You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by bu...@apache.org on 2014/04/28 13:53:28 UTC
svn commit: r907149 - in /websites/staging/deltaspike/trunk/content: ./
security.html
Author: buildbot
Date: Mon Apr 28 11:53:28 2014
New Revision: 907149
Log:
Staging update by buildbot for deltaspike
Modified:
websites/staging/deltaspike/trunk/content/ (props changed)
websites/staging/deltaspike/trunk/content/security.html
Propchange: websites/staging/deltaspike/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Apr 28 11:53:28 2014
@@ -1 +1 @@
-1590610
+1590613
Modified: websites/staging/deltaspike/trunk/content/security.html
==============================================================================
--- websites/staging/deltaspike/trunk/content/security.html (original)
+++ websites/staging/deltaspike/trunk/content/security.html Mon Apr 28 11:53:28 2014
@@ -78,13 +78,31 @@
<div class="page-title">
<h1>DeltaSpike Security Module</h1>
</div>
- <div class="toc">
+ <p>Title: DeltaSpike Security Module
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.</p>
+<div class="toc">
<ul>
<li><a href="#securitybinding-for-class-and-method-invocations">SecurityBinding for class and method invocations</a></li>
<li><a href="#integrating-3rd-party-security-frameworks">Integrating 3rd party security frameworks</a><ul>
<li><a href="#secured">@Secured</a></li>
<li><a href="#accessdecisionvoter">AccessDecisionVoter</a></li>
<li><a href="#securityviolation">SecurityViolation</a></li>
+<li><a href="#abstractaccessdecisionvoter">AbstractAccessDecisionVoter</a></li>
<li><a href="#secured-and-stereotypes-with-custom-meta-data">@Secured and Stereotypes with custom Meta-data</a></li>
</ul>
</li>
@@ -279,7 +297,23 @@ It's a basic hook to integrate a custom
<p>[TODO] hint about the changed parameter/s</p>
<h2 id="securityviolation">SecurityViolation</h2>
<p>In case of a detected violation a <code>SecurityViolation</code> has to be added to the result returned by the <code>AccessDecisionVoter</code>.</p>
-<p>[TODO] AbstractAccessDecisionVoter</p>
+<h2 id="abstractaccessdecisionvoter">AbstractAccessDecisionVoter</h2>
+<p>You can also implement the abstract class <code>AbstractAccessDecisionVoter</code>. This is a convenience class which allows an easier usage:</p>
+<p>Example:
+ :::java
+ public class CustomAccessDecisionVoter extends AbstractAccessDecisionVoter
+ {</p>
+<div class="codehilite"><pre> <span class="p">@</span><span class="n">Override</span>
+ <span class="n">protected</span> <span class="n">void</span> <span class="n">checkPermission</span><span class="p">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">accessDecisionVoterContext</span><span class="p">,</span>
+ <span class="n">Set</span><span class="o"><</span><span class="n">SecurityViolation</span><span class="o">></span> <span class="n">violations</span><span class="p">)</span>
+ <span class="p">{</span>
+ <span class="o">//</span> <span class="n">check</span> <span class="k">for</span> <span class="n">violations</span>
+ <span class="n">violations</span><span class="p">.</span><span class="n">add</span><span class="p">(</span><span class="n">newSecurityViolation</span><span class="p">(</span>"<span class="n">access</span> <span class="n">not</span> <span class="n">allowed</span> <span class="n">due</span> <span class="n">to</span> <span class="p">...</span>"<span class="p">));</span>
+ <span class="p">}</span>
+<span class="p">}</span>
+</pre></div>
+
+
<h2 id="secured-and-stereotypes-with-custom-meta-data">@Secured and Stereotypes with custom Meta-data</h2>
<p>If there are multiple <code>AccessDecisionVoter</code> and maybe in different constellations, it's easier to provide an expressive CDI stereotypes for it. Later on that also allows to change the behaviour in a central place.</p>
<p>Stereotype support of @Secured:</p>
@@ -332,9 +366,21 @@ It's a basic hook to integrate a custom
<h1 id="accessdecisionvotercontext">AccessDecisionVoterContext</h1>
-<p>[TODO]</p>
+<p>Because the <code>AccessDecisionVoter</code> can be chained, <code>AccessDecisionVoterContext</code> allows to get the current state as well as the results of the security check.</p>
+<p>There are several methods that can be useful</p>
+<ul>
+<li><code>getState()</code> - Exposes the current state : INITIAL, VOTE_IN_PROGRESS, VIOLATION_FOUND, NO_VIOLATION_FOUND</li>
+<li><code>getViolations()</code> - Exposes the found violations</li>
+<li><code>getSource()</code> - Exposes e.g. the current instance of <code>javax.interceptor.InvocationContext</code> in combination with <code>@Secured</code> used as interceptor.</li>
+<li><code>getMetaData()</code> - Exposes the found meta-data e.g. the view-config-class if <code>@Secured</code> is used in combination with type-safe view-configs</li>
+<li><code>getMetaDataFor(String, Class<T>)</code> - Exposes meta-data for the given key </li>
+</ul>
<h2 id="securitystrategy-spi">SecurityStrategy SPI</h2>
-<p>[TODO]</p>
+<p>The <code>SecurityStrategy</code> interface allows to provide a custom implementation which should be used for <code>@Secured</code>.
+Provide a custom implementation as bean-class in combination with <code>@Alternative</code> or <code>@Specializes</code> (or as global-alternative).</p>
+<p>In case of global-alternatives an additional config needs to be added to <code>/META-INF/apache-deltaspike.properties</code> - e.g.:</p>
+<p><code>globalAlternatives.org.apache.deltaspike.security.spi.authorization.SecurityStrategy=mypackage.CustomSecurityStrategy</code></p>
+<p><strong>Note</strong>: The config for global-alternatives is following the pattern: globalAlternatives.<code><interface-name></code>=<code><implementation-class-name></code></p>
</div>
</div>