EntityPermissionChecker.java

package org.jboss.seam.security;

import static org.jboss.seam.ScopeType.APPLICATION;
import static org.jboss.seam.annotations.Install.BUILT_IN;

import java.lang.reflect.Method;

import javax.persistence.EntityManager;

import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.persistence.PersistenceProvider;
import org.jboss.seam.util.Strings;

/**
 * Entity permission checks
 * 
 * @author Shane Bryzak
 */
@Name("org.jboss.seam.security.entityPermissionChecker")
@Scope(APPLICATION)
@Install(precedence = BUILT_IN)
@BypassInterceptors
@Startup
public class EntityPermissionChecker
{
   private String entityManagerName = "entityManager";
   
   private EntityManager getEntityManager()
   {
      return (EntityManager) Component.getInstance(entityManagerName);
   }
   
   public String getEntityManagerName()
   {
      return entityManagerName;
   }
   
   public void setEntityManagerName(String name)
   {
      this.entityManagerName = name;
   } 
   
   public static EntityPermissionChecker instance()
   {
      if ( !Contexts.isApplicationContextActive() )
      {
         throw new IllegalStateException("No active application context");
      }

      EntityPermissionChecker instance = (EntityPermissionChecker) Component.getInstance(
            EntityPermissionChecker.class, ScopeType.APPLICATION);

      if (instance == null)
      {
         throw new IllegalStateException("No EntityPermissionChecker could be created");
      }

      return instance;      
   }
   
   public void checkEntityPermission(Object entity, EntityAction action)
   {      
      if (!Identity.isSecurityEnabled()) return;
      
      if (!Contexts.isSessionContextActive()) return;
      
      Identity identity = Identity.instance();
      
      identity.tryLogin();
      
      PersistenceProvider provider = PersistenceProvider.instance(); 
      Class beanClass = provider.getBeanClass(entity);
      
      if (beanClass != null)
      {        
         Method m = null;
         switch (action)
         {
            case READ:
               m = provider.getPostLoadMethod(entity, getEntityManager());
               break;
            case INSERT:
               m = provider.getPrePersistMethod(entity, getEntityManager());
               break;
            case UPDATE:
               m = provider.getPreUpdateMethod(entity, getEntityManager());
               break;
            case DELETE:
               m = provider.getPreRemoveMethod(entity, getEntityManager());
         }
         
         Restrict restrict = null;
         
         if (m != null && m.isAnnotationPresent(Restrict.class))
         {
            restrict = m.getAnnotation(Restrict.class);
         }
         else if (entity.getClass().isAnnotationPresent(Restrict.class))
         {
            restrict = entity.getClass().getAnnotation(Restrict.class);
         }

         if (restrict != null)
         {
            if (Strings.isEmpty(restrict.value()))
            {
               identity.checkPermission(entity, action.toString());
            }
            else
            {
               identity.checkRestriction(restrict.value());
            }
         }
      }
   }  
}