Wouldn't that make more sense?
Ii will check authentication only when @RolesAllowed is present.
if (element.isAnnotationPresent(DenyAll.class))
{
// The element denies access.
allowed = false;
}
else if (element.isAnnotationPresent(PermitAll.class))
{
// The element allows access to all security roles (i.e.
any authenticated user).
allowed = isUserAuthenticated(bean, handler);
}
else
{
RolesAllowed rolesAllowed =
element.getAnnotation(RolesAllowed.class);
if (rolesAllowed != null)
{
// Still need to check if the users is authorized
allowed = isUserAuthenticated(bean, handler);
if (allowed == null || allowed.booleanValue()) {
// The element allows access if the user has
one of the specified roles.
allowed = false;
for (String role : rolesAllowed.value())
{
Boolean hasRole = hasRole(bean,
handler, role);
if (hasRole != null && hasRole)
{
allowed = true;
break;
}
}
}
}
}
Christian
De : Nathan Maves [mailto:nathan.ma...@gmail.com]
Envoyé : October-04-11 1:42 PM
À : Stripes Users List
Objet : Re: [Stripes-users] Stripes Stuff Security manager
Sure! I can do that. In fact just built it locally with my fix.
Here is what I came up with
if (element.isAnnotationPresent(DenyAll.class))
{
// The element denies access.
allowed = false;
}
else if (element.isAnnotationPresent(PermitAll.class))
{
// The element allows access to all
security roles (i.e. any authenticated user).
allowed = isUserAuthenticated(bean,
handler);
}
else
{
//Still need to check if the users is
authorized
allowed = isUserAuthenticated(bean,
handler);
RolesAllowed rolesAllowed =
element.getAnnotation(RolesAllowed.class);
if (allowed.booleanValue() &&
(rolesAllowed != null))
{
// The element allows access if
the user has one of the specified roles.
allowed = false;
for (String role :
rolesAllowed.value())
{
Boolean hasRole =
hasRole(bean, handler, role);
if (hasRole != null
&& hasRole)
{
allowed
= true;
break;
}
}
}
}
On Oct 4, 2011, at 11:28 AM, Poitras Christian wrote:
Hi Nathan,
I can commit the change if you plan to build it from source.
Christian
De : Nathan Maves [mailto:nathan.ma...@gmail.com]
Envoyé : October-04-11 12:17 PM
À : Stripes Users List
Objet : [Stripes-users] Stripes Stuff Security manager
Not sure if anyone is still working on this project. I just implemented it and
it is working great except for one small issue.
I have created a ticket but know one has even looked at it. Who maintains this
project?
http://sourceforge.net/tracker/?func=detail&aid=3382420&group_id=217148&atid=1039392
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net<mailto:Stripes-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/stripes-users
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users