filter(ClientRequestContext requestContext, ClientResponseContext responseContext) {
  46 + }
  47 +
  48 + @Override
  49 + public void filter(ContainerRequestContext requestContext) {
  50 + }
  51 +
  52 + @Override
  53 + public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) {
  54 + responseContext.getHeaders().putSingle("Authorization", "Basic");
  55 + }
  56 +
  57 + @PostConstruct
  58 + public void init() {
  59 + LOG.info("Demoiselle Module - Security");
  60 + }
  61 +}
... ...
security/src/main/java/org/demoiselle/jee/security/SecurityContext.java
  Diff comments   View file @ecc7cab
... ... @@ -38,6 +38,10 @@ package org.demoiselle.jee.security;
38 38  
39 39 import java.io.Serializable;
40 40 import java.security.Principal;
  41 +import java.util.Map;
  42 +import java.util.Set;
  43 +import org.demoiselle.jee.security.exception.AuthorizationException;
  44 +import org.demoiselle.jee.security.exception.NotLoggedInException;
41 45  
42 46 /**
43 47 * <p>
... ... @@ -48,72 +52,65 @@ import java.security.Principal;
48 52 */
49 53 public interface SecurityContext extends Serializable {
50 54  
51   - /**
52   - * Executes the login of a user to the application.
53   - *
54   - * @throws AuthenticationException
55   - * When the logon process fails, this exception is thrown.
56   - * @throws InvalidCredentialsException
57   - * When the user's credentials coudn't be validated. InvalidCredentialsException is a special case of
58   - * AuthenticationException.
59   - */
60   - void login();
  55 + /**
  56 + * Checks if a specific user is logged in.
  57 + *
  58 + * @return {@code true} if the user is logged in
  59 + */
  60 + boolean isLoggedIn();
61 61  
62   - /**
63   - * Executes the logout of a user.
64   - *
65   - * @throws AuthenticationException
66   - * When the logout process fails, this exception is thrown.
67   - */
68   - void logout();
  62 + /**
  63 + * @throws NotLoggedInException if there is no user logged in a specific
  64 + * session
  65 + */
  66 + void checkLoggedIn();
69 67  
70   - /**
71   - * Checks if a specific user is logged in.
72   - *
73   - * @return {@code true} if the user is logged in
74   - */
75   - boolean isLoggedIn();
  68 + /**
  69 + * Checks if the logged user has permission to execute an specific operation
  70 + * on a specific resource.
  71 + *
  72 + * @param resource resource to be checked
  73 + * @param operation operation to be checked
  74 + * @return {@code true} if the user has the permission
  75 + * @throws AuthorizationException When the permission checking fails, this
  76 + * exception is thrown.
  77 + * @throws NotLoggedInException if there is no user logged in a specific
  78 + * session.
  79 + */
  80 + boolean hasPermission(String resource, String operation);
76 81  
77   - /**
78   - * @throws NotLoggedInException
79   - * if there is no user logged in a specific session
80   - */
81   - void checkLoggedIn();
  82 + /**
  83 + * Checks if the logged user has an specific role
  84 + *
  85 + * @param role role to be checked
  86 + * @return {@code true} if the user has the role
  87 + * @throws AuthorizationException When the permission checking fails, this
  88 + * exception is thrown.
  89 + * @throws NotLoggedInException if there is no user logged in a specific
  90 + * session.
  91 + */
  92 + boolean hasRole(String role);
82 93  
83   - /**
84   - * Checks if the logged user has permission to execute an specific operation on a specific resource.
85   - *
86   - * @param resource
87   - * resource to be checked
88   - * @param operation
89   - * operation to be checked
90   - * @return {@code true} if the user has the permission
91   - * @throws AuthorizationException
92   - * When the permission checking fails, this exception is thrown.
93   - * @throws NotLoggedInException
94   - * if there is no user logged in a specific session.
95   - */
96   - boolean hasPermission(String resource, String operation);
  94 + /**
  95 + * Return the user logged in the session.
  96 + *
  97 + * @return the user logged in a specific authenticated session. If there is
  98 + * no active session {@code null} is returned.
  99 + */
  100 + Principal getUser();
97 101  
98   - /**
99   - * Checks if the logged user has an specific role
100   - *
101   - * @param role
102   - * role to be checked
103   - * @return {@code true} if the user has the role
104   - * @throws AuthorizationException
105   - * When the permission checking fails, this exception is thrown.
106   - * @throws NotLoggedInException
107   - * if there is no user logged in a specific session.
108   - */
109   - boolean hasRole(String role);
  102 + void setUser(Principal principal);
110 103  
111   - /**
112   - * Return the user logged in the session.
113   - *
114   - * @return the user logged in a specific authenticated session. If there is no active session {@code null} is
115   - * returned.
116   - */
117   - Principal getUser();
  104 + String getToken();
  105 +
  106 + void setToken(String token);
  107 +
  108 + void setRoles(Set<String> roles);
  109 +
  110 + void setPermission(Map<String, String> permissions);
  111 +
  112 + Set<String> getResources(String operation);
  113 +
  114 + Set<String> getOperations(String resources);
118 115  
119 116 }
... ...
security/src/main/java/org/demoiselle/jee/security/TokensManager.java 0 → 100644
  Diff comments   View file @ecc7cab
... ... @@ -0,0 +1,63 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security;
  38 +
  39 +import java.io.Serializable;
  40 +import java.security.Principal;
  41 +import java.util.Map;
  42 +import java.util.Set;
  43 +import org.demoiselle.jee.security.exception.AuthorizationException;
  44 +import org.demoiselle.jee.security.exception.NotLoggedInException;
  45 +
  46 +/**
  47 + * <p>
  48 + * Structure used to handle both authentication and authorizations mechanisms.
  49 + * </p>
  50 + *
  51 + * @author SERPRO
  52 + */
  53 +public interface TokensManager extends Serializable {
  54 +
  55 + Principal getUser(String token);
  56 +
  57 + String create(Principal user);
  58 +
  59 + void remove(String token);
  60 +
  61 + boolean validate(String token);
  62 +
  63 +}
... ...
security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java
View file @bb29ed7
... ... @@ -1,231 +0,0 @@
1   -package org.demoiselle.jee.security.impl;
2   -
3   -import javax.enterprise.context.Dependent;
4   -import javax.enterprise.inject.spi.CDI;
5   -import javax.inject.Named;
6   -import java.io.Serializable;
7   -import java.security.Principal;
8   -import org.demoiselle.jee.core.annotation.literal.NameQualifier;
9   -import org.demoiselle.jee.core.annotation.literal.StrategyQualifier;
10   -import org.demoiselle.jee.core.exception.DemoiselleException;
11   -import org.demoiselle.jee.core.util.ResourceBundle;
12   -import org.demoiselle.jee.security.AfterLoginSuccessful;
13   -import org.demoiselle.jee.security.AfterLogoutSuccessful;
14   -import org.demoiselle.jee.security.Authenticator;
15   -import org.demoiselle.jee.security.Authorizer;
16   -import org.demoiselle.jee.security.SecurityContext;
17   -import org.demoiselle.jee.security.exception.AuthenticationException;
18   -import org.demoiselle.jee.security.exception.AuthorizationException;
19   -import org.demoiselle.jee.security.exception.NotLoggedInException;
20   -
21   -/**
22   - * <p>
23   - * This is the default implementation of {@link SecurityContext} interface.
24   - * </p>
25   - *
26   - * @author SERPRO
27   - */
28   -@Dependent
29   -@Named("securityContext")
30   -public class SecurityContextImpl implements SecurityContext {
31   -
32   - private static final long serialVersionUID = 1L;
33   -
34   - private transient ResourceBundle bundle;
35   -
36   - private Authenticator authenticator;
37   -
38   - private Authorizer authorizer;
39   -
40   - private Authenticator getAuthenticator() {
41   - if (this.authenticator == null) {
42   - Class<? extends Authenticator> type = getConfig().getAuthenticatorClass();
43   -
44   - if (type != null) {
45   - this.authenticator = CDI.current().select(type).get(); //Beans.getReference(type);
46   - } else {
47   - this.authenticator = CDI.current().select(Authenticator.class, new StrategyQualifier()).get(); // Beans.getReference(Authenticator.class, new StrategyQualifier());
48   - }
49   - }
50   -
51   - return this.authenticator;
52   - }
53   -
54   - private Authorizer getAuthorizer() {
55   - if (this.authorizer == null) {
56   - Class<? extends Authorizer> type = getConfig().getAuthorizerClass();
57   -
58   - if (type != null) {
59   - this.authorizer = CDI.current().select(type).get(); //Beans.getReference(type);
60   - } else {
61   - this.authorizer = CDI.current().select(Authorizer.class, new StrategyQualifier()).get(); //Beans.getReference(Authorizer.class, new StrategyQualifier());
62   - }
63   - }
64   -
65   - return this.authorizer;
66   - }
67   -
68   - /**
69   - * @see org.demoiselle.security.SecurityContext#hasPermission(String,
70   - * String)
71   - */
72   - @Override
73   - public boolean hasPermission(String resource, String operation) {
74   - boolean result = true;
75   -
76   - if (getConfig().isEnabled()) {
77   - checkLoggedIn();
78   -
79   - try {
80   - result = getAuthorizer().hasPermission(resource, operation);
81   -
82   - } catch (DemoiselleException cause) {
83   - throw cause;
84   -
85   - } catch (Exception cause) {
86   - throw new AuthorizationException(cause);
87   - }
88   - }
89   -
90   - return result;
91   - }
92   -
93   - /**
94   - * @see org.demoiselle.security.SecurityContext#hasRole(String)
95   - */
96   - @Override
97   - public boolean hasRole(String role) {
98   - boolean result = true;
99   -
100   - if (getConfig().isEnabled()) {
101   - checkLoggedIn();
102   -
103   - try {
104   - result = getAuthorizer().hasRole(role);
105   -
106   - } catch (DemoiselleException cause) {
107   - throw cause;
108   -
109   - } catch (Exception cause) {
110   - throw new AuthorizationException(cause);
111   - }
112   - }
113   -
114   - return result;
115   - }
116   -
117   - /**
118   - * @see org.demoiselle.security.SecurityContext#isLoggedIn()
119   - */
120   - @Override
121   - public boolean isLoggedIn() {
122   - boolean result = true;
123   -
124   - if (getConfig().isEnabled()) {
125   - result = getUser() != null;
126   - }
127   -
128   - return result;
129   - }
130   -
131   - /**
132   - * @see org.demoiselle.security.SecurityContext#login()
133   - */
134   - @Override
135   - public void login() {
136   - if (getConfig().isEnabled()) {
137   -
138   - try {
139   - getAuthenticator().authenticate();
140   -
141   - } catch (DemoiselleException cause) {
142   - throw cause;
143   -
144   - } catch (Exception cause) {
145   - throw new AuthenticationException(cause);
146   - }
147   -
148   - CDI.current().getBeanManager().fireEvent(new AfterLoginSuccessful() {
149   -
150   - private static final long serialVersionUID = 1L;
151   - });
152   -// Beans.getBeanManager().fireEvent(new AfterLoginSuccessful() {
153   -//
154   -// private static final long serialVersionUID = 1L;
155   -// });
156   - }
157   - }
158   -
159   - /**
160   - * @see org.demoiselle.security.SecurityContext#logout()
161   - */
162   - @Override
163   - public void logout() throws NotLoggedInException {
164   - if (getConfig().isEnabled()) {
165   - checkLoggedIn();
166   -
167   - try {
168   - getAuthenticator().unauthenticate();
169   -
170   - } catch (DemoiselleException cause) {
171   - throw cause;
172   -
173   - } catch (Exception cause) {
174   - throw new AuthenticationException(cause);
175   - }
176   -
177   - CDI.current().getBeanManager().fireEvent(new AfterLogoutSuccessful() {
178   -
179   - private static final long serialVersionUID = 1L;
180   - });
181   -// Beans.getBeanManager().fireEvent(new AfterLogoutSuccessful() {
182   -//
183   -// private static final long serialVersionUID = 1L;
184   -// });
185   - }
186   - }
187   -
188   - /**
189   - * @see org.demoiselle.security.SecurityContext#getUser()
190   - */
191   - @Override
192   - public Principal getUser() {
193   - Principal user = getAuthenticator().getUser();
194   -
195   - if (!getConfig().isEnabled() && user == null) {
196   - user = new EmptyUser();
197   - }
198   -
199   - return user;
200   - }
201   -
202   - private SecurityConfig getConfig() {
203   - return CDI.current().select(SecurityConfig.class).get();
204   -// return Beans.getReference(SecurityConfig.class);
205   - }
206   -
207   - public void checkLoggedIn() throws NotLoggedInException {
208   - if (!isLoggedIn()) {
209   - throw new NotLoggedInException(getBundle().getString("user-not-authenticated"));
210   - }
211   - }
212   -
213   - private ResourceBundle getBundle() {
214   - if (bundle == null) {
215   - bundle = CDI.current().select(ResourceBundle.class, new NameQualifier("demoiselle-core-bundle")).get();
216   -// bundle = Beans.getReference(ResourceBundle.class, new NameQualifier("demoiselle-core-bundle"));
217   - }
218   -
219   - return bundle;
220   - }
221   -
222   - private static class EmptyUser implements Principal, Serializable {
223   -
224   - private static final long serialVersionUID = 1L;
225   -
226   - @Override
227   - public String getName() {
228   - return "demoiselle";
229   - }
230   - }
231   -}
security/src/main/java/org/demoiselle/jee/security/interceptor/LoggedInInterceptor.java
  Diff comments   View file @ecc7cab
... ... @@ -34,7 +34,6 @@
34 34 * ou escreva para a Fundação do Software Livre (FSF) Inc.,
35 35 * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
36 36 */
37   -
38 37 package org.demoiselle.jee.security.interceptor;
39 38  
40 39 import javax.annotation.Priority;
... ... @@ -48,16 +47,15 @@ import org.demoiselle.jee.security.SecurityContext;
48 47  
49 48 /**
50 49 * <p>
51   - *Intercepts calls with {@link LoggedIn} annotations.
  50 + * Intercepts calls with {@link LoggedIn} annotations.
52 51 * </p>
53 52 *
54 53 * @author SERPRO
55 54 */
56   -
57 55 @LoggedIn
58 56 @Interceptor
59 57 @Priority(Interceptor.Priority.APPLICATION)
60   -public class LoggedInInterceptor implements Serializable{
  58 +public class LoggedInInterceptor implements Serializable {
61 59  
62 60 private static final long serialVersionUID = 1L;
63 61  
... ...
security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java
  Diff comments   View file @ecc7cab
... ... @@ -140,6 +140,5 @@ public class RequiredPermissionInterceptor implements Serializable {
140 140  
141 141 private SecurityContext getSecurityContext() {
142 142 return CDI.current().select(SecurityContext.class).get();
143   -// return Beans.getReference(SecurityContext.class);
144 143 }
145 144 }
... ...
security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java
  Diff comments   View file @ecc7cab
... ... @@ -106,7 +106,6 @@ public class RequiredRoleInterceptor implements Serializable {
106 106  
107 107 private SecurityContext getSecurityContext() {
108 108 return CDI.current().select(SecurityContext.class).get();
109   -// return Beans.getReference(SecurityContext.class);
110 109 }
111 110  
112 111 }
... ...
security/src/main/resources/demoiselle-security-bundle.properties 0 → 100644
  Diff comments   View file @ecc7cab
... ... @@ -0,0 +1,130 @@
  1 +# Demoiselle Framework
  2 +# Copyright (C) 2010 SERPRO
  3 +# ----------------------------------------------------------------------------
  4 +# This file is part of Demoiselle Framework.
  5 +#
  6 +# Demoiselle Framework is free software; you can redistribute it and/or
  7 +# modify it under the terms of the GNU Lesser General Public License version 3
  8 +# as published by the Free Software Foundation.
  9 +#
  10 +# This program is distributed in the hope that it will be useful,
  11 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13 +# GNU General Public License for more details.
  14 +#
  15 +# You should have received a copy of the GNU Lesser General Public License version 3
  16 +# along with this program; if not, see <http://www.gnu.org/licenses/>
  17 +# or write to the Free Software Foundation, Inc., 51 Franklin Street,
  18 +# Fifth Floor, Boston, MA 02110-1301, USA.
  19 +# ----------------------------------------------------------------------------
  20 +# Este arquivo \u00E9 parte do Framework Demoiselle.
  21 +#
  22 +# O Framework Demoiselle \u00E9 um software livre; voc\u00EA pode redistribu\u00ED-lo e/ou
  23 +# modific\u00E1-lo dentro dos termos da GNU LGPL vers\u00E3o 3 como publicada pela Funda\u00E7\u00E3o
  24 +# do Software Livre (FSF).
  25 +#
  26 +# Este programa \u00E9 distribu\u00EDdo na esperan\u00E7a que possa ser \u00FAtil, mas SEM NENHUMA
  27 +# GARANTIA; sem uma garantia impl\u00EDcita de ADEQUA\u00C7\u00C3O a qualquer MERCADO ou
  28 +# APLICA\u00C7\u00C3O EM PARTICULAR. Veja a Licen\u00E7a P\u00FAblica Geral GNU/LGPL em portugu\u00EAs
  29 +# para maiores detalhes.
  30 +#
  31 +# Voc\u00EA deve ter recebido uma c\u00F3pia da GNU LGPL vers\u00E3o 3, sob o t\u00EDtulo
  32 +# "LICENCA.txt", junto com esse programa. Se n\u00E3o, acesse <http://www.gnu.org/licenses/>
  33 +# ou escreva para a Funda\u00E7\u00E3o do Software Livre (FSF) Inc.,
  34 +# 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  35 +
  36 +version=${project.version}
  37 +engine-on=Iniciando o Demoiselle Framework ${project.version} (Neo)
  38 +resource-not-found=Arquivo {0} n\u00E3o foi encontrado
  39 +key-not-found=A chave {0} n\u00E3o foi encontrada
  40 +ambiguous-strategy-resolution=Foi detectada ambiguidade da interface {0} com as seguintes implementa\u00E7\u00F5es\: {1}. Para resolver o conflito, defina explicitamente a implementa\u00E7\u00E3o no demoiselle.properties.
  41 +ambiguous-bean-resolution=Falha ao obter {0} pois foi detectada ambiguidade nas seguintes implementa\u00E7\u00F5es\: {1}
  42 +bean-not-found=Voc\u00EA est\u00E1 tentando obter um objeto n\u00E3o reconhecido pelo CDI via Beans.getReference({0})
  43 +store-not-found=O objeto do tipo [{0}] n\u00E3o pode ser armazenado no escopo indicado\: {1}
  44 +more-than-one-exceptionhandler-defined-for-same-class=Foi definido mais de um m\u00E9todo na classe {0} para tratar a exce\u00E7\u00E3o {1}
  45 +handling-exception=Tratando a exce\u00E7\u00E3o {0}
  46 +taking-off=O Demoiselle ${project.version} decolou
  47 +engine-off=Desligando os motores do Demoiselle ${project.version}
  48 +setting-up-bean-manager=BeanManager dispon\u00EDvel atrav\u00E9s do utilit\u00E1rio {0}
  49 +
  50 +user-transaction-lookup-fail=N\u00E3o foi encontrada nenhuma transa\u00E7\u00E3o com o nome {0} no contexto JNDI
  51 +transactional-execution=Execu\u00E7\u00E3o transacional de {0}
  52 +begin-transaction=Transa\u00E7\u00E3o iniciada
  53 +transaction-marked-rollback=Transa\u00E7\u00E3o marcada para rollback [{0}]
  54 +transaction-already-finalized=A transa\u00E7\u00E3o j\u00E1 havia sido finalizada
  55 +transaction-commited=Transa\u00E7\u00E3o finalizada com sucesso
  56 +transaction-rolledback=Transa\u00E7\u00E3o finalizada com rollback
  57 +
  58 +bootstrap.configuration.processing=Processando {0}
  59 +bootstrap-context-already-managed=O contexto {0} para o escopo {1} j\u00E1 foi adicionado
  60 +bootstrap-context-added=Adicionando o contexto {0} para o escopo {1}
  61 +
  62 +loading-configuration-class=Carregando a classe de configura\u00E7\u00E3o {0}
  63 +configuration-field-loaded={0}: {2}
  64 +configuration-attribute-is-mandatory=A configura\u00E7\u00E3o {0} \u00E9 obrigat\u00F3ria, mas n\u00E3o foi encontrada em {1}
  65 +configuration-name-attribute-cant-be-empty=A nota\u00E7\u00E3o @Name n\u00E3o pode estar em branco
  66 +configuration-generic-extraction-error=Ocorreu um erro durante a extra\u00E7\u00E3o do tipo {0} com o extrator {1}
  67 +configuration-dot-after-prefix=N\u00E3o \u00E9 necess\u00E1rio adicionar o ponto ap\u00F3s o prefixo para uma classe de configura\u00E7\u00E3o. \u00C9 recomendado que sejam retirados, pois poder\u00E3o causar erros em vers\u00F5es futuras do Framework.
  68 +configuration-key-not-found={0}\: [n\u00E3o encontrada]
  69 +configuration-extractor-not-found=N\u00E3o foi poss\u00EDvel encontrar a classe extratora para o atributo {0}. Implemente a interface {1} para criar sua classe extratora.
  70 +configuration-not-conversion=N\u00E3o \u00E9 poss\u00EDvel converter o valor {0} para o tipo {1}
  71 +
  72 +transaction-not-defined=Nenhuma transa\u00E7\u00E3o foi definida. Para utilizar @{0} \u00E9 preciso definir a propriedade frameworkdemoiselle.transaction.class com a estrat\u00E9gia de transa\u00E7\u00E3o desejada no arquivo demoiselle.properties
  73 +executing-all=Executando m\u00E9todos anotados com @{0}
  74 +custom-context-selected=Produzindo inst\u00E2ncia do contexto {0}
  75 +custom-context-was-activated=O contexto {0} foi ativado para o escopo {1}
  76 +custom-context-was-deactivated=O contexto {0} foi desativado para o escopo {1}
  77 +custom-context-already-activated=N\u00E3o foi poss\u00EDvel ativar o contexto {0}, o escopo {1} j\u00E1 est\u00E1 ativo no contexto {2}
  78 +custom-context-not-found=N\u00E3o foi encontrado um contexto gerenciado do tipo [{0}] para o escopo [{1}]
  79 +custom-context-manager-not-initialized=ContextManager n\u00E3o foi inicializado. Chame [initialize] ao capturar o evento [AfterBeanDiscovery] em uma extens\u00E3o CDI
  80 +
  81 +error-creating-new-instance-for=Error creating a new instance for "{0}"
  82 +executed-successfully={0} execultado com sucesso
  83 +must-declare-one-single-parameter=Voc\u00EA deve declarar um par\u00E2metro \u00FAnico em {0}
  84 +loading-default-transaction-manager=Carregando o gerenciador de transa\u00E7\u00E3o padr\u00E3o {0}
  85 +results-count-greater-page-size=Quantidade de resultados {0} \u00E9 maior que o tamanho da p\u00E1gina {1}
  86 +page-result=Resultado paginado [p\u00E1gina\={0}, total de resultados\={1}]
  87 +pagination-not-initialized=Pagina\u00E7\u00E3o n\u00E3o inicializada. Inicialize o sistema de pagina\u00E7\u00E3o definindo a p\u00E1gina atual ou o total de resultados ao menos uma vez na requisi\u00E7\u00E3o.
  88 +pagination-invalid-value=Valor inv\u00E1lido para paginador: [{0}].
  89 +page=P\u00E1gina [n\u00FAmero\={0}, tamanho\={1}]
  90 +processing=Processando\: {0}
  91 +processing-fail=Falha no processamento devido a uma exce\u00E7\u00E3o lan\u00E7ada pela aplica\u00E7\u00E3o
  92 +for= \ para\:
  93 +file-not-found=O arquivo {0} n\u00E3o foi encontrado
  94 +
  95 +adding-message-to-context=Adicionando uma mensagem no contexto: [{0}]
  96 +access-checking=Verificando permiss\u00E3o do usu\u00E1rio {0} para executar a a\u00E7\u00E3o {1} no recurso {2}
  97 +access-allowed=O usu\u00E1rio {0} acessou o recurso {2} com a a\u00E7\u00E3o {1}
  98 +access-denied=O usu\u00E1rio {0} n\u00E3o possui permiss\u00E3o para executar a a\u00E7\u00E3o {1} no recurso {2}
  99 +access-denied-ui=Voc\u00EA n\u00E3o est\u00E1 autorizado a executar a a\u00E7\u00E3o {1} no recurso {0}
  100 +authorizer-not-defined=Nenhuma regra de resolu\u00E7\u00E3o de permiss\u00F5es foi definida. Para utilizar @{0} \u00E9 preciso definir a propriedade frameworkdemoiselle.security.authorizer.class como regra de resolu\u00E7\u00E3o de permiss\u00F5es desejada no arquivo demoiselle.properties.
  101 +user-not-authenticated=Usu\u00E1rio n\u00E3o autenticado
  102 +invalid-credentials=Usu\u00E1rio ou senha inv\u00E1lidos
  103 +has-role-verification=Verificando se o usu\u00E1rio {0} possui a(s) role(s)\: {1}
  104 +does-not-have-role=Usu\u00E1rio {0} n\u00E3o possui a(s) role(s)\: {1}
  105 +does-not-have-role-ui=Para acessar este recurso \u00E9 necess\u00E1rio ser {0}
  106 +user-has-role=Usu\u00E1rio {0} possui a(s) role(s)\: {1}
  107 +
  108 +authenticator-not-defined=Nenhum mecanismo de autentica\u00E7\u00E3o foi definido. Para utilizar {0} \u00E9 preciso definir a propriedade frameworkdemoiselle.security.authenticator.class como mecanismo de autentica\u00E7\u00E3o desejado no arquivo demoiselle.properties.
  109 +
  110 +management-notification-attribute-changed=O atributo [{0}] da classe gerenciada [{1}] foi alterado
  111 +management-null-class-defined=O controlador de gerenciamento informado n\u00E3o pode ser [null]
  112 +management-abstract-class-defined=O controlador de gerenciamento [{0}] precisa ser uma classe concreta
  113 +management-no-annotation-found=Classe {0} precisa ser anotada com @ManagementController
  114 +management-invalid-property-no-getter-setter=Falha ao inicializar classe gerenciada {0}, n\u00E3o foi encontrado um m\u00E9todo get ou m\u00E9todo set para a propriedade {1}
  115 +management-invalid-property-as-operation=Falha ao inicializar classe gerenciada {0}, n\u00E3o \u00E9 poss\u00EDvel declarar uma propriedade cujo m\u00E9todo get ou set \u00E9 uma opera\u00E7\u00E3o
  116 +management-introspection-error=Erro ao ler atributos da classe gerenciada {0}
  117 +management-type-not-found=A classe gerenciada informada n\u00E3o existe\: {0}
  118 +management-invoke-error=Erro ao tentar invocar a opera\u00E7\u00E3o "{0}" da classe gerenciada, a opera\u00E7\u00E3o n\u00E3o foi encontrada
  119 +management-write-value-error=N\u00E3o foi poss\u00EDvel definir um valor para a propriedade {0}
  120 +management-read-value-error=N\u00E3o foi poss\u00EDvel ler o valor da propriedade {0}
  121 +management-debug-acessing-property=Acessando propriedade {0} da classe gerenciada {1}
  122 +management-debug-setting-property=Definindo novo valor para propriedade {0} da classe gerenciada {1}
  123 +management-debug-invoking-operation=Invocando opera\u00E7\u00E3o {0} da classe gerenciada {1}
  124 +management-debug-starting-custom-context=Levantando contexto {0} para executar comando na classe gerenciada {1}
  125 +management-debug-stoping-custom-context=Desligando contexto {0} para classe gerenciada {1}
  126 +management-debug-registering-managed-type=Registrando classe gerenciada [{0}]
  127 +management-debug-processing-management-extension=Processando extens\u00E3o de gerenciamento [{0}]
  128 +management-debug-removing-management-extension=Desativando extens\u00E3o de gerenciamento [{0}]
  129 +management-validation-constraint-violation=Ocorreu um erro de valida\u00E7\u00E3o na classe [{0}] ao definir um valor para a propriedade [{1}]\: [{2}]
  130 +management-validation-validator-not-found=Nenhum provedor de valida\u00E7\u00E3o de beans encontrado, as anota\u00E7\u00F5es de valida\u00E7\u00E3o n\u00E3o ser\u00E3o processadas
... ...
security/src/main/resources/demoiselle.properties 0 → 100644
  Diff comments   View file @ecc7cab
ws/src/main/java/org/demoiselle/jee/ws/JaxRsFilter.java
  Diff comments   View file @ecc7cab
... ... @@ -44,11 +44,9 @@ public class JaxRsFilter implements ClientRequestFilter, ClientResponseFilter, C
44 44  
45 45 @Override
46 46 public void filter(ContainerRequestContext requestContext, ContainerResponseContext response) {
47   -
48   - response.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
49   - response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE");
50   - response.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type");
51   -
  47 + response.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
  48 + response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE");
  49 + response.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type");
52 50 }
53 51  
54 52 @PostConstruct
... ...