You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by bu...@apache.org on 2013/01/07 19:46:54 UTC
svn commit: r845361 [3/3] - in /websites/staging/deltaspike/trunk/content:
./ deltaspike/container-control.html deltaspike/core.html
deltaspike/documentation.html deltaspike/jpa.html
deltaspike/resources/css/bootstrap.css deltaspike/security.html
Modified: websites/staging/deltaspike/trunk/content/deltaspike/security.html
==============================================================================
--- websites/staging/deltaspike/trunk/content/deltaspike/security.html (original)
+++ websites/staging/deltaspike/trunk/content/deltaspike/security.html Mon Jan 7 18:46:54 2013
@@ -78,233 +78,250 @@
<div class="page-title">
<h1>DeltaSpike Security Module</h1>
</div>
- <h2 id="securitybinding-for-class-and-method-invocations">SecurityBinding for class and method invocations</h2>
+ <div class="toc">
+<ul>
+<li><a href="#securitybinding-for-class-and-method-invocations">SecurityBinding for class and method invocations</a></li>
+<li><a href="#integrating-3rd-party-security-frameworks">Integrating 3rd party security frameworks</a><ul>
+<li><a href="#secured">@Secured</a></li>
+<li><a href="#accessdecisionvoter">AccessDecisionVoter</a></li>
+<li><a href="#securityviolation">SecurityViolation</a></li>
+<li><a href="#secured-and-stereotypes-with-custom-meta-data">@Secured and Stereotypes with custom Meta-data</a></li>
+</ul>
+</li>
+<li><a href="#accessdecisionvotercontext">AccessDecisionVoterContext</a><ul>
+<li><a href="#securitystrategy-spi">SecurityStrategy SPI</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<hr />
+<h1 id="securitybinding-for-class-and-method-invocations">SecurityBinding for class and method invocations</h1>
<p>This feature of the security module functions by intercepting method calls, and performing a security check before invocation is allowed to proceed.</p>
<p>In order to use the DeltaSpike security module, you must first have installed the proper dependencies into your POM file. Once this is complete, you may proceed to create a security parameter binding annotation. This is what we will use to add security behavior to our business classes and methods.</p>
<p>Create the SecurityBinding:</p>
-<div class="codehilite"><pre><span class="nv">@Retention</span><span class="p">(</span><span class="n">value</span> <span class="o">=</span> <span class="n">RUNTIME</span><span class="p">)</span>
-<span class="nv">@Target</span><span class="p">({</span><span class="n">TYPE</span><span class="p">,</span> <span class="n">METHOD</span><span class="p">})</span>
-<span class="nv">@Documented</span>
-<span class="nv">@SecurityBindingType</span>
-<span class="n">public</span> <span class="nv">@interface</span> <span class="n">CustomSecurityBinding</span> <span class="p">{</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@Retention</span><span class="o">(</span><span class="n">value</span> <span class="o">=</span> <span class="n">RUNTIME</span><span class="o">)</span>
+<span class="nd">@Target</span><span class="o">({</span><span class="n">TYPE</span><span class="o">,</span> <span class="n">METHOD</span><span class="o">})</span>
+<span class="nd">@Documented</span>
+<span class="nd">@SecurityBindingType</span>
+<span class="kd">public</span> <span class="nd">@interface</span> <span class="n">CustomSecurityBinding</span> <span class="o">{</span>
+<span class="o">}</span>
</pre></div>
<p>Next, we must define an Authorizer class to implement behavior for our custom SecurityBindingType. This class is simply a CDI bean which declares a @Secures method, qualified with the security binding annotation we created in the first step.</p>
<p>This method has access to the InvocationContext of the method call, so if we need to access parameter arguments, we can do so using the given context. Note that we may also inject other beans into the parameter list of our @Secures method.</p>
<p>Create the Authorizer:</p>
-<div class="codehilite"><pre><span class="nv">@ApplicationScoped</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">CustomAuthorizer</span>
-<span class="p">{</span>
- <span class="nv">@Secures</span>
- <span class="nv">@CustomSecurityBinding</span>
- <span class="n">public</span> <span class="n">boolean</span> <span class="n">doSecuredCheck</span><span class="p">(</span><span class="n">InvocationContext</span> <span class="n">invocationContext</span><span class="p">,</span> <span class="n">BeanManager</span> <span class="n">manager</span><span class="p">,</span> <span class="nv">@LoggedIn</span> <span class="n">User</span> <span class="n">user</span><span class="p">)</span> <span class="n">throws</span> <span class="n">Exception</span>
- <span class="p">{</span>
- <span class="k">return</span> <span class="n">user</span><span class="o">.</span><span class="n">isLoggedIn</span><span class="p">();</span> <span class="sr">//</span> <span class="n">perform</span> <span class="n">security</span> <span class="n">check</span>
- <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">CustomAuthorizer</span>
+<span class="o">{</span>
+ <span class="nd">@Secures</span>
+ <span class="nd">@CustomSecurityBinding</span>
+ <span class="kd">public</span> <span class="kt">boolean</span> <span class="nf">doSecuredCheck</span><span class="o">(</span><span class="n">InvocationContext</span> <span class="n">invocationContext</span><span class="o">,</span> <span class="n">BeanManager</span> <span class="n">manager</span><span class="o">,</span> <span class="nd">@LoggedIn</span> <span class="n">User</span> <span class="n">user</span><span class="o">)</span> <span class="kd">throws</span> <span class="n">Exception</span>
+ <span class="o">{</span>
+ <span class="k">return</span> <span class="n">user</span><span class="o">.</span><span class="na">isLoggedIn</span><span class="o">();</span> <span class="c1">// perform security check</span>
+ <span class="o">}</span>
+<span class="o">}</span>
</pre></div>
<p>We can then use our new annotation to secure business or bean methods. This binding annotation may be placed on the entire class (securing all methods,) or on individual methods that you wish to secure.</p>
<p>Secure a bean method:</p>
-<div class="codehilite"><pre><span class="nv">@ApplicationScoped</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">SecuredBean1</span>
-<span class="p">{</span>
- <span class="nv">@CustomSecurityBinding</span>
- <span class="n">public</span> <span class="n">void</span> <span class="n">doSomething</span><span class="p">(</span><span class="n">Thing</span> <span class="n">thing</span><span class="p">)</span>
- <span class="p">{</span>
- <span class="n">thing</span><span class="o">.</span><span class="n">doSomething</span><span class="p">();</span>
- <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean1</span>
+<span class="o">{</span>
+ <span class="nd">@CustomSecurityBinding</span>
+ <span class="kd">public</span> <span class="kt">void</span> <span class="nf">doSomething</span><span class="o">(</span><span class="n">Thing</span> <span class="n">thing</span><span class="o">)</span>
+ <span class="o">{</span>
+ <span class="n">thing</span><span class="o">.</span><span class="na">doSomething</span><span class="o">();</span>
+ <span class="o">}</span>
+<span class="o">}</span>
</pre></div>
<p>Next, we may access parameter values from the method invocation directly in our authorizer bean by creating custom @SecurityParameterBinding types; this is a simple step once we have completed the work above:</p>
<p>Create a parameter binding annotation:</p>
-<div class="codehilite"><pre><span class="nv">@Retention</span><span class="p">(</span><span class="n">value</span> <span class="o">=</span> <span class="n">RUNTIME</span><span class="p">)</span>
-<span class="nv">@Target</span><span class="p">({</span><span class="n">PARAMETER</span><span class="p">})</span>
-<span class="nv">@Documented</span>
-<span class="nv">@SecurityParameterBinding</span>
-<span class="n">public</span> <span class="nv">@interface</span> <span class="n">CurrentThing</span> <span class="p">{</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@Retention</span><span class="o">(</span><span class="n">value</span> <span class="o">=</span> <span class="n">RUNTIME</span><span class="o">)</span>
+<span class="nd">@Target</span><span class="o">({</span><span class="n">PARAMETER</span><span class="o">})</span>
+<span class="nd">@Documented</span>
+<span class="nd">@SecurityParameterBinding</span>
+<span class="kd">public</span> <span class="nd">@interface</span> <span class="n">CurrentThing</span> <span class="o">{</span>
+<span class="o">}</span>
</pre></div>
<p>Now, when a secured method is invoked, we can inject actual parameter values as arguments into our authorizer method, providing domain-level security in our applications:</p>
<p>Update the Authorizer to use parameter binding:</p>
-<div class="codehilite"><pre><span class="nv">@ApplicationScoped</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">CustomAuthorizer</span>
-<span class="p">{</span>
- <span class="nv">@Secures</span>
- <span class="nv">@CustomSecurityBinding</span>
- <span class="n">public</span> <span class="n">boolean</span> <span class="n">doSecuredCheck</span><span class="p">(</span><span class="n">InvocationContext</span> <span class="n">invocationContext</span><span class="p">,</span> <span class="n">BeanManager</span> <span class="n">manager</span><span class="p">,</span> <span class="nv">@LoggedIn</span> <span class="n">User</span> <span class="n">user</span><span class="p">,</span> <span class="nv">@CurrentThing</span> <span class="n">Thing</span> <span class="n">thing</span><span class="p">)</span> <span class="n">throws</span> <span class="n">Exception</span>
- <span class="p">{</span>
- <span class="k">return</span> <span class="n">thing</span><span class="o">.</span><span class="n">hasMember</span><span class="p">(</span><span class="n">user</span><span class="p">);</span> <span class="sr">//</span> <span class="n">perform</span> <span class="n">security</span> <span class="n">check</span> <span class="n">against</span> <span class="k">our</span> <span class="n">method</span> <span class="n">parameter</span>
- <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">CustomAuthorizer</span>
+<span class="o">{</span>
+ <span class="nd">@Secures</span>
+ <span class="nd">@CustomSecurityBinding</span>
+ <span class="kd">public</span> <span class="kt">boolean</span> <span class="nf">doSecuredCheck</span><span class="o">(</span><span class="n">InvocationContext</span> <span class="n">invocationContext</span><span class="o">,</span> <span class="n">BeanManager</span> <span class="n">manager</span><span class="o">,</span> <span class="nd">@LoggedIn</span> <span class="n">User</span> <span class="n">user</span><span class="o">,</span> <span class="nd">@CurrentThing</span> <span class="n">Thing</span> <span class="n">thing</span><span class="o">)</span> <span class="kd">throws</span> <span class="n">Exception</span>
+ <span class="o">{</span>
+ <span class="k">return</span> <span class="n">thing</span><span class="o">.</span><span class="na">hasMember</span><span class="o">(</span><span class="n">user</span><span class="o">);</span> <span class="c1">// perform security check against our method parameter</span>
+ <span class="o">}</span>
+<span class="o">}</span>
</pre></div>
<p>Note that our business method must also be annotated.</p>
<p>Complete the parameter binding:</p>
-<div class="codehilite"><pre><span class="nv">@ApplicationScoped</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">SecuredBean1</span>
-<span class="p">{</span>
- <span class="nv">@CustomSecurityBinding</span>
- <span class="n">public</span> <span class="n">void</span> <span class="n">doSomething</span><span class="p">(</span><span class="nv">@CurrentThing</span> <span class="n">Thing</span> <span class="n">thing</span><span class="p">)</span>
- <span class="p">{</span>
- <span class="n">thing</span><span class="o">.</span><span class="n">doSomething</span><span class="p">();</span>
- <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean1</span>
+<span class="o">{</span>
+ <span class="nd">@CustomSecurityBinding</span>
+ <span class="kd">public</span> <span class="kt">void</span> <span class="nf">doSomething</span><span class="o">(</span><span class="nd">@CurrentThing</span> <span class="n">Thing</span> <span class="n">thing</span><span class="o">)</span>
+ <span class="o">{</span>
+ <span class="n">thing</span><span class="o">.</span><span class="na">doSomething</span><span class="o">();</span>
+ <span class="o">}</span>
+<span class="o">}</span>
</pre></div>
<p>Our method is now secured, and we are able to use given parameter values as part of our security authorizer!</p>
<p>There may be cases where you may want to base your authorization logic on the result of the secured method and do the security check after the method invocation.
Just use the same security binding type for that case:</p>
-<div class="codehilite"><pre><span class="nv">@ApplicationScoped</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">SecuredBean1</span>
-<span class="p">{</span>
- <span class="nv">@CustomSecurityBinding</span>
- <span class="n">public</span> <span class="n">Thing</span> <span class="n">loadSomething</span><span class="p">()</span>
- <span class="p">{</span>
- <span class="k">return</span> <span class="n">thingLoader</span><span class="o">.</span><span class="n">load</span><span class="p">();</span>
- <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean1</span>
+<span class="o">{</span>
+ <span class="nd">@CustomSecurityBinding</span>
+ <span class="kd">public</span> <span class="n">Thing</span> <span class="nf">loadSomething</span><span class="o">()</span>
+ <span class="o">{</span>
+ <span class="k">return</span> <span class="n">thingLoader</span><span class="o">.</span><span class="na">load</span><span class="o">();</span>
+ <span class="o">}</span>
+<span class="o">}</span>
</pre></div>
<p>Now you need to access the return value in the authorizer method. You can inject it using the @SecuredReturn annotation.
Update the Authorizer to use a secured return value:</p>
-<div class="codehilite"><pre><span class="nv">@ApplicationScoped</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">CustomAuthorizer</span>
-<span class="p">{</span>
- <span class="nv">@Secures</span>
- <span class="nv">@CustomSecurityBinding</span>
- <span class="n">public</span> <span class="n">boolean</span> <span class="n">doSecuredCheck</span><span class="p">(</span><span class="nv">@SecuredReturn</span> <span class="n">Thing</span> <span class="n">thing</span><span class="p">,</span> <span class="nv">@LoggedIn</span> <span class="n">User</span> <span class="n">user</span><span class="p">)</span> <span class="n">throws</span> <span class="n">Exception</span>
- <span class="p">{</span>
- <span class="k">return</span> <span class="n">thing</span><span class="o">.</span><span class="n">hasMember</span><span class="p">(</span><span class="n">user</span><span class="p">);</span> <span class="sr">//</span> <span class="n">perform</span> <span class="n">security</span> <span class="n">check</span> <span class="n">against</span> <span class="n">the</span> <span class="k">return</span> <span class="n">value</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">CustomAuthorizer</span>
+<span class="o">{</span>
+ <span class="nd">@Secures</span>
+ <span class="nd">@CustomSecurityBinding</span>
+ <span class="kd">public</span> <span class="kt">boolean</span> <span class="nf">doSecuredCheck</span><span class="o">(</span><span class="nd">@SecuredReturn</span> <span class="n">Thing</span> <span class="n">thing</span><span class="o">,</span> <span class="nd">@LoggedIn</span> <span class="n">User</span> <span class="n">user</span><span class="o">)</span> <span class="kd">throws</span> <span class="n">Exception</span>
+ <span class="o">{</span>
+ <span class="k">return</span> <span class="n">thing</span><span class="o">.</span><span class="na">hasMember</span><span class="o">(</span><span class="n">user</span><span class="o">);</span> <span class="c1">// perform security check against the return value</span>
+<span class="o">}</span>
</pre></div>
<p>Now the authorization will take place after the method invocation using the return value of the business method.</p>
<p>Complete the parameter binding:</p>
-<div class="codehilite"><pre><span class="nv">@ApplicationScoped</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">SecuredBean1</span>
-<span class="p">{</span>
- <span class="nv">@CustomSecurityBinding</span>
- <span class="n">public</span> <span class="n">void</span> <span class="n">doSomething</span><span class="p">(</span><span class="nv">@CurrentThing</span> <span class="n">Thing</span> <span class="n">thing</span><span class="p">)</span>
- <span class="p">{</span>
- <span class="n">thing</span><span class="o">.</span><span class="n">doSomething</span><span class="p">();</span>
- <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean1</span>
+<span class="o">{</span>
+ <span class="nd">@CustomSecurityBinding</span>
+ <span class="kd">public</span> <span class="kt">void</span> <span class="nf">doSomething</span><span class="o">(</span><span class="nd">@CurrentThing</span> <span class="n">Thing</span> <span class="n">thing</span><span class="o">)</span>
+ <span class="o">{</span>
+ <span class="n">thing</span><span class="o">.</span><span class="na">doSomething</span><span class="o">();</span>
+ <span class="o">}</span>
+<span class="o">}</span>
</pre></div>
<p>Our method is now secured, and we are able to use given parameter values as part of our security authorizer!</p>
-<h2 id="integrating-3rd-party-security-frameworks">Integrating 3rd party security frameworks</h2>
-<h3 id="secured">@Secured</h3>
+<h1 id="integrating-3rd-party-security-frameworks">Integrating 3rd party security frameworks</h1>
+<h2 id="secured">@Secured</h2>
<p><code>@Secured</code> is build on <code>@SecurityBindingType</code> and a very simple alternative to the rest of the security module.
It's a basic hook to integrate a custom security concept, 3rd party frameworks,... . It doesn't provide a full blown security concept like the rest of the security module, but other DeltaSpike modules ensure that the security concepts are integrated properly (e.g. correct behaviour within custom scope implementations,...). It just allows to integrate other security frameworks easily.</p>
<p>(In MyFaces CODI it was originally a CDI interceptor. This part changed a bit, because between the interceptor and <code>@Secured</code> is the <code>@SecurityBindingType</code> concept which triggers <code>@Secured</code> as on possible approach. Therefore the basic behaviour remains the same and you can think about it like an interceptor.)</p>
<p>Securing all intercepted methods of a CDI bean:</p>
-<div class="codehilite"><pre><span class="sr">//</span><span class="o">...</span>
-<span class="nv">@Secured</span><span class="p">(</span><span class="n">CustomAccessDecisionVoter</span><span class="o">.</span><span class="n">class</span><span class="p">)</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">SecuredBean</span>
-<span class="p">{</span>
- <span class="sr">//</span><span class="o">...</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="c1">//...</span>
+<span class="nd">@Secured</span><span class="o">(</span><span class="n">CustomAccessDecisionVoter</span><span class="o">.</span><span class="na">class</span><span class="o">)</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean</span>
+<span class="o">{</span>
+ <span class="c1">//...</span>
+<span class="o">}</span>
</pre></div>
<p>or</p>
<p>Securing specific methods:</p>
-<div class="codehilite"><pre><span class="sr">//</span><span class="o">...</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">SecuredBean</span>
-<span class="p">{</span>
- <span class="nv">@Secured</span><span class="p">(</span><span class="n">CustomAccessDecisionVoter</span><span class="o">.</span><span class="n">class</span><span class="p">)</span>
- <span class="n">public</span> <span class="n">String</span> <span class="n">getResult</span><span class="p">()</span>
- <span class="p">{</span>
- <span class="sr">//</span><span class="o">...</span>
- <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="c1">//...</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean</span>
+<span class="o">{</span>
+ <span class="nd">@Secured</span><span class="o">(</span><span class="n">CustomAccessDecisionVoter</span><span class="o">.</span><span class="na">class</span><span class="o">)</span>
+ <span class="kd">public</span> <span class="n">String</span> <span class="nf">getResult</span><span class="o">()</span>
+ <span class="o">{</span>
+ <span class="c1">//...</span>
+ <span class="o">}</span>
+<span class="o">}</span>
</pre></div>
-<h3 id="accessdecisionvoter">AccessDecisionVoter</h3>
+<h2 id="accessdecisionvoter">AccessDecisionVoter</h2>
<p>This interface is (besides the <code>Secured</code> annotation) the most important part of the concept. Both artifact types are also the only required parts:</p>
-<div class="codehilite"><pre><span class="n">public</span> <span class="n">class</span> <span class="n">CustomAccessDecisionVoter</span> <span class="n">implements</span> <span class="n">AccessDecisionVoter</span>
-<span class="p">{</span>
- <span class="nv">@Override</span>
- <span class="n">public</span> <span class="n">Set</span><span class="sr"><SecurityViolation></span> <span class="n">checkPermission</span><span class="p">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">accessDecisionVoterContext</span><span class="p">)</span>
- <span class="p">{</span>
- <span class="n">Method</span> <span class="n">method</span> <span class="o">=</span> <span class="n">accessDecisionVoterContext</span><span class="o">.</span><span class="sr"><InvocationContext></span><span class="n">getSource</span><span class="p">()</span><span class="o">.</span><span class="n">getMethod</span><span class="p">();</span>
-
- <span class="sr">//</span><span class="o">...</span>
- <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="kd">public</span> <span class="kd">class</span> <span class="nc">CustomAccessDecisionVoter</span> <span class="kd">implements</span> <span class="n">AccessDecisionVoter</span>
+<span class="o">{</span>
+ <span class="nd">@Override</span>
+ <span class="kd">public</span> <span class="n">Set</span><span class="o"><</span><span class="n">SecurityViolation</span><span class="o">></span> <span class="n">checkPermission</span><span class="o">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">accessDecisionVoterContext</span><span class="o">)</span>
+ <span class="o">{</span>
+ <span class="n">Method</span> <span class="n">method</span> <span class="o">=</span> <span class="n">accessDecisionVoterContext</span><span class="o">.<</span><span class="n">InvocationContext</span><span class="o">></span><span class="n">getSource</span><span class="o">().</span><span class="na">getMethod</span><span class="o">();</span>
+
+ <span class="c1">//...</span>
+ <span class="o">}</span>
+<span class="o">}</span>
</pre></div>
<p>[TODO] hint about the changed parameter/s</p>
-<h3 id="securityviolation">SecurityViolation</h3>
+<h2 id="securityviolation">SecurityViolation</h2>
<p>In case of a detected violation a <code>SecurityViolation</code> has to be added to the result returned by the <code>AccessDecisionVoter</code>.</p>
<p>[TODO] AbstractAccessDecisionVoter</p>
-<h3 id="secured-and-stereotypes-with-custom-meta-data">@Secured and Stereotypes with custom Meta-data</h3>
+<h2 id="secured-and-stereotypes-with-custom-meta-data">@Secured and Stereotypes with custom Meta-data</h2>
<p>If there are multiple <code>AccessDecisionVoter</code> and maybe in different constellations, it's easier to provide an expressive CDI stereotypes for it. Later on that also allows to change the behaviour in a central place.</p>
<p>Stereotype support of @Secured:</p>
-<div class="codehilite"><pre><span class="nv">@Named</span>
-<span class="nv">@Admin</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">MyBean</span> <span class="n">implements</span> <span class="n">Serializable</span>
-<span class="p">{</span>
- <span class="sr">//</span><span class="o">...</span>
-<span class="p">}</span>
-
-<span class="sr">//</span><span class="o">...</span>
-<span class="nv">@Stereotype</span>
-<span class="nv">@Secured</span><span class="p">(</span><span class="n">RoleAccessDecisionVoter</span><span class="o">.</span><span class="n">class</span><span class="p">)</span>
-<span class="n">public</span> <span class="nv">@interface</span> <span class="n">Admin</span>
-<span class="p">{</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@Named</span>
+<span class="nd">@Admin</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">MyBean</span> <span class="kd">implements</span> <span class="n">Serializable</span>
+<span class="o">{</span>
+ <span class="c1">//...</span>
+<span class="o">}</span>
+
+<span class="c1">//...</span>
+<span class="nd">@Stereotype</span>
+<span class="nd">@Secured</span><span class="o">(</span><span class="n">RoleAccessDecisionVoter</span><span class="o">.</span><span class="na">class</span><span class="o">)</span>
+<span class="kd">public</span> <span class="nd">@interface</span> <span class="n">Admin</span>
+<span class="o">{</span>
+<span class="o">}</span>
</pre></div>
<p>Furthermore, it's possible to provide custom meta-data easily.</p>
<p>Stereotype of @Secured with custom meta-data:</p>
-<div class="codehilite"><pre><span class="nv">@Named</span>
-<span class="nv">@Admin</span><span class="p">(</span><span class="n">securityLevel</span><span class="o">=</span><span class="mi">3</span><span class="p">)</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">MyBean</span> <span class="n">implements</span> <span class="n">Serializable</span>
-<span class="p">{</span>
- <span class="sr">//</span><span class="o">...</span>
-<span class="p">}</span>
-
-<span class="sr">//</span><span class="o">...</span>
-<span class="nv">@Stereotype</span>
-<span class="nv">@Secured</span><span class="p">(</span><span class="n">RoleAccessDecisionVoter</span><span class="o">.</span><span class="n">class</span><span class="p">)</span>
-<span class="n">public</span> <span class="nv">@interface</span> <span class="n">Admin</span>
-<span class="p">{</span>
- <span class="nb">int</span> <span class="n">securityLevel</span><span class="p">();</span>
-<span class="p">}</span>
-
-<span class="nv">@ApplicationScoped</span>
-<span class="n">public</span> <span class="n">class</span> <span class="n">RoleAccessDecisionVoter</span> <span class="n">implements</span> <span class="n">AccessDecisionVoter</span>
-<span class="p">{</span>
- <span class="n">private</span> <span class="n">static</span> <span class="n">final</span> <span class="n">long</span> <span class="n">serialVersionUID</span> <span class="o">=</span> <span class="o">-</span><span class="mi">8007511215776345835</span><span class="n">L</span><span class="p">;</span>
-
- <span class="n">public</span> <span class="n">Set</span><span class="sr"><SecurityViolation></span> <span class="n">checkPermission</span><span class="p">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">voterContext</span><span class="p">)</span>
- <span class="p">{</span>
- <span class="n">Admin</span> <span class="n">admin</span> <span class="o">=</span> <span class="n">voterContext</span><span class="o">.</span><span class="n">getMetaDataFor</span><span class="p">(</span><span class="n">Admin</span><span class="o">.</span><span class="n">class</span><span class="o">.</span><span class="n">getName</span><span class="p">(),</span> <span class="n">Admin</span><span class="o">.</span><span class="n">class</span><span class="p">);</span>
- <span class="nb">int</span> <span class="n">level</span> <span class="o">=</span> <span class="n">admin</span><span class="o">.</span><span class="n">securityLevel</span><span class="p">();</span>
- <span class="sr">//</span><span class="o">...</span>
- <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@Named</span>
+<span class="nd">@Admin</span><span class="o">(</span><span class="n">securityLevel</span><span class="o">=</span><span class="mi">3</span><span class="o">)</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">MyBean</span> <span class="kd">implements</span> <span class="n">Serializable</span>
+<span class="o">{</span>
+ <span class="c1">//...</span>
+<span class="o">}</span>
+
+<span class="c1">//...</span>
+<span class="nd">@Stereotype</span>
+<span class="nd">@Secured</span><span class="o">(</span><span class="n">RoleAccessDecisionVoter</span><span class="o">.</span><span class="na">class</span><span class="o">)</span>
+<span class="kd">public</span> <span class="nd">@interface</span> <span class="n">Admin</span>
+<span class="o">{</span>
+ <span class="kt">int</span> <span class="nf">securityLevel</span><span class="o">();</span>
+<span class="o">}</span>
+
+<span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">RoleAccessDecisionVoter</span> <span class="kd">implements</span> <span class="n">AccessDecisionVoter</span>
+<span class="o">{</span>
+ <span class="kd">private</span> <span class="kd">static</span> <span class="kd">final</span> <span class="kt">long</span> <span class="n">serialVersionUID</span> <span class="o">=</span> <span class="o">-</span><span class="mi">8007511215776345835L</span><span class="o">;</span>
+
+ <span class="kd">public</span> <span class="n">Set</span><span class="o"><</span><span class="n">SecurityViolation</span><span class="o">></span> <span class="n">checkPermission</span><span class="o">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">voterContext</span><span class="o">)</span>
+ <span class="o">{</span>
+ <span class="n">Admin</span> <span class="n">admin</span> <span class="o">=</span> <span class="n">voterContext</span><span class="o">.</span><span class="na">getMetaDataFor</span><span class="o">(</span><span class="n">Admin</span><span class="o">.</span><span class="na">class</span><span class="o">.</span><span class="na">getName</span><span class="o">(),</span> <span class="n">Admin</span><span class="o">.</span><span class="na">class</span><span class="o">);</span>
+ <span class="kt">int</span> <span class="n">level</span> <span class="o">=</span> <span class="n">admin</span><span class="o">.</span><span class="na">securityLevel</span><span class="o">();</span>
+ <span class="c1">//...</span>
+ <span class="o">}</span>
+<span class="o">}</span>
</pre></div>
-<h2 id="accessdecisionvotercontext">AccessDecisionVoterContext</h2>
+<h1 id="accessdecisionvotercontext">AccessDecisionVoterContext</h1>
<p>[TODO]</p>
<h2 id="securitystrategy-spi">SecurityStrategy SPI</h2>
<p>[TODO]</p>