/** * J2EE role based method level security added here. * @param javascript The name of the creator * @param parent The container of the include and exclude elements. */ private void processAuth(String javascript, Element parent) { NodeList nodes = parent.getElementsByTagName(ELEMENT_AUTH); for (int i = 0; i < nodes.getLength(); i++) { Element include = (Element) nodes.item(i); String method = include.getAttribute(ATTRIBUTE_METHOD); String role = include.getAttribute(ATTRIBUTE_ROLE); accessControl.addRoleRestriction(javascript, method, role); } }
/** * Process the include and exclude elements, passing them on to the creator * manager. * @param javascript The name of the creator * @param parent The container of the include and exclude elements. */ private void processPermissions(String javascript, Element parent) { NodeList incNodes = parent.getElementsByTagName(ELEMENT_INCLUDE); for (int i = 0; i < incNodes.getLength(); i++) { Element include = (Element) incNodes.item(i); String method = include.getAttribute(ATTRIBUTE_METHOD); accessControl.addIncludeRule(javascript, method); if (include.hasAttribute(ATTRIBUTE_ROLE)) { String role = include.getAttribute(ATTRIBUTE_ROLE); accessControl.addRoleRestriction(javascript, method, role); } } NodeList excNodes = parent.getElementsByTagName(ELEMENT_EXCLUDE); for (int i = 0; i < excNodes.getLength(); i++) { Element include = (Element) excNodes.item(i); String method = include.getAttribute(ATTRIBUTE_METHOD); accessControl.addExcludeRule(javascript, method); } }
accessControl.addRoleRestriction(scriptName, method.getName(), role);
accessControl.addRoleRestriction(scriptName, constraint.getKey(), role);