First commit

.classpath

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+  <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
+  <classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
+  <classpathentry kind="output" path="target/classes"/>
+  <classpathentry kind="var" path="M2_REPO/javax/inject/javax.inject/1/javax.inject-1.jar" sourcepath="M2_REPO/javax/inject/javax.inject/1/javax.inject-1-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar" sourcepath="M2_REPO/javax/servlet/servlet-api/2.5/servlet-api-2.5-sources.jar"/>
+  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+  <classpathentry kind="var" path="M2_REPO/org/apache/tapestry/tapestry-core/5.3.8/tapestry-core-5.3.8.jar" sourcepath="M2_REPO/org/apache/tapestry/tapestry-core/5.3.8/tapestry-core-5.3.8-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/commons-codec/commons-codec/1.5/commons-codec-1.5.jar" sourcepath="M2_REPO/commons-codec/commons-codec/1.5/commons-codec-1.5-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/antlr/antlr-runtime/3.3/antlr-runtime-3.3.jar" sourcepath="M2_REPO/org/antlr/antlr-runtime/3.3/antlr-runtime-3.3-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/antlr/stringtemplate/3.2.1/stringtemplate-3.2.1.jar" sourcepath="M2_REPO/org/antlr/stringtemplate/3.2.1/stringtemplate-3.2.1-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.7/antlr-2.7.7.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/apache/tapestry/tapestry-ioc/5.3.8/tapestry-ioc-5.3.8.jar" sourcepath="M2_REPO/org/apache/tapestry/tapestry-ioc/5.3.8/tapestry-ioc-5.3.8-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/apache/tapestry/plastic/5.3.8/plastic-5.3.8.jar" sourcepath="M2_REPO/org/apache/tapestry/plastic/5.3.8/plastic-5.3.8-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/apache/tapestry/tapestry5-annotations/5.3.8/tapestry5-annotations-5.3.8.jar" sourcepath="M2_REPO/org/apache/tapestry/tapestry5-annotations/5.3.8/tapestry5-annotations-5.3.8-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-api/1.6.1/slf4j-api-1.6.1.jar" sourcepath="M2_REPO/org/slf4j/slf4j-api/1.6.1/slf4j-api-1.6.1-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/javassist/javassist/3.12.1.GA/javassist-3.12.1.GA.jar" sourcepath="M2_REPO/javassist/javassist/3.12.1.GA/javassist-3.12.1.GA-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/apache/tapestry/tapestry-func/5.3.8/tapestry-func-5.3.8.jar" sourcepath="M2_REPO/org/apache/tapestry/tapestry-func/5.3.8/tapestry-func-5.3.8-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.6.1/slf4j-log4j12-1.6.1.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.6.1/slf4j-log4j12-1.6.1-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/apache/tapestry/tapestry-json/5.3.8/tapestry-json-5.3.8.jar" sourcepath="M2_REPO/org/apache/tapestry/tapestry-json/5.3.8/tapestry-json-5.3.8-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2.jar" sourcepath="M2_REPO/org/apache/commons/commons-lang3/3.3.2/commons-lang3-3.3.2-sources.jar"/>
+  <classpathentry kind="var" path="M2_REPO/com/gagauz/common/tools/1.0/tools-1.0.jar"/>
+</classpath>

.project

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+  <name>security</name>
+  <comment>NO_M2ECLIPSE_SUPPORT: Project files created with the maven-eclipse-plugin are not supported in M2Eclipse.</comment>
+  <projects/>
+  <buildSpec>
+    <buildCommand>
+      <name>org.eclipse.jdt.core.javabuilder</name>
+    </buildCommand>
+  </buildSpec>
+  <natures>
+    <nature>org.eclipse.jdt.core.javanature</nature>
+  </natures>
+</projectDescription>

.settings/org.eclipse.jdt.core.prefs

@@ -0,0 +1,5 @@
+#Tue Mar 03 14:20:12 VET 2015
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.6
+org.eclipse.jdt.core.compiler.compliance=1.6

mvn_clean_install.bat

@@ -0,0 +1,2 @@
+call mvn -e clean install
+pause

mvn_dependency_tree.bat

@@ -0,0 +1,2 @@
+call mvn -v dependency:tree > tree.txt
+pause

mvn_eclipse.bat

@@ -0,0 +1,2 @@
+call mvn eclipse:clean eclipse:eclipse
+pause

pom.xml

@@ -0,0 +1,110 @@
+<project
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0">
+	<modelVersion>4.0.0</modelVersion>
+	<groupId>com.gagauz.tapestry</groupId>
+	<artifactId>tapestry-security</artifactId>
+	<version>1.0-SNAPSHOT</version>
+	<packaging>jar</packaging>
+	<name>Tapestry 5 Security library</name>
+	<dependencies>
+		<dependency>
+			<groupId>org.apache.tapestry</groupId>
+			<artifactId>tapestry-core</artifactId>
+			<version>${tapestry-release-version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-lang3</artifactId>
+			<version>3.3.2</version>
+		</dependency>
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>servlet-api</artifactId>
+			<version>${servlet-api-release-version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>com.gagauz.common</groupId>
+			<artifactId>tools</artifactId>
+			<version>1.0</version>
+		</dependency>
+	</dependencies>
+	<build>
+		<finalName>tapestry-security</finalName>
+		<plugins>
+			 <plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-javadoc-plugin</artifactId>
+				<version>2.9.1</version>
+				<configuration></configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-source-plugin</artifactId>
+				<executions>
+					<execution>
+						<id>attach-sources</id>
+						<phase>verify</phase>
+						<goals>
+							<goal>jar-no-fork</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-eclipse-plugin</artifactId>
+				<configuration>
+					<downloadSources>true</downloadSources>
+					<classpathExcludes>
+						<exclude>jtidy:jtidy</exclude>
+					</classpathExcludes>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>com.github.github</groupId>
+				<artifactId>site-maven-plugin</artifactId>
+				<version>0.9</version>
+				<configuration>
+					<message>Maven artifacts for ${project.version}</message>  <!-- git commit message -->
+					<noJekyll>true</noJekyll>                                  <!-- disable webpage processing -->
+					<outputDirectory>${project.build.directory}/target</outputDirectory> <!-- matches distribution management repository url above -->
+					<branch>refs/heads/mvn-repo</branch>                       <!-- remote branch name -->
+					<includes><include>**/*</include></includes>
+					<repositoryName>YOUR-REPOSITORY-NAME</repositoryName>      <!-- github repo name -->
+					<repositoryOwner>YOUR-GITHUB-USERNAME</repositoryOwner>    <!-- github username  -->
+				</configuration>
+				<executions>
+				  <!-- run site-maven-plugin's 'site' target as part of the build's normal 'deploy' phase -->
+				  <execution>
+					<goals>
+					  <goal>site</goal>
+					</goals>
+					<phase>deploy</phase>
+				  </execution>
+				</executions>
+			</plugin>
+		</plugins>
+	</build>
+
+	<reporting />
+
+	<repositories>
+		<!-- This repository is only needed when the Tapestry version is a preview 
+			release, rather than a final release. -->
+		<repository>
+			<id>apache-staging</id>
+			<url>https://repository.apache.org/content/groups/staging/</url>
+		</repository>
+	</repositories>
+
+	<properties>
+		<tapestry-release-version>5.3.8</tapestry-release-version>
+		<servlet-api-release-version>2.5</servlet-api-release-version>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<maven.compiler.source>1.6</maven.compiler.source>
+		<maven.compiler.target>1.6</maven.compiler.target>
+	</properties>
+</project>

src/main/java/com/gagauz/tapestry/security/AbstractCommonHandlerWrapper.java

@@ -0,0 +1,32 @@
+package com.gagauz.tapestry.security;
+
+import org.apache.tapestry5.services.ComponentEventRequestParameters;
+import org.apache.tapestry5.services.PageRenderRequestParameters;
+
+import java.io.IOException;
+
+public abstract class AbstractCommonHandlerWrapper {
+    private final ComponentEventRequestParameters componentEventRequestParameters;
+    private final PageRenderRequestParameters pageRenderRequestParameters;
+
+    public AbstractCommonHandlerWrapper(ComponentEventRequestParameters componentEventRequestParameters) {
+        this.componentEventRequestParameters = componentEventRequestParameters;
+        this.pageRenderRequestParameters = null;
+    }
+
+    public AbstractCommonHandlerWrapper(PageRenderRequestParameters pageRenderRequestParameters) {
+        this.componentEventRequestParameters = null;
+        this.pageRenderRequestParameters = pageRenderRequestParameters;
+    }
+
+    public abstract void handle() throws IOException;
+
+    public ComponentEventRequestParameters getComponentEventRequestParameters() {
+        return componentEventRequestParameters;
+    }
+
+    public PageRenderRequestParameters getPageRenderRequestParameters() {
+        return pageRenderRequestParameters;
+    }
+
+}

src/main/java/com/gagauz/tapestry/security/AbstractCommonRequestFilter.java

@@ -0,0 +1,30 @@
+package com.gagauz.tapestry.security;
+
+import org.apache.tapestry5.services.*;
+
+import java.io.IOException;
+
+public abstract class AbstractCommonRequestFilter implements PageRenderRequestFilter, ComponentEventRequestFilter {
+
+    public abstract void handleInternal(AbstractCommonHandlerWrapper handlerWrapper) throws IOException;
+
+    @Override
+    public void handle(final ComponentEventRequestParameters parameters, final ComponentEventRequestHandler handler) throws IOException {
+        handleInternal(new AbstractCommonHandlerWrapper(parameters) {
+            @Override
+            public void handle() throws IOException {
+                handler.handle(parameters);
+            }
+        });
+    }
+
+    @Override
+    public void handle(final PageRenderRequestParameters parameters, final PageRenderRequestHandler handler) throws IOException {
+        handleInternal(new AbstractCommonHandlerWrapper(parameters) {
+            @Override
+            public void handle() throws IOException {
+                handler.handle(parameters);
+            }
+        });
+    }
+}

src/main/java/com/gagauz/tapestry/security/LoginResult.java

@@ -0,0 +1,6 @@
+package com.gagauz.tapestry.security;
+
+public enum LoginResult {
+    SUCCESS,
+    FAIL;
+}

src/main/java/com/gagauz/tapestry/security/LoginService.java

@@ -0,0 +1,38 @@
+package com.gagauz.tapestry.security;
+
+import com.gagauz.tapestry.security.api.Credentials;
+import com.gagauz.tapestry.security.api.LoginHandler;
+import com.gagauz.tapestry.security.api.SecurityUser;
+import com.gagauz.tapestry.security.api.SecurityUserProvider;
+import org.apache.tapestry5.ioc.annotations.Inject;
+
+import java.util.List;
+
+public class LoginService {
+
+    @Inject
+    private SecurityUserProvider sessionUserService;
+
+    @Inject
+    private SecurityUserCreator sessionUserCreator;
+
+    @Inject
+    private List<LoginHandler> handlers;
+
+    public SecurityUser authenticate(Credentials credentials) {
+        SecurityUser newUser = sessionUserService.loadByCredentials(credentials);
+
+        LoginResult result = LoginResult.FAIL;
+
+        if (null != newUser) {
+            SecurityUser oldUser = sessionUserCreator.createUser(newUser);
+            result = LoginResult.SUCCESS;
+            for (LoginHandler handler : handlers) {
+                handler.handle(oldUser, newUser, result);
+            }
+            return newUser;
+        }
+
+        return null;
+    }
+}

src/main/java/com/gagauz/tapestry/security/LogoutService.java

@@ -0,0 +1,50 @@
+package com.gagauz.tapestry.security;
+
+import com.gagauz.tapestry.security.api.LogoutHandler;
+
+import com.gagauz.tapestry.security.api.SecurityUser;
+
+import java.util.List;
+
+import org.apache.tapestry5.ioc.annotations.Inject;
+import org.apache.tapestry5.services.Request;
+import org.apache.tapestry5.services.Session;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class LogoutService {
+
+    private static final Logger log = LoggerFactory.getLogger(LogoutService.class);
+
+    @Inject
+    private Request request;
+
+    @Inject
+    private SecurityUserCreator securityUserCreator;
+
+    @Inject
+    private List<LogoutHandler> handlers;
+
+    public void logout() {
+
+        SecurityUser user = securityUserCreator.getUserFromContext();
+
+        for (LogoutHandler handler : handlers) {
+            try {
+                handler.handle(user);
+            } catch (Exception e) {
+                log.error("Failed to handle logout", e);
+            }
+        }
+
+        Session session = request.getSession(false);
+
+        if (null != session) {
+            try {
+                session.invalidate();
+            } catch (Exception e) {
+                log.error("Session invalidate error", e);
+            }
+        }
+    }
+}

src/main/java/com/gagauz/tapestry/security/Secured.java

@@ -0,0 +1,13 @@
+package com.gagauz.tapestry.security;
+
+import com.gagauz.tapestry.security.api.Role;
+
+import java.lang.annotation.*;
+
+@Target({ElementType.METHOD, ElementType.FIELD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@Documented
+public @interface Secured {
+    Role[] value() default {};
+}

src/main/java/com/gagauz/tapestry/security/SecurityChecker.java

@@ -0,0 +1,30 @@
+package com.gagauz.tapestry.security;
+
+import com.gagauz.tapestry.security.api.Role;
+import com.gagauz.tapestry.security.api.SecurityUser;
+
+import javax.inject.Inject;
+
+public class SecurityChecker {
+    @Inject
+    private SecurityUserCreator sessionUserCreator;
+
+    public boolean isCurrentUserHasRoles(Role[] needRoles) {
+
+        SecurityUser user = sessionUserCreator.getUserFromContext();
+        if (null != user) {
+            if (null == needRoles || 0 == needRoles.length) {
+                return true;
+            }
+            for (final Role userRole : user.getRoles()) {
+                for (Role pageRole : needRoles) {
+                    if (userRole == pageRole) {
+                        return true;
+                    }
+                }
+            }
+        }
+        return false;
+    }
+
+}