/** * Process the include and exclude elements, passing them on to the creator * manager. * @param javascript The name of the creator * @param parent The container of the include and exclude elements. */ private void processPermissions(String javascript, Element parent) { NodeList incNodes = parent.getElementsByTagName(ELEMENT_INCLUDE); for (int i = 0; i < incNodes.getLength(); i++) { Element include = (Element) incNodes.item(i); String method = include.getAttribute(ATTRIBUTE_METHOD); accessControl.addIncludeRule(javascript, method); if (include.hasAttribute(ATTRIBUTE_ROLE)) { String role = include.getAttribute(ATTRIBUTE_ROLE); accessControl.addRoleRestriction(javascript, method, role); } } NodeList excNodes = parent.getElementsByTagName(ELEMENT_EXCLUDE); for (int i = 0; i < excNodes.getLength(); i++) { Element include = (Element) excNodes.item(i); String method = include.getAttribute(ATTRIBUTE_METHOD); accessControl.addExcludeRule(javascript, method); } }
public MethodDeclaration[] getMethods() { if (methodDecls == null) { Class<?> creatorType = creator.getType(); Method[] methods = creatorType.getMethods(); ArrayList<MethodDeclaration> methodDeclsArray = new ArrayList<MethodDeclaration>(); for (Method method : methods) { Method unwrappedMethod = unwrapProxiedMethod(method); try { accessControl.assertMethodDisplayable(creatorType, unwrappedMethod); } catch (SecurityException ex) { if (!allowImpossibleTests) { continue; } } methodDeclsArray.add(new MethodDeclaration(unwrappedMethod)); } methodDecls = methodDeclsArray.toArray(new MethodDeclaration[0]); } return methodDecls; }
accessControl.addIncludeRule(scriptName, method.getName()); accessControl.addRoleRestriction(scriptName, method.getName(), role);
accessControl.assertGeneralExecutionIsPossible(call.getScriptName(), method);
accessControl.assertGeneralDisplayable(scriptName, method);
/** * J2EE role based method level security added here. * @param javascript The name of the creator * @param parent The container of the include and exclude elements. */ private void processAuth(String javascript, Element parent) { NodeList nodes = parent.getElementsByTagName(ELEMENT_AUTH); for (int i = 0; i < nodes.getLength(); i++) { Element include = (Element) nodes.item(i); String method = include.getAttribute(ATTRIBUTE_METHOD); String role = include.getAttribute(ATTRIBUTE_ROLE); accessControl.addRoleRestriction(javascript, method, role); } }
accessControl.assertMethodExecutionIsPossible(creator.getType(), method);
accessControl.assertGeneralExecutionIsPossible(call.getScriptName(), method);
accessControl.assertGeneralDisplayable(scriptName, method);
accessControl.addExcludeRule(scriptName, exclude); accessControl.addIncludeRule(scriptName, include); accessControl.addRoleRestriction(scriptName, constraint.getKey(), role);
accessControl.assertGeneralExecutionIsPossible(c.getScriptName(), c.getMethodDeclaration());