1 Reply Latest reply on Nov 24, 2008 11:12 AM by Shane Bryzak

    Enable and disable EntitySecurity at Runtime

    Marco Röösli Newbie

      I found this way to enable / disable EntitySecurity:


      I wrote my own EntitySecurityListener based on the implementation of the original EntitySecurityListener


      import static org.jboss.seam.security.EntityAction.DELETE;
      import static org.jboss.seam.security.EntityAction.INSERT;
      import static org.jboss.seam.security.EntityAction.READ;
      import static org.jboss.seam.security.EntityAction.UPDATE;
      
      import javax.persistence.PostLoad;
      import javax.persistence.PrePersist;
      import javax.persistence.PreRemove;
      import javax.persistence.PreUpdate;
      
      import org.jboss.seam.security.EntityPermissionChecker;
      @Name("myEntitySecurityListener")
      public class MyEntitySecurityListener {
         private boolean securityCheckEnabled = false;
      
         public boolean isSecurityCheckEnabled() {
              return securityCheckEnabled;
         }
      
         public void setSecurityCheckEnabled(boolean securityCheckEnabled) {
              this.securityCheckEnabled = securityCheckEnabled;
         }
      
         @PostLoad
         public void postLoad(Object entity) {
              if (securityCheckEnabled) {
                 EntityPermissionChecker.instance().checkEntityPermission(entity, READ);
              }
         }
      
         @PrePersist
         public void prePersist(Object entity) {
              if (securityCheckEnabled) {
                 EntityPermissionChecker.instance().checkEntityPermission(entity, INSERT);
              }
         }
      
         @PreUpdate
         public void preUpdate(Object entity) {
              if (securityCheckEnabled) {
                 EntityPermissionChecker.instance().checkEntityPermission(entity, UPDATE);
              }
         }
      
         @PreRemove
         public void preRemove(Object entity) {
              if (securityCheckEnabled) {
                 EntityPermissionChecker.instance().checkEntityPermission(entity, DELETE);
              }
         }
      }



      is this a good way to enable/disable EntitySecurity at runtime or is there a better way to do this?


      thx for your help
      Greetz Marco