Index: topia-service/src/java/org/codelutin/topia/taas/event/TaasOwnSecurity.java
diff -u /dev/null topia-service/src/java/org/codelutin/topia/taas/event/TaasOwnSecurity.java:1.1
--- /dev/null	Thu Nov 29 16:08:34 2007
+++ topia-service/src/java/org/codelutin/topia/taas/event/TaasOwnSecurity.java	Thu Nov 29 16:08:29 2007
@@ -0,0 +1,41 @@
+/* *##%
+* Copyright (C) 2002, 2003, 2004, 2005 Code Lutin,
+*    Cédric Pineau, Benjamin Poussin,
+*
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*##%*/
+
+/* *
+* TopiaSecurityVetoableListener.java
+*
+* Created: 10 févr. 2006
+*
+* @author Arnaud Thimel <thimel@codelutin.com>
+* @version $Revision: 1.1 $
+*
+* Mise a jour: $Date: 2007-11-29 16:08:29 $
+* par : $Author: ruchaud $
+*/
+package org.codelutin.topia.taas.event;
+
+import java.security.Permission;
+import java.util.List;
+
+public interface TaasOwnSecurity {
+
+    List<Permission> getRequestPermissions();
+    
+}

Index: topia-service/src/java/org/codelutin/topia/taas/event/TaasEntityVetoable.java
diff -u /dev/null topia-service/src/java/org/codelutin/topia/taas/event/TaasEntityVetoable.java:1.1
--- /dev/null	Thu Nov 29 16:08:34 2007
+++ topia-service/src/java/org/codelutin/topia/taas/event/TaasEntityVetoable.java	Thu Nov 29 16:08:29 2007
@@ -0,0 +1,171 @@
+/* *##%
+* Copyright (C) 2002, 2003, 2004, 2005 Code Lutin,
+*    Cédric Pineau, Benjamin Poussin,
+*
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*##%*/
+
+/* *
+* TopiaSecurityVetoableListener.java
+*
+* Created: 10 févr. 2006
+*
+* @author Arnaud Thimel <thimel@codelutin.com>
+* @version $Revision: 1.1 $
+*
+* Mise a jour: $Date: 2007-11-29 16:08:29 $
+* par : $Author: ruchaud $
+*/
+
+package org.codelutin.topia.taas.event;
+
+import static org.codelutin.topia.security.util.TopiaSecurityUtil.UPDATE;
+import static org.codelutin.topia.taas.TaasUtil.CREATE;
+import static org.codelutin.topia.taas.TaasUtil.DELETE;
+import static org.codelutin.topia.taas.TaasUtil.LOAD;
+
+import java.security.AccessController;
+import java.security.Permission;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.security.auth.Subject;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.codelutin.topia.TopiaNotFoundException;
+import org.codelutin.topia.event.TopiaEntityEvent;
+import org.codelutin.topia.event.TopiaEntityVetoable;
+import org.codelutin.topia.persistence.TopiaEntity;
+import org.codelutin.topia.persistence.TopiaId;
+import org.codelutin.topia.security.util.TopiaSecurityUtil;
+import org.codelutin.topia.taas.TaasAuthorization;
+import org.codelutin.topia.taas.entities.TaasAuthorizationImpl;
+import org.codelutin.topia.taas.jaas.TaasPermission;
+
+/**
+ * Listenner permettant de vérifier les autorisations pour la création ou la
+ * suppression d'une entité. 
+ * @author ruchaud
+ */
+public class TaasEntityVetoable implements TopiaEntityVetoable {
+
+    private static Log log = LogFactory.getLog(TaasEntityVetoable.class);
+    
+    /* (non-Javadoc)
+     * @see org.codelutin.topia.event.TopiaVetoableEntityListener#createEntity(org.codelutin.topia.event.TopiaVetoableEntityEvent)
+     */
+    public void create(TopiaEntityEvent event) {
+        TopiaEntity entity = event.getEntity();
+        String topiaId = entity.getTopiaId();
+        Class<? extends TopiaEntity> clazz;
+        
+        if (log.isDebugEnabled()) {
+            log.debug("[Security] create entity : " + topiaId);
+        }
+        checkPermission(entity, CREATE);
+    }
+
+    /* (non-Javadoc)
+     * @see org.codelutin.topia.event.TopiaVetoableEntityListener#deleteEntity(org.codelutin.topia.event.TopiaVetoableEntityEvent)
+     */
+    public void delete(TopiaEntityEvent event) {
+        TopiaEntity entity = event.getEntity();
+        String topiaId = entity.getTopiaId();
+        
+        if (log.isDebugEnabled()) {
+            log.debug("[Security] delete entity : " + topiaId);
+        }
+        checkPermission(entity, DELETE);
+    }
+
+    /*
+     * (non-Javadoc)
+     * @see org.codelutin.topia.event.TopiaVetoableEntityLoadListener#loadEntity(org.codelutin.topia.event.TopiaVetoableEntityLoadEvent)
+     */
+    public void load(TopiaEntityEvent event) {       
+        TopiaEntity entity = event.getEntity();
+        String topiaId = entity.getTopiaId();
+
+        if (log.isDebugEnabled()) {
+            log.debug("[Security] load entity : " + topiaId);
+        }
+        checkPermission(entity, LOAD);
+    }
+
+    /* (non-Javadoc)
+     * @see org.codelutin.topia.event.TopiaVetoableEntityListener#updateEntity(org.codelutin.topia.event.TopiaVetoableEntityEvent)
+     */
+    public void update(TopiaEntityEvent event) {
+    }
+
+    /* (non-Javadoc)
+     * @see org.codelutin.topia.security.TopiaSecurityService#checkPermission(java.lang.Class, int)
+     */
+    public void checkPermission(TopiaEntity entity, int actions) throws SecurityException {
+        String topiaId = entity.getTopiaId();
+        Class klass = null;
+        
+        try {
+            klass = TopiaId.getClassName(topiaId);
+        } catch (TopiaNotFoundException e) {
+            if(log.isWarnEnabled()) {
+                log.warn("", e);
+            }
+            return;
+        }
+        
+        // Actions
+        if(TopiaSecurityUtil.isImplement(klass, TaasNoSecurityLoad.class)) {
+            //LOAD
+            actions &= UPDATE + DELETE + CREATE;
+        }
+        
+        // Permissions
+        List<Permission> permissions = new ArrayList<Permission>();
+        if(TopiaSecurityUtil.isImplement(klass, TaasOwnSecurity.class)) {
+            TaasOwnSecurity ownSecurity = (TaasOwnSecurity) entity;
+            permissions = ownSecurity.getRequestPermissions();
+        } else {
+            TaasAuthorization authorization = new TaasAuthorizationImpl(topiaId, actions);
+            permissions.add(new TaasPermission(authorization));
+        }
+        
+        if(actions != 0) {
+            Subject subject = Subject.getSubject(AccessController.getContext());
+            if (subject != null) {
+                boolean authorized = false;
+                for (Permission permission : permissions) {
+                    try {
+                        AccessController.checkPermission(permission);
+                        authorized = true;
+                        break;
+                    } catch (SecurityException se) {
+                        authorized = false;
+                    }
+                }
+                
+                if(!authorized) {
+                    throw new SecurityException("Access denied to object \"" + topiaId + "\" for \"" + subject + "\"");
+                }
+            }
+        } else {
+            if(log.isWarnEnabled()) {
+                log.warn("Use doAs() and login first");
+            }
+        }
+    }
+}

Index: topia-service/src/java/org/codelutin/topia/taas/event/TaasNoSecurityLoad.java
diff -u /dev/null topia-service/src/java/org/codelutin/topia/taas/event/TaasNoSecurityLoad.java:1.1
--- /dev/null	Thu Nov 29 16:08:34 2007
+++ topia-service/src/java/org/codelutin/topia/taas/event/TaasNoSecurityLoad.java	Thu Nov 29 16:08:29 2007
@@ -0,0 +1,29 @@
+/* *##%
+* Copyright (C) 2002, 2003, 2004, 2005 Code Lutin,
+*    Cédric Pineau, Benjamin Poussin,
+*
+*
+* This program is free software; you can redistribute it and/or
+* modify it under the terms of the GNU General Public License
+* as published by the Free Software Foundation; either version 2
+* of the License, or (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program; if not, write to the Free Software
+* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+*##%*/
+
+package org.codelutin.topia.taas.event;
+
+/**
+ * Interface permettant à préciser que l'entité n'est pas soumis aux autorisations
+ * de chargement sur les entités.
+ * @author ruchaud
+ */
+public interface TaasNoSecurityLoad {
+}