org.granite.messaging.service.security

Class AbstractSecurityService

java.lang.Object

org.granite.messaging.service.security.AbstractSecurityService

All Implemented Interfaces:

SecurityService

Direct Known Subclasses:

AcegiSecurityService, GlassFishSecurityService, GlassFishV3SecurityService, Jetty6SecurityService, Jetty8SecurityService, Jetty9SecurityService, Seam21SecurityService, SpringSecurity3Service, SpringSecurityService, Tomcat7SecurityService, TomcatSecurityService, UndertowSecurityService, WebLogicSecurityService

public abstract class AbstractSecurityService
extends java.lang.Object
implements SecurityService

Abstract implementation of the SecurityService interface. This class mainly contains utility methods helping with actual implementations.

Author:

Franck WOLFF

Nested Class Summary

Nested classes/interfaces inherited from interface org.granite.messaging.service.security.SecurityService

SecurityService.AuthenticationContext

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	AUTH_TYPE

Constructor Summary

Constructors

Constructor and Description
AbstractSecurityService()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	acceptsContext() A security service can optionally indicate that it's able to authorize requests that are not HTTP requests (websockets).
protected java.lang.String[]	decodeBase64Credentials(java.lang.Object credentials, java.lang.String charset) Decode credentials encoded in base 64 (in the form of "username:password"), as they have been sent by a RemoteObject.
protected java.lang.Object	endAuthorization(AbstractSecurityContext context) Invoke a service method (EJB3, Spring, Seam, etc...) after a successful authorization.
protected void	endLogin(java.lang.Object credentials, java.lang.String charset) Try to save current credentials in distributed data, typically a user session attribute.
protected void	endLogout() Try to remove credentials previously saved in distributed data.
void	handleSecurityException(SecurityServiceException e) Handle a security exception.
java.security.Principal	login(java.lang.Object credentials) A default implementation of the basic login method, passing null as the extra charset parameter.
void	prelogin(javax.servlet.http.HttpSession session, java.lang.Object request, java.lang.String servletName)
protected void	startAuthorization(AbstractSecurityContext context) Try to login by using remote credentials (see Flex method RemoteObject.setRemoteCredentials()).
protected boolean	tryRelogin() Try to re-authenticate the current user with credentials previously saved in distributed data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.granite.messaging.service.security.SecurityService

authorize, configure, login, logout

Field Detail

AUTH_TYPE

public static final java.lang.String AUTH_TYPE

See Also:

Constant Field Values

Constructor Detail

AbstractSecurityService

public AbstractSecurityService()

Method Detail

prelogin

public void prelogin(javax.servlet.http.HttpSession session,
            java.lang.Object request,
            java.lang.String servletName)

Specified by:

prelogin in interface SecurityService

login

public java.security.Principal login(java.lang.Object credentials)
                              throws SecurityServiceException

A default implementation of the basic login method, passing null as the extra charset parameter. Mainly here for compatibility purpose.

Specified by:

login in interface SecurityService

Parameters:

credentials - the login:password pair (must be a base64/ISO-8859-1 encoded string).

Throws:

SecurityServiceException

startAuthorization

protected void startAuthorization(AbstractSecurityContext context)
                           throws SecurityServiceException

Try to login by using remote credentials (see Flex method RemoteObject.setRemoteCredentials()). This method must be called at the beginning of SecurityService.authorize(AbstractSecurityContext).

Parameters:

context - the current security context.

Throws:

SecurityServiceException - if login fails.

endAuthorization

protected java.lang.Object endAuthorization(AbstractSecurityContext context)
                                     throws java.lang.Exception

Invoke a service method (EJB3, Spring, Seam, etc...) after a successful authorization. This method must be called at the end of SecurityService.authorize(AbstractSecurityContext).

Parameters:

context - the current security context.

Throws:

java.lang.Exception - if anything goes wrong with service invocation.

acceptsContext

public boolean acceptsContext()

A security service can optionally indicate that it's able to authorize requests that are not HTTP requests (websockets). In this case the method SecurityService.authorize(AbstractSecurityContext) will be invoked in a ServletGraniteContext and not in a HttpGraniteContext

Specified by:

acceptsContext in interface SecurityService

Returns:

true is a HttpGraniteContext is mandated

decodeBase64Credentials

protected java.lang.String[] decodeBase64Credentials(java.lang.Object credentials,
                                         java.lang.String charset)

Decode credentials encoded in base 64 (in the form of "username:password"), as they have been sent by a RemoteObject.

Parameters:

credentials - base 64 encoded credentials.

Returns:

an array containing two decoded Strings, username and password.

Throws:

java.lang.IllegalArgumentException - if credentials isn't a String.

SecurityServiceException - if credentials are invalid (bad encoding or missing ':').

handleSecurityException

public void handleSecurityException(SecurityServiceException e)

Handle a security exception. This method is called in AMF3MessageProcessor.processCommandMessage(flex.messaging.messages.CommandMessage) whenever a SecurityService occurs and does nothing by default.

Specified by:

handleSecurityException in interface SecurityService

Parameters:

e - the security exception.

endLogin

protected void endLogin(java.lang.Object credentials,
            java.lang.String charset)

Try to save current credentials in distributed data, typically a user session attribute. This method must be called at the end of a successful SecurityService.login(Object) operation and is useful in clustered environments with session replication in order to transparently re-authenticate the user when failing over.

Parameters:

credentials - the credentials to be saved in distributed data.

tryRelogin

protected boolean tryRelogin()

Try to re-authenticate the current user with credentials previously saved in distributed data. This method must be called in the SecurityService.authorize(AbstractSecurityContext) method when the current user principal is null.

Returns:

true if relogin was successful, false otherwise.

See Also:

endLogin(Object, String)

endLogout

protected void endLogout()

Try to remove credentials previously saved in distributed data. This method must be called in the SecurityService.logout() method.

See Also:

endLogin(Object, String)