seamログイン時の権限検証


声明:ここではseamのJPAの高度な権限検証は使用されていません.通常の権限検証です.高級な検証は私のブログにも説明があります!
    :
        :  users 、  permission ,role   。
   users   role    ,      user    role。  role      user。
   user     permission。

   JPA   :
        :  users 、  role 、  permission 。
         。
    

 
ログイン認証時のコード:
package cn.ctit.cms.session;

import static org.jboss.seam.ScopeType.SESSION;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.List;

import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;

import org.drools.WorkingMemory;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Out;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.permission.RuleBasedPermissionResolver;

import cn.ctit.cms.entity.Users;

@Stateless
@Name("authenticator")
public class AuthenticatorAction implements Authenticator 
{
    @In Identity identity;
    @In Credentials credentials;
    
    @In 
    RuleBasedPermissionResolver ruleBasedPermissionResolver;
    
    @PersistenceContext
    private EntityManager em;
    
    @Out(required=false, scope = SESSION)
    private Users user2;
   
    private short rolecount;
        
    @SuppressWarnings("unchecked")
    @Observer("org.jboss.seam.security.loginSuccessful")
     public void addrolepermission(){
    	    identity.addRole(String.valueOf(user2.getRole()));
    	    WorkingMemory wm = ruleBasedPermissionResolver.getSecurityContext();   
    	    for(Permission p:user2.getPermissionList()){ 
    		wm.insert(p);
    	    }	
      }
    
    
    @SuppressWarnings("unchecked")
    public boolean authenticate()
    {
    	try{
    		List results = em.createQuery("select u from Users u where u.username=:usern and u.password=:pass")
    						.setParameter("usern", credentials.getUsername())
    						.setParameter("pass", EncoderByMd5(credentials.getPassword()))
							.getResultList();
    		if(results.size() == 0){
        		FacesMessages.instance().addToControl("wrongmessage", "user name or password is not available !");
        		return false;
        	}else{
        		user2 = (Users) results.get(0);
        		if(user2.getEnable()!=null && user2.getEnable()){
        			return true;
        		}else{
        			FacesMessages.instance().addToControl("wrongmessage", "user is inactive !");
        			return false;
        		}
        	}
    	}catch (Exception ex){
    		ex.printStackTrace();
    		return false;
    	}
    	
    	
    }
        
}