You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by gp...@apache.org on 2012/03/28 00:06:39 UTC
[1/5] git commit: DELTASPIKE-127 credential based authentication
Updated Branches:
refs/heads/master 6f5ff2042 -> 1a2c7ffd0
DELTASPIKE-127 credential based authentication
Project: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/commit/1a2c7ffd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/tree/1a2c7ffd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/diff/1a2c7ffd
Branch: refs/heads/master
Commit: 1a2c7ffd0d0a1ad3dea34515a54958f0a6ce2932
Parents: 6f5ff20
Author: gpetracek <gp...@apache.org>
Authored: Fri Mar 23 22:22:44 2012 +0100
Committer: gpetracek <gp...@apache.org>
Committed: Tue Mar 27 23:58:59 2012 +0200
----------------------------------------------------------------------
.../deltaspike/core/util/ExceptionUtils.java | 8 +-
.../security/api/AccessDecisionState.java | 27 --
.../security/api/AccessDecisionVoter.java | 44 --
.../security/api/AccessDecisionVoterContext.java | 63 ---
.../security/api/AccessDeniedException.java | 51 ---
.../security/api/AuthenticationException.java | 37 --
.../security/api/AuthenticatorSelector.java | 37 --
.../security/api/AuthorizationException.java | 39 --
.../deltaspike/security/api/BaseAuthenticator.java | 57 ---
.../apache/deltaspike/security/api/Credential.java | 27 --
.../deltaspike/security/api/CredentialType.java | 27 --
.../deltaspike/security/api/Credentials.java | 41 --
.../org/apache/deltaspike/security/api/Group.java | 25 -
.../apache/deltaspike/security/api/Identity.java | 82 +----
.../org/apache/deltaspike/security/api/Role.java | 24 -
.../security/api/SecurityDefinitionException.java | 46 --
.../deltaspike/security/api/SecurityViolation.java | 34 --
.../org/apache/deltaspike/security/api/User.java | 18 +-
.../security/api/annotation/LoggedIn.java | 38 --
.../security/api/annotation/Secured.java | 54 ---
.../security/api/annotation/Secures.java | 34 --
.../api/annotation/SecurityBindingType.java | 38 --
.../authentication/AuthenticationException.java | 37 ++
.../UnexpectedCredentialException.java | 34 ++
.../events/AlreadyLoggedInEvent.java | 28 ++
.../api/authentication/events/LoggedInEvent.java | 27 ++
.../authentication/events/LoginFailedEvent.java | 38 ++
.../events/PostAuthenticateEvent.java | 28 ++
.../authentication/events/PostLoggedOutEvent.java | 39 ++
.../events/PreAuthenticateEvent.java | 27 ++
.../authentication/events/PreLoggedOutEvent.java | 39 ++
.../api/authorization/AccessDecisionState.java | 27 ++
.../api/authorization/AccessDecisionVoter.java | 45 ++
.../authorization/AccessDecisionVoterContext.java | 63 +++
.../api/authorization/AccessDeniedException.java | 51 +++
.../api/authorization/AuthorizationException.java | 39 ++
.../authorization/SecurityDefinitionException.java | 46 ++
.../api/authorization/SecurityViolation.java | 34 ++
.../api/authorization/annotation/Secured.java | 53 +++
.../api/authorization/annotation/Secures.java | 34 ++
.../annotation/SecurityBindingType.java | 38 ++
.../security/api/credential/Credential.java | 27 ++
.../security/api/credential/LoginCredential.java | 36 ++
.../security/api/events/AlreadyLoggedInEvent.java | 28 --
.../api/events/AuthorizationCheckEvent.java | 60 ---
.../api/events/CredentialsInitializedEvent.java | 46 --
.../api/events/CredentialsUpdatedEvent.java | 29 --
.../api/events/DeferredAuthenticationEvent.java | 40 --
.../security/api/events/LoggedInEvent.java | 40 --
.../security/api/events/LoginFailedEvent.java | 38 --
.../security/api/events/NotAuthorizedEvent.java | 28 --
.../security/api/events/NotLoggedInEvent.java | 28 --
.../security/api/events/PostAuthenticateEvent.java | 28 --
.../security/api/events/PostLoggedOutEvent.java | 39 --
.../security/api/events/PreAuthenticateEvent.java | 27 --
.../security/api/events/PreLoggedOutEvent.java | 27 --
.../security/api/events/QuietLoginEvent.java | 27 --
.../api/events/UserAuthenticatedEvent.java | 37 --
.../deltaspike/security/spi/Authenticator.java | 43 --
.../spi/EditableAccessDecisionVoterContext.java | 55 ---
.../deltaspike/security/spi/SecurityStrategy.java | 28 --
.../security/spi/authentication/Authenticator.java | 43 ++
.../spi/authentication/AuthenticatorSelector.java | 35 ++
.../spi/authentication/BaseAuthenticator.java | 43 ++
.../EditableAccessDecisionVoterContext.java | 55 +++
.../spi/authorization/SecurityStrategy.java | 29 ++
.../security/impl/AuthenticatorSelectorImpl.java | 149 -------
.../deltaspike/security/impl/Authorizer.java | 206 ---------
.../deltaspike/security/impl/CredentialsImpl.java | 157 -------
.../impl/DefaultAccessDecisionVoterContext.java | 150 -------
.../security/impl/DefaultSecurityStrategy.java | 52 ---
.../deltaspike/security/impl/IdentityImpl.java | 345 ---------------
.../security/impl/PasswordCredential.java | 122 -----
.../security/impl/RequestSecurityState.java | 62 ---
.../security/impl/SecuredAnnotationAuthorizer.java | 153 -------
.../security/impl/SecurityExtension.java | 286 ------------
.../security/impl/SecurityInterceptor.java | 46 --
.../security/impl/SecurityInterceptorBinding.java | 40 --
.../impl/SecurityInterceptorBindingLiteral.java | 32 --
.../security/impl/SecurityMetaDataStorage.java | 238 ----------
.../deltaspike/security/impl/SecurityUtils.java | 90 ----
.../security/impl/SimpleCredentialType.java | 36 --
.../DefaultAuthenticatorSelector.java | 134 ++++++
.../impl/authentication/DefaultIdentity.java | 224 ++++++++++
.../security/impl/authorization/Authorizer.java | 206 +++++++++
.../DefaultAccessDecisionVoterContext.java | 150 +++++++
.../authorization/DefaultSecurityStrategy.java | 52 +++
.../authorization/SecuredAnnotationAuthorizer.java | 153 +++++++
.../impl/authorization/SecurityExtension.java | 286 ++++++++++++
.../impl/authorization/SecurityInterceptor.java | 46 ++
.../authorization/SecurityInterceptorBinding.java | 39 ++
.../SecurityInterceptorBindingLiteral.java | 32 ++
.../authorization/SecurityMetaDataStorage.java | 238 ++++++++++
.../security/impl/authorization/SecurityUtils.java | 90 ++++
.../impl/credential/DefaultLoginCredential.java | 93 ++++
.../security/impl/jaas/JaasAuthenticator.java | 143 ------
.../security/impl/management/IdmAuthenticator.java | 60 ---
.../impl/src/main/resources/META-INF/beans.xml | 2 +-
.../services/javax.enterprise.inject.spi.Extension | 2 +-
.../authentication/FailedLoginFailedObserver.java | 40 ++
.../impl/authentication/InMemoryUserStorage.java | 40 ++
.../test/security/impl/authentication/Inquiry.java | 24 +
.../security/impl/authentication/InquiryEntry.java | 78 ++++
.../impl/authentication/InquiryStorage.java | 24 +
.../impl/authentication/LoginLogoutTest.java | 171 +++++++
.../impl/authentication/NewProductInquiry.java | 58 +++
.../test/security/impl/authentication/Shop.java | 43 ++
.../security/impl/authentication/ShopClient.java | 64 +++
.../impl/authentication/TestAuthenticator.java | 61 +++
.../impl/authentication/TestInquiryStorage.java | 61 +++
.../secured/SecuredAnnotationTest.java | 120 +++++
.../impl/authorization/secured/SecuredBean1.java | 38 ++
.../impl/authorization/secured/SecuredBean2.java | 36 ++
.../impl/authorization/secured/SecuredBean3.java | 39 ++
.../secured/SecuredBeanWithStereotype.java | 39 ++
.../secured/TestAccessDecisionVoter.java | 66 +++
.../impl/secured/SecuredAnnotationTest.java | 120 -----
.../test/security/impl/secured/SecuredBean1.java | 38 --
.../test/security/impl/secured/SecuredBean2.java | 36 --
.../test/security/impl/secured/SecuredBean3.java | 39 --
.../impl/secured/SecuredBeanWithStereotype.java | 39 --
.../impl/secured/TestAccessDecisionVoter.java | 66 ---
.../apache/deltaspike/test/util/ArchiveUtils.java | 6 +-
123 files changed, 3777 insertions(+), 4177 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/util/ExceptionUtils.java
----------------------------------------------------------------------
diff --git a/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/util/ExceptionUtils.java b/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/util/ExceptionUtils.java
index 051631a..9746dfd 100644
--- a/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/util/ExceptionUtils.java
+++ b/deltaspike/core/api/src/main/java/org/apache/deltaspike/core/util/ExceptionUtils.java
@@ -30,10 +30,16 @@ public abstract class ExceptionUtils
// prevent instantiation
}
+ public static void throwAsRuntimeException(Throwable throwable)
+ {
+ //Attention: helper which allows to use a trick to throw a cached checked exception without a wrapping exception
+ new ExceptionHelper<RuntimeException>().throwException(throwable);
+ }
+
public static void changeAndThrowException(Throwable throwable, String customMessage)
{
Throwable newThrowable = createNewException(throwable, customMessage);
- //helper which allows to
+ //Attention: helper which allows to use a trick to throw a cached checked exception without a wrapping exception
new ExceptionHelper<RuntimeException>().throwException(newThrowable);
}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionState.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionState.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionState.java
deleted file mode 100644
index f6ec581..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionState.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-/**
- * State-enum for {@link AccessDecisionVoterContext}
- */
-public enum AccessDecisionState
-{
- INITIAL, VOTE_IN_PROGRESS, VIOLATION_FOUND, NO_VIOLATION_FOUND
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoter.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoter.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoter.java
deleted file mode 100644
index 69fb913..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoter.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-import java.io.Serializable;
-import java.util.Set;
-
-/**
- * Interface for implementing concrete voters.
- * A voter has to add an instance of
- * {@link SecurityViolation} to the given result-set,
- * if a restriction is detected.<p/>
- * A voter has to be used in combination with {@link org.apache.deltaspike.security.api.annotation.Secured}.<p/>
- * A voter can use every scope which is active. It's recommended to use
- * {@link javax.enterprise.context.ApplicationScoped} for stateless voters and e.g.
- * {@link javax.enterprise.context.RequestScoped} otherwise.
- */
-public interface AccessDecisionVoter extends Serializable
-{
- /**
- * Checks the permission for the given {@link javax.interceptor.InvocationContext}.
- * If a violation is detected, it should be added to a set which gets returned by the method.
- *
- * @param accessDecisionVoterContext current access-decision-voter-context
- * @return a set which contains violations which have been detected
- */
- Set<SecurityViolation> checkPermission(AccessDecisionVoterContext accessDecisionVoterContext);
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoterContext.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoterContext.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoterContext.java
deleted file mode 100644
index 91daaca..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDecisionVoterContext.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-import java.util.List;
-import java.util.Map;
-
-/**
- * Optional context which allows to get the current state as well as the results of the security check.
- * (Optional because it requires a useful scope which depends on the environment.)
- */
-public interface AccessDecisionVoterContext
-{
- /**
- * Exposes the current state
- * @return current state
- */
- AccessDecisionState getState();
-
- /**
- * Exposes the found violations
- * @return found violations
- */
- List<SecurityViolation> getViolations();
-
- /**
- * TODO review it (this method is new)
- * Exposes the source e.g. {@link javax.interceptor.InvocationContext}
- * @return the source which triggered the
- */
- <T> T getSource();
-
- /**
- * Exposes the found meta-data
- * @return found meta-data
- */
- Map<String, Object> getMetaData();
-
- /**
- * Exposes meta-data for the given key
- * @param key meta-data key
- * @param targetType target type
- * @param <T> target type
- * @return meta-data for the given key or null if there is no value for the given key
- */
- <T> T getMetaDataFor(String key, Class<T> targetType);
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDeniedException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDeniedException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDeniedException.java
deleted file mode 100644
index 9ec7ccb..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AccessDeniedException.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-import java.util.Set;
-
-/**
- * Exception occurs in case of a security-violation.
- * It's aware of the reason for the violation as well as the error-view which should be used to display the restriction.
- */
-public class AccessDeniedException extends SecurityException
-{
- private static final long serialVersionUID = -4066763895951237969L;
-
- private Set<SecurityViolation> violations;
-
- /**
- * Constructor for creating the exception for the given violations and error-view
- * @param violations current violations
- */
- public AccessDeniedException(Set<SecurityViolation> violations)
- {
- this.violations = violations;
- }
-
- /**
- * All {@link SecurityViolation} which were found by a {@link AccessDecisionVoter}
- *
- * @return all security-violations
- */
- public Set<SecurityViolation> getViolations()
- {
- return violations;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthenticationException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthenticationException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthenticationException.java
deleted file mode 100644
index edb1731..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthenticationException.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-/**
- * Thrown if there is an error during the authentication process
- */
-public class AuthenticationException extends SecurityException
-{
- private static final long serialVersionUID = -7486433031372506270L;
-
- public AuthenticationException(String message)
- {
- super(message);
- }
-
- public AuthenticationException(String message, Throwable cause)
- {
- super(message, cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthenticatorSelector.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthenticatorSelector.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthenticatorSelector.java
deleted file mode 100644
index 5931a99..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthenticatorSelector.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-import org.apache.deltaspike.security.spi.Authenticator;
-
-/**
- * Selects which Authenticator implementation is used to manage the authentication process
- */
-public interface AuthenticatorSelector
-{
- Class<? extends Authenticator> getAuthenticatorClass();
-
- void setAuthenticatorClass(Class<? extends Authenticator> authenticatorClass);
-
- String getAuthenticatorName();
-
- void setAuthenticatorName(String authenticatorName);
-
- Authenticator getSelectedAuthenticator();
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthorizationException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthorizationException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthorizationException.java
deleted file mode 100644
index 6b36300..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/AuthorizationException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.deltaspike.security.api;
-
-/**
- * Thrown when an authenticated user has insufficient privileges to perform an operation.
- *
- */
-public class AuthorizationException extends SecurityException
-{
- private static final long serialVersionUID = -981091398588455903L;
-
- public AuthorizationException(String message)
- {
- super(message);
- }
-
- public AuthorizationException(String message, Throwable cause)
- {
- super(message, cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/BaseAuthenticator.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/BaseAuthenticator.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/BaseAuthenticator.java
deleted file mode 100644
index fbbe5de..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/BaseAuthenticator.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-import org.apache.deltaspike.security.spi.Authenticator;
-
-/**
- * Abstract base class that Authenticator implementations can extend for convenience.
- *
- */
-public abstract class BaseAuthenticator implements Authenticator
-{
- private AuthenticationStatus status;
-
- private User user;
-
- public AuthenticationStatus getStatus()
- {
- return status;
- }
-
- public void setStatus(AuthenticationStatus status)
- {
- this.status = status;
- }
-
- public User getUser()
- {
- return user;
- }
-
- public void setUser(User user)
- {
- this.user = user;
- }
-
- public void postAuthenticate()
- {
- // No-op, override if any post-authentication processing is required.
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Credential.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Credential.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Credential.java
deleted file mode 100644
index 910101e..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Credential.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-/**
- * Contains a single credential, such as a password
- */
-public interface Credential
-{
- CredentialType getType();
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/CredentialType.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/CredentialType.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/CredentialType.java
deleted file mode 100644
index 779504b..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/CredentialType.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-/**
- * Represents a single credential type
- */
-public interface CredentialType
-{
- String getName();
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Credentials.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Credentials.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Credentials.java
deleted file mode 100644
index 3d5fb7f..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Credentials.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-/**
- * Represents the credentials the current user will use to authenticate
- */
-public interface Credentials
-{
- String getUsername();
-
- void setUsername(String username);
-
- Credential getCredential();
-
- void setCredential(Credential credential);
-
- boolean isSet();
-
- boolean isInvalid();
-
- void invalidate();
-
- void clear();
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Group.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Group.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Group.java
deleted file mode 100644
index baed430..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Group.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.deltaspike.security.api;
-
-public interface Group
-{
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Identity.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Identity.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Identity.java
index 71f1d6b..3003c63 100644
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Identity.java
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Identity.java
@@ -18,20 +18,17 @@
*/
package org.apache.deltaspike.security.api;
-import java.util.Set;
-
-import org.apache.deltaspike.security.api.annotation.LoggedIn;
-import org.apache.deltaspike.security.api.annotation.Secures;
+import java.io.Serializable;
/**
* Represents the identity of the current user, and provides an API for authentication and authorization.
*
*/
-public interface Identity
+public interface Identity extends Serializable
{
public enum AuthenticationResult
{
- success, failed, exception
+ SUCCESS, FAILED
}
/**
@@ -39,34 +36,8 @@ public interface Identity
*
* @return true if the user is logged in
*/
- @Secures
- @LoggedIn
boolean isLoggedIn();
- /**
- * Returns true if the currently authenticated user has provided their correct credentials
- * within the verification window configured by the application.
- *
- * @return true if the current user is verified
- */
- boolean isVerified();
-
- /**
- * Will attempt to authenticate quietly if the user's credentials are set and they haven't
- * authenticated already. A quiet authentication doesn't throw any exceptions or create any
- * system messages if authentication fails.
- *
- * This method is intended to be used primarily as an internal API call, however has been made
- * public for convenience.
- *
- */
- void quietLogin();
-
- /**
- * Returns the currently authenticated user
- *
- * @return
- */
User getUser();
/**
@@ -78,11 +49,11 @@ public interface Identity
* org.jboss.seam.security.events.LoginFailedEvent - raised when authentication fails
* org.jboss.seam.security.events.AlreadyLoggedInEvent - raised if the user is already authenticated
*
- * @return AuthenticationResult returns success if user is authenticated,
- * failed if authentication failed, or
- * exception if an exception occurred during authentication. These response
+ * @return AuthenticationResult returns SUCCESS if user is authenticated,
+ * FAILED if authentication FAILED, or
+ * EXCEPTION if an EXCEPTION occurred during authentication. These response
* values may be used to control user navigation. For deferred authentication methods, such as Open ID
- * the login() method will return an immediate result of failed (and subsequently fire
+ * the login() method will return an immediate result of FAILED (and subsequently fire
* a LoginFailedEvent) however in these conditions it is the responsibility of the Authenticator
* implementation to take over the authentication process, for example by redirecting the user to
* a third party authentication service such as an OpenID provider.
@@ -93,43 +64,4 @@ public interface Identity
* Logs out the currently authenticated user
*/
void logout();
-
- /**
- * Checks if the authenticated user is a member of the specified role.
- *
- * @param role String The name of the role to check
- * @return boolean True if the user is a member of the specified role
- */
- boolean hasRole(String role, String group, String groupType);
-
- /**
- * Checks if the authenticated user is a member of the specified group
- *
- * @param name The name of the group
- * @param groupType The type of the group, e.g. "office", "department", "global role", etc
- * @return true if the user is a member of the group
- */
- boolean inGroup(String name, String groupType);
-
- /**
- * Checks if the currently authenticated user has the necessary permission for
- * a specific resource.
- *
- * @return true if the user has the required permission, otherwise false
- */
- boolean hasPermission(Object resource, String permission);
-
- /**
- * Returns an immutable set containing all the current user's granted roles
- *
- * @return
- */
- Set<Role> getRoles();
-
- /**
- * Returns an immutable set containing all the current user's group memberships
- *
- * @return
- */
- Set<Group> getGroups();
}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Role.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Role.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Role.java
deleted file mode 100644
index 191479f..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/Role.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-public interface Role
-{
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityDefinitionException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityDefinitionException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityDefinitionException.java
deleted file mode 100644
index 14caa9d..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityDefinitionException.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.deltaspike.security.api;
-
-/**
- * This exception is thrown when a security-related configuration error is detected,
- * such as a missing or ambiguous security binding type
- *
- * @author Shane Bryzak
- */
-public class SecurityDefinitionException extends SecurityException
-{
- private static final long serialVersionUID = -5683365417825375411L;
-
- public SecurityDefinitionException(String message)
- {
- super(message);
- }
-
- public SecurityDefinitionException(Throwable cause)
- {
- super(cause);
- }
-
- public SecurityDefinitionException(String message, Throwable cause)
- {
- super(message, cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityViolation.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityViolation.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityViolation.java
deleted file mode 100644
index c2f688e..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/SecurityViolation.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api;
-
-import java.io.Serializable;
-
-/**
- * Provides the concrete reason for the restriction.
- */
-public interface SecurityViolation extends Serializable
-{
- /**
- * Provides a description of the violation.
- *
- * @return description of the violation
- */
- String getReason();
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/User.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/User.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/User.java
index 9669d8c..127fbb0 100644
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/User.java
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/User.java
@@ -18,7 +18,23 @@
*/
package org.apache.deltaspike.security.api;
-public interface User
+import javax.enterprise.inject.Typed;
+import java.io.Serializable;
+
+@Typed()
+public class User implements Serializable
{
+ private static final long serialVersionUID = -2234530384311026364L;
+
+ private final String id;
+
+ public User(String id)
+ {
+ this.id = id;
+ }
+ public String getId()
+ {
+ return id;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/LoggedIn.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/LoggedIn.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/LoggedIn.java
deleted file mode 100644
index fde40c9..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/LoggedIn.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api.annotation;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * Built-in security binding type, used to restrict a method invocation to
- * users that are logged in
- *
- */
-@SecurityBindingType
-@Retention(RetentionPolicy.RUNTIME)
-@Target({ ElementType.TYPE, ElementType.METHOD, ElementType.FIELD })
-@Documented
-public @interface LoggedIn
-{
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/Secured.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/Secured.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/Secured.java
deleted file mode 100644
index 074de29..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/Secured.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.api.annotation;
-
-import javax.enterprise.util.Nonbinding;
-
-import org.apache.deltaspike.security.api.AccessDecisionVoter;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
-import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
-import static java.lang.annotation.ElementType.METHOD;
-import static java.lang.annotation.ElementType.TYPE;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
-
-/**
- * Interceptor for securing beans.
- * It's also possible to use it as meta-annotation for type-safe view-configs.
- */
-@Target({ TYPE, METHOD, ANNOTATION_TYPE })
-@Retention(RUNTIME)
-@Documented
-
-//cdi annotations
-@SecurityBindingType
-public @interface Secured
-{
- /**
- * {@link AccessDecisionVoter}s which will be invoked before accessing the intercepted instance or in case of
- * view-configs before a view gets used.
- *
- * @return the configured access-decision-voters which should be used for the voting process
- */
- @Nonbinding
- Class<? extends AccessDecisionVoter>[] value();
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/Secures.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/Secures.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/Secures.java
deleted file mode 100644
index e0498ef..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/Secures.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.deltaspike.security.api.annotation;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * This annotation is used to delegate a method as the provider for a specific authorization check
- */
-@Target(ElementType.METHOD)
-@Retention(RetentionPolicy.RUNTIME)
-public @interface Secures
-{
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/SecurityBindingType.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/SecurityBindingType.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/SecurityBindingType.java
deleted file mode 100644
index 98c4dae..0000000
--- a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/annotation/SecurityBindingType.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.deltaspike.security.api.annotation;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * Applied to an annotation to indicate that it is a security binding type
- *
- * @author Shane Bryzak
- */
-@Target(ElementType.TYPE)
-@Retention(RetentionPolicy.RUNTIME)
-@Documented
-public @interface SecurityBindingType
-{
-}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/AuthenticationException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/AuthenticationException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/AuthenticationException.java
new file mode 100644
index 0000000..0dac04b
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/AuthenticationException.java
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api.authentication;
+
+/**
+ * Thrown if there is an error during the authentication process
+ */
+public class AuthenticationException extends org.apache.deltaspike.security.api.SecurityException
+{
+ private static final long serialVersionUID = -7486433031372506270L;
+
+ public AuthenticationException(String message)
+ {
+ super(message);
+ }
+
+ public AuthenticationException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/UnexpectedCredentialException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/UnexpectedCredentialException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/UnexpectedCredentialException.java
new file mode 100644
index 0000000..7b51672
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/UnexpectedCredentialException.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api.authentication;
+
+public class UnexpectedCredentialException extends AuthenticationException
+{
+ private static final long serialVersionUID = 4827200587997989123L;
+
+ public UnexpectedCredentialException(String message)
+ {
+ super(message);
+ }
+
+ public UnexpectedCredentialException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/AlreadyLoggedInEvent.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/AlreadyLoggedInEvent.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/AlreadyLoggedInEvent.java
new file mode 100644
index 0000000..1bebded
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/AlreadyLoggedInEvent.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.security.api.authentication.events;
+
+/**
+ * This event is fired when an already authenticated user attempts to authenticate again
+ */
+public class AlreadyLoggedInEvent
+{
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/LoggedInEvent.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/LoggedInEvent.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/LoggedInEvent.java
new file mode 100644
index 0000000..4b6faa2
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/LoggedInEvent.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.security.api.authentication.events;
+
+/**
+ * This event is raised when user successfully logs in.
+ */
+public class LoggedInEvent
+{
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/LoginFailedEvent.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/LoginFailedEvent.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/LoginFailedEvent.java
new file mode 100644
index 0000000..3638ee1
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/LoginFailedEvent.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.security.api.authentication.events;
+
+/**
+ * This event is fired when an authentication attempt fails
+ */
+public class LoginFailedEvent
+{
+ private Exception loginException;
+
+ public LoginFailedEvent(Exception loginException)
+ {
+ this.loginException = loginException;
+ }
+
+ public Exception getLoginException()
+ {
+ return loginException;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PostAuthenticateEvent.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PostAuthenticateEvent.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PostAuthenticateEvent.java
new file mode 100644
index 0000000..7c6f89c
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PostAuthenticateEvent.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.security.api.authentication.events;
+
+/**
+ * This event is raised just after authentication
+ */
+public class PostAuthenticateEvent
+{
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PostLoggedOutEvent.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PostLoggedOutEvent.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PostLoggedOutEvent.java
new file mode 100644
index 0000000..f0db433
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PostLoggedOutEvent.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api.authentication.events;
+
+import org.apache.deltaspike.security.api.User;
+
+/**
+ * This event is raised just after the user un-authenticates
+ */
+public class PostLoggedOutEvent
+{
+ private User user;
+
+ public PostLoggedOutEvent(User user)
+ {
+ this.user = user;
+ }
+
+ public User getUser()
+ {
+ return user;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PreAuthenticateEvent.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PreAuthenticateEvent.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PreAuthenticateEvent.java
new file mode 100644
index 0000000..bbb9e18
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PreAuthenticateEvent.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api.authentication.events;
+
+/**
+ * This event is raised just before authentication.
+ */
+public class PreAuthenticateEvent
+{
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PreLoggedOutEvent.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PreLoggedOutEvent.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PreLoggedOutEvent.java
new file mode 100644
index 0000000..4eaf014
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authentication/events/PreLoggedOutEvent.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api.authentication.events;
+
+import org.apache.deltaspike.security.api.User;
+
+/**
+ * This event is raised just before the user un-authenticates
+ */
+public class PreLoggedOutEvent
+{
+ private User user;
+
+ public PreLoggedOutEvent(User user)
+ {
+ this.user = user;
+ }
+
+ public User getUser()
+ {
+ return user;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionState.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionState.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionState.java
new file mode 100644
index 0000000..0c0c215
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionState.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api.authorization;
+
+/**
+ * State-enum for {@link AccessDecisionVoterContext}
+ */
+public enum AccessDecisionState
+{
+ INITIAL, VOTE_IN_PROGRESS, VIOLATION_FOUND, NO_VIOLATION_FOUND
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionVoter.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionVoter.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionVoter.java
new file mode 100644
index 0000000..509f3f6
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionVoter.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api.authorization;
+
+import java.io.Serializable;
+import java.util.Set;
+
+/**
+ * Interface for implementing concrete voters.
+ * A voter has to add an instance of
+ * {@link SecurityViolation} to the given result-set,
+ * if a restriction is detected.<p/>
+ * A voter has to be used in combination with
+ * {@link org.apache.deltaspike.security.api.authorization.annotation.Secured}.<p/>
+ * A voter can use every scope which is active. It's recommended to use
+ * {@link javax.enterprise.context.ApplicationScoped} for stateless voters and e.g.
+ * {@link javax.enterprise.context.RequestScoped} otherwise.
+ */
+public interface AccessDecisionVoter extends Serializable
+{
+ /**
+ * Checks the permission for the given {@link javax.interceptor.InvocationContext}.
+ * If a violation is detected, it should be added to a set which gets returned by the method.
+ *
+ * @param accessDecisionVoterContext current access-decision-voter-context
+ * @return a set which contains violations which have been detected
+ */
+ Set<SecurityViolation> checkPermission(AccessDecisionVoterContext accessDecisionVoterContext);
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionVoterContext.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionVoterContext.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionVoterContext.java
new file mode 100644
index 0000000..fc875d5
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDecisionVoterContext.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api.authorization;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Optional context which allows to get the current state as well as the results of the security check.
+ * (Optional because it requires a useful scope which depends on the environment.)
+ */
+public interface AccessDecisionVoterContext
+{
+ /**
+ * Exposes the current state
+ * @return current state
+ */
+ AccessDecisionState getState();
+
+ /**
+ * Exposes the found violations
+ * @return found violations
+ */
+ List<SecurityViolation> getViolations();
+
+ /**
+ * TODO review it (this method is new)
+ * Exposes the source e.g. {@link javax.interceptor.InvocationContext}
+ * @return the source which triggered the
+ */
+ <T> T getSource();
+
+ /**
+ * Exposes the found meta-data
+ * @return found meta-data
+ */
+ Map<String, Object> getMetaData();
+
+ /**
+ * Exposes meta-data for the given key
+ * @param key meta-data key
+ * @param targetType target type
+ * @param <T> target type
+ * @return meta-data for the given key or null if there is no value for the given key
+ */
+ <T> T getMetaDataFor(String key, Class<T> targetType);
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java
new file mode 100644
index 0000000..834066b
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AccessDeniedException.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api.authorization;
+
+import java.util.Set;
+
+/**
+ * Exception occurs in case of a security-violation.
+ * It's aware of the reason for the violation as well as the error-view which should be used to display the restriction.
+ */
+public class AccessDeniedException extends org.apache.deltaspike.security.api.SecurityException
+{
+ private static final long serialVersionUID = -4066763895951237969L;
+
+ private Set<SecurityViolation> violations;
+
+ /**
+ * Constructor for creating the exception for the given violations and error-view
+ * @param violations current violations
+ */
+ public AccessDeniedException(Set<SecurityViolation> violations)
+ {
+ this.violations = violations;
+ }
+
+ /**
+ * All {@link SecurityViolation} which were found by a {@link AccessDecisionVoter}
+ *
+ * @return all security-violations
+ */
+ public Set<SecurityViolation> getViolations()
+ {
+ return violations;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java
new file mode 100644
index 0000000..5e7432f
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/AuthorizationException.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.security.api.authorization;
+
+/**
+ * Thrown when an authenticated user has insufficient privileges to perform an operation.
+ *
+ */
+public class AuthorizationException extends org.apache.deltaspike.security.api.SecurityException
+{
+ private static final long serialVersionUID = -981091398588455903L;
+
+ public AuthorizationException(String message)
+ {
+ super(message);
+ }
+
+ public AuthorizationException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/SecurityDefinitionException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/SecurityDefinitionException.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/SecurityDefinitionException.java
new file mode 100644
index 0000000..ca805e8
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/SecurityDefinitionException.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.deltaspike.security.api.authorization;
+
+/**
+ * This exception is thrown when a security-related configuration error is detected,
+ * such as a missing or ambiguous security binding type
+ *
+ * @author Shane Bryzak
+ */
+public class SecurityDefinitionException extends org.apache.deltaspike.security.api.SecurityException
+{
+ private static final long serialVersionUID = -5683365417825375411L;
+
+ public SecurityDefinitionException(String message)
+ {
+ super(message);
+ }
+
+ public SecurityDefinitionException(Throwable cause)
+ {
+ super(cause);
+ }
+
+ public SecurityDefinitionException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-deltaspike/blob/1a2c7ffd/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/SecurityViolation.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/SecurityViolation.java b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/SecurityViolation.java
new file mode 100644
index 0000000..9605448
--- /dev/null
+++ b/deltaspike/modules/security/api/src/main/java/org/apache/deltaspike/security/api/authorization/SecurityViolation.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.api.authorization;
+
+import java.io.Serializable;
+
+/**
+ * Provides the concrete reason for the restriction.
+ */
+public interface SecurityViolation extends Serializable
+{
+ /**
+ * Provides a description of the violation.
+ *
+ * @return description of the violation
+ */
+ String getReason();
+}