seamログイン時の権限検証
声明:ここではseamのJPAの高度な権限検証は使用されていません.通常の権限検証です.高級な検証は私のブログにも説明があります!
ログイン認証時のコード:
:
: users 、 permission ,role 。
users role , user role。 role user。
user permission。
JPA :
: users 、 role 、 permission 。
。
ログイン認証時のコード:
package cn.ctit.cms.session;
import static org.jboss.seam.ScopeType.SESSION;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.drools.WorkingMemory;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Out;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.permission.RuleBasedPermissionResolver;
import cn.ctit.cms.entity.Users;
@Stateless
@Name("authenticator")
public class AuthenticatorAction implements Authenticator
{
@In Identity identity;
@In Credentials credentials;
@In
RuleBasedPermissionResolver ruleBasedPermissionResolver;
@PersistenceContext
private EntityManager em;
@Out(required=false, scope = SESSION)
private Users user2;
private short rolecount;
@SuppressWarnings("unchecked")
@Observer("org.jboss.seam.security.loginSuccessful")
public void addrolepermission(){
identity.addRole(String.valueOf(user2.getRole()));
WorkingMemory wm = ruleBasedPermissionResolver.getSecurityContext();
for(Permission p:user2.getPermissionList()){
wm.insert(p);
}
}
@SuppressWarnings("unchecked")
public boolean authenticate()
{
try{
List results = em.createQuery("select u from Users u where u.username=:usern and u.password=:pass")
.setParameter("usern", credentials.getUsername())
.setParameter("pass", EncoderByMd5(credentials.getPassword()))
.getResultList();
if(results.size() == 0){
FacesMessages.instance().addToControl("wrongmessage", "user name or password is not available !");
return false;
}else{
user2 = (Users) results.get(0);
if(user2.getEnable()!=null && user2.getEnable()){
return true;
}else{
FacesMessages.instance().addToControl("wrongmessage", "user is inactive !");
return false;
}
}
}catch (Exception ex){
ex.printStackTrace();
return false;
}
}
}