Index: topia-security/src/java/org/codelutin/topia/security/listener/PropertyWriteListener.java
diff -u /dev/null topia-security/src/java/org/codelutin/topia/security/listener/PropertyWriteListener.java:1.1
--- /dev/null	Mon Sep 25 13:24:45 2006
+++ topia-security/src/java/org/codelutin/topia/security/listener/PropertyWriteListener.java	Mon Sep 25 13:24:40 2006
@@ -0,0 +1,61 @@
+/* *##%
+* Copyright (C) 2002, 2003, 2004, 2005 Code Lutin,
+*    Cédric Pineau, Benjamin Poussin,
+*
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*##%*/
+
+package org.codelutin.topia.security.listener;
+
+import static org.codelutin.topia.security.util.TopiaSecurityUtil.UPDATE;
+import static org.codelutin.topia.security.util.TopiaSecurityUtil.checkPermission;
+
+import java.beans.PropertyChangeEvent;
+import java.beans.PropertyVetoException;
+import java.beans.VetoableChangeListener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.codelutin.topia.TopiaException;
+import org.codelutin.topia.persistence.TopiaEntityAbstract;
+
+/**
+ * Listenner permettant de vérifier les autorisations pour le chargement d'une
+ * propriété sur une entités.
+ * @author ruchaud
+ */
+public class PropertyWriteListener implements VetoableChangeListener {
+
+    private static Log log = LogFactory.getLog(PropertyWriteListener.class);
+
+    /*
+     * (non-Javadoc)
+     * @see java.beans.VetoableChangeListener#vetoableChange(java.beans.PropertyChangeEvent)
+     */
+    public void vetoableChange(PropertyChangeEvent event) throws PropertyVetoException {
+        Object source = event.getSource();
+        TopiaEntityAbstract entity = (TopiaEntityAbstract) source;
+        try {
+            checkPermission(entity.getTopiaId(), UPDATE);
+        } catch (TopiaException te) {
+            if (log.isWarnEnabled()) {
+                log.warn("[Security] Write denied to : " + entity.getTopiaId(), te);
+            }
+            throw new SecurityException("Access denied to Write entity " + entity + " on " + event.getPropertyName(), te);
+        }
+    }
+
+}

Index: topia-security/src/java/org/codelutin/topia/security/listener/PropertyReadListener.java
diff -u /dev/null topia-security/src/java/org/codelutin/topia/security/listener/PropertyReadListener.java:1.1
--- /dev/null	Mon Sep 25 13:24:45 2006
+++ topia-security/src/java/org/codelutin/topia/security/listener/PropertyReadListener.java	Mon Sep 25 13:24:40 2006
@@ -0,0 +1,74 @@
+/* *##%
+* Copyright (C) 2002, 2003, 2004, 2005 Code Lutin,
+*    Cédric Pineau, Benjamin Poussin,
+*
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*##%*/
+
+package org.codelutin.topia.security.listener;
+
+import static org.codelutin.topia.security.util.TopiaSecurityUtil.LOAD;
+import static org.codelutin.topia.security.util.TopiaSecurityUtil.checkPermission;
+
+import java.beans.PropertyChangeEvent;
+import java.beans.PropertyVetoException;
+import java.beans.VetoableChangeListener;
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.codelutin.topia.TopiaException;
+import org.codelutin.topia.persistence.TopiaEntityAbstract;
+
+/**
+ * Listenner permettant de vérifier les autorisations pour la modification d'une
+ * propriété sur une entités.
+ * @author ruchaud
+ */
+//TODO: Gestion d'une sécurité partiel ou total c'est à dire retour d'une valeur par défaut
+public class PropertyReadListener implements VetoableChangeListener {
+
+    private static Log log = LogFactory.getLog(PropertyReadListener.class);
+
+    /*
+     * (non-Javadoc)
+     * @see java.beans.VetoableChangeListener#vetoableChange(java.beans.PropertyChangeEvent)
+     */
+    public void vetoableChange(PropertyChangeEvent event) throws PropertyVetoException {
+        Object source = event.getSource();
+        TopiaEntityAbstract entity = (TopiaEntityAbstract) source;
+
+        Class[] interfaces = entity.getClass().getInterfaces();
+        List<Class> asList = Arrays.asList(interfaces);
+        if (asList.contains(NoEntityVetoableReadListener.class)) {
+            if (log.isDebugEnabled()) {
+                log.debug("[Security] load granted to : " + entity.getTopiaId());
+            }
+            return;
+        }
+
+        try {
+            checkPermission(entity.getTopiaId(), LOAD);
+        } catch (TopiaException te) {
+            if (log.isWarnEnabled()) {
+                log.warn("[Security] Read denied to : " + entity.getTopiaId(), te);
+            }
+            throw new SecurityException("Access denied to Read entity " + entity + " on " + event.getPropertyName(), te);
+        }
+    }
+
+}

Index: topia-security/src/java/org/codelutin/topia/security/listener/VetoablePropertyListener.java
diff -u /dev/null topia-security/src/java/org/codelutin/topia/security/listener/VetoablePropertyListener.java:1.1
--- /dev/null	Mon Sep 25 13:24:47 2006
+++ topia-security/src/java/org/codelutin/topia/security/listener/VetoablePropertyListener.java	Mon Sep 25 13:24:40 2006
@@ -0,0 +1,107 @@
+/* *##%
+* Copyright (C) 2002, 2003, 2004, 2005 Code Lutin,
+*    Cédric Pineau, Benjamin Poussin,
+*
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*##%*/
+
+/* *
+* TopiaSecurityVetoableListener.java
+*
+* Created: 10 févr. 2006
+*
+* @author Arnaud Thimel <thimel@codelutin.com>
+* @version $Revision: 1.1 $
+*
+* Mise a jour: $Date: 2006/09/25 13:24:40 $
+* par : $Author: ruchaud $
+*/
+
+
+package org.codelutin.topia.security.listener;
+
+import java.util.Collection;
+
+import org.codelutin.topia.event.TopiaEntityEvent;
+import org.codelutin.topia.event.TopiaEntityListener;
+import org.codelutin.topia.event.TopiaEntityLoadEvent;
+import org.codelutin.topia.event.TopiaEntityLoadListener;
+import org.codelutin.topia.persistence.TopiaEntityAbstract;
+
+/**
+ * Ajout en cas de chargement ou de creation d'entités des listeners pour la
+ * sécurité sur leurs champs.
+ * @author ruchaud
+ */
+public class VetoablePropertyListener implements
+        TopiaEntityLoadListener, TopiaEntityListener {
+
+    protected PropertyReadListener readListener;
+    protected PropertyWriteListener writeListener;
+    
+    /**
+     * Contructeur avec comme paramètre les listeners à attacher au chargement ou
+     * à la création.
+     * @param readListener Listener en lecture d'un champ
+     * @param writeListener Listener en écriture d'un champ
+     */
+    public VetoablePropertyListener(PropertyReadListener readListener, PropertyWriteListener writeListener) {
+        super();
+        this.readListener = readListener;
+        this.writeListener = writeListener;
+    }
+
+    /*
+     * (non-Javadoc)
+     * @see org.codelutin.topia.event.TopiaEntityLoadListener#entityLoaded(org.codelutin.topia.event.TopiaEntityLoadEvent)
+     */
+    public void entityLoaded(TopiaEntityLoadEvent event) {        
+        Collection<Object> topiaEntities = event.getTopiaEntities();
+        for (Object object : topiaEntities) {
+            TopiaEntityAbstract entity = (TopiaEntityAbstract) object;
+            entity.addVetoableReadListener(readListener);
+            entity.addVetoableChangeListener(writeListener);
+        }
+    }
+
+    /*
+     * (non-Javadoc)
+     * @see org.codelutin.topia.event.TopiaEntityListener#entityCreated(org.codelutin.topia.event.TopiaEntityEvent)
+     */
+    public void entityCreated(TopiaEntityEvent event) {
+        Collection<Object> topiaEntities = event.getTopiaEntities();
+        for (Object object : topiaEntities) {
+            TopiaEntityAbstract entity = (TopiaEntityAbstract) object;
+            entity.addVetoableReadListener(readListener);
+            entity.addVetoableChangeListener(writeListener);
+        }
+    }
+    
+    /*
+     * (non-Javadoc)
+     * @see org.codelutin.topia.event.TopiaEntityListener#entityDeleted(org.codelutin.topia.event.TopiaEntityEvent)
+     */
+    public void entityDeleted(TopiaEntityEvent event) {
+    }
+
+    /*
+     * (non-Javadoc)
+     * @see org.codelutin.topia.event.TopiaEntityListener#entityUpdated(org.codelutin.topia.event.TopiaEntityEvent)
+     */
+    public void entityUpdated(TopiaEntityEvent event) {
+    }
+
+} //TopiaSecurityVetoableListener

Index: topia-security/src/java/org/codelutin/topia/security/listener/NoEntityVetoableReadListener.java
diff -u /dev/null topia-security/src/java/org/codelutin/topia/security/listener/NoEntityVetoableReadListener.java:1.1
--- /dev/null	Mon Sep 25 13:24:49 2006
+++ topia-security/src/java/org/codelutin/topia/security/listener/NoEntityVetoableReadListener.java	Mon Sep 25 13:24:40 2006
@@ -0,0 +1,29 @@
+/* *##%
+* Copyright (C) 2002, 2003, 2004, 2005 Code Lutin,
+*    Cédric Pineau, Benjamin Poussin,
+*
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*##%*/
+
+package org.codelutin.topia.security.listener;
+
+/**
+ * Interface permettant à préciser que l'entité n'est pas soumis aux autorisations
+ * de chargement sur les entités.
+ * @author ruchaud
+ */
+public interface NoEntityVetoableReadListener {
+}

Index: topia-security/src/java/org/codelutin/topia/security/listener/VetoableEntityListener.java
diff -u /dev/null topia-security/src/java/org/codelutin/topia/security/listener/VetoableEntityListener.java:1.1
--- /dev/null	Mon Sep 25 13:24:49 2006
+++ topia-security/src/java/org/codelutin/topia/security/listener/VetoableEntityListener.java	Mon Sep 25 13:24:40 2006
@@ -0,0 +1,88 @@
+/* *##%
+* Copyright (C) 2002, 2003, 2004, 2005 Code Lutin,
+*    Cédric Pineau, Benjamin Poussin,
+*
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*##%*/
+
+/* *
+* TopiaSecurityVetoableListener.java
+*
+* Created: 10 févr. 2006
+*
+* @author Arnaud Thimel <thimel@codelutin.com>
+* @version $Revision: 1.1 $
+*
+* Mise a jour: $Date: 2006/09/25 13:24:40 $
+* par : $Author: ruchaud $
+*/
+
+package org.codelutin.topia.security.listener;
+
+import static org.codelutin.topia.security.util.TopiaSecurityUtil.CREATE;
+import static org.codelutin.topia.security.util.TopiaSecurityUtil.DELETE;
+import static org.codelutin.topia.security.util.TopiaSecurityUtil.checkPermission;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.codelutin.topia.TopiaException;
+import org.codelutin.topia.event.TopiaVetoableEntityEvent;
+import org.codelutin.topia.event.TopiaVetoableEntityListener;
+
+/**
+ * Listenner permettant de vérifier les autorisations pour la création ou la
+ * suppression d'une entité. 
+ * @author ruchaud
+ */
+public class VetoableEntityListener implements TopiaVetoableEntityListener {
+
+    private static Log log = LogFactory.getLog(VetoableEntityListener.class);
+
+    /* (non-Javadoc)
+     * @see org.codelutin.topia.event.TopiaVetoableEntityListener#createEntity(org.codelutin.topia.event.TopiaVetoableEntityEvent)
+     */
+    public void createEntity(TopiaVetoableEntityEvent event) {
+        if (log.isDebugEnabled()) {
+            log.debug("[Security] create entity : " + event.getEntityClass());
+        }
+        try {
+            checkPermission(event.getEntityClass(), CREATE);
+        } catch (TopiaException te) {
+            throw new SecurityException("Access denied to entity creation", te);
+        }
+    }
+
+    /* (non-Javadoc)
+     * @see org.codelutin.topia.event.TopiaVetoableEntityListener#deleteEntity(org.codelutin.topia.event.TopiaVetoableEntityEvent)
+     */
+    public void deleteEntity(TopiaVetoableEntityEvent event) {
+        if (log.isDebugEnabled()) {
+            log.debug("[Security] delete entity : " + event.getId());
+        }
+        try {
+            checkPermission((String)event.getId(), DELETE);
+        } catch (TopiaException te) {
+            throw new SecurityException("Access denied to entity deletion", te);
+        }
+    }
+
+    /* (non-Javadoc)
+     * @see org.codelutin.topia.event.TopiaVetoableEntityListener#updateEntity(org.codelutin.topia.event.TopiaVetoableEntityEvent)
+     */
+    public void updateEntity(TopiaVetoableEntityEvent event) {
+    }
+
+}