deltaspike-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r907149 - in /websites/staging/deltaspike/trunk/content: ./ security.html
Date Mon, 28 Apr 2014 11:53:28 GMT
Author: buildbot
Date: Mon Apr 28 11:53:28 2014
New Revision: 907149

Staging update by buildbot for deltaspike

    websites/staging/deltaspike/trunk/content/   (props changed)

Propchange: websites/staging/deltaspike/trunk/content/
--- cms:source-revision (original)
+++ cms:source-revision Mon Apr 28 11:53:28 2014
@@ -1 +1 @@

Modified: websites/staging/deltaspike/trunk/content/security.html
--- websites/staging/deltaspike/trunk/content/security.html (original)
+++ websites/staging/deltaspike/trunk/content/security.html Mon Apr 28 11:53:28 2014
@@ -78,13 +78,31 @@
               <div class="page-title">
                 <h1>DeltaSpike Security Module</h1>
-              <div class="toc">
+              <p>Title: DeltaSpike Security Module
+Notice:    Licensed to the Apache Software Foundation (ASF) under one
+           or more contributor license agreements.  See the NOTICE file
+           distributed with this work for additional information
+           regarding copyright ownership.  The ASF licenses this file
+           to you under the Apache License, Version 2.0 (the
+           "License"); you may not use this file except in compliance
+           with the License.  You may obtain a copy of the License at
+           .
+           .
+           Unless required by applicable law or agreed to in writing,
+           software distributed under the License is distributed on an
+           KIND, either express or implied.  See the License for the
+           specific language governing permissions and limitations
+           under the License.</p>
+<div class="toc">
 <li><a href="#securitybinding-for-class-and-method-invocations">SecurityBinding
for class and method invocations</a></li>
 <li><a href="#integrating-3rd-party-security-frameworks">Integrating 3rd party
security frameworks</a><ul>
 <li><a href="#secured">@Secured</a></li>
 <li><a href="#accessdecisionvoter">AccessDecisionVoter</a></li>
 <li><a href="#securityviolation">SecurityViolation</a></li>
+<li><a href="#abstractaccessdecisionvoter">AbstractAccessDecisionVoter</a></li>
 <li><a href="#secured-and-stereotypes-with-custom-meta-data">@Secured and Stereotypes
with custom Meta-data</a></li>
@@ -279,7 +297,23 @@ It's a basic hook to integrate a custom 
 <p>[TODO] hint about the changed parameter/s</p>
 <h2 id="securityviolation">SecurityViolation</h2>
 <p>In case of a detected violation a <code>SecurityViolation</code> has
to be added to the result returned by the <code>AccessDecisionVoter</code>.</p>
-<p>[TODO] AbstractAccessDecisionVoter</p>
+<h2 id="abstractaccessdecisionvoter">AbstractAccessDecisionVoter</h2>
+<p>You can also implement the abstract class <code>AbstractAccessDecisionVoter</code>.
This is a convenience class which allows an easier usage:</p>
+    :::java
+    public class CustomAccessDecisionVoter extends AbstractAccessDecisionVoter
+    {</p>
+<div class="codehilite"><pre>    <span class="p">@</span><span
+    <span class="n">protected</span> <span class="n">void</span>
<span class="n">checkPermission</span><span class="p">(</span><span
class="n">AccessDecisionVoterContext</span> <span class="n">accessDecisionVoterContext</span><span
+            <span class="n">Set</span><span class="o">&lt;</span><span
class="n">SecurityViolation</span><span class="o">&gt;</span> <span
class="n">violations</span><span class="p">)</span>
+    <span class="p">{</span>
+        <span class="o">//</span> <span class="n">check</span> <span
class="k">for</span> <span class="n">violations</span>
+        <span class="n">violations</span><span class="p">.</span><span
class="n">add</span><span class="p">(</span><span class="n">newSecurityViolation</span><span
class="p">(</span>&quot;<span class="n">access</span> <span class="n">not</span>
<span class="n">allowed</span> <span class="n">due</span> <span
class="n">to</span> <span class="p">...</span>&quot;<span class="p">));</span>
+    <span class="p">}</span>
+<span class="p">}</span>
 <h2 id="secured-and-stereotypes-with-custom-meta-data">@Secured and Stereotypes with
custom Meta-data</h2>
 <p>If there are multiple <code>AccessDecisionVoter</code> and maybe in
different constellations, it's easier to provide an expressive CDI stereotypes for it. Later
on that also allows to change the behaviour in a central place.</p>
 <p>Stereotype support of @Secured:</p>
@@ -332,9 +366,21 @@ It's a basic hook to integrate a custom 
 <h1 id="accessdecisionvotercontext">AccessDecisionVoterContext</h1>
+<p>Because the <code>AccessDecisionVoter</code> can be chained, <code>AccessDecisionVoterContext</code>
allows to get the current state as well as the results of the security check.</p>
+<p>There are several methods that can be useful</p>
+<li><code>getState()</code> - Exposes the current state : INITIAL, VOTE_IN_PROGRESS,
+<li><code>getViolations()</code> - Exposes the found violations</li>
+<li><code>getSource()</code> - Exposes e.g. the current instance of <code>javax.interceptor.InvocationContext</code>
in combination with <code>@Secured</code> used as interceptor.</li>
+<li><code>getMetaData()</code> - Exposes the found meta-data e.g. the view-config-class
if <code>@Secured</code> is used in combination with type-safe view-configs</li>
+<li><code>getMetaDataFor(String, Class&lt;T&gt;)</code> - Exposes
meta-data for the given key </li>
 <h2 id="securitystrategy-spi">SecurityStrategy SPI</h2>
+<p>The <code>SecurityStrategy</code> interface allows to provide a custom
implementation which should be used for <code>@Secured</code>.
+Provide a custom implementation as bean-class in combination with <code>@Alternative</code>
or <code>@Specializes</code> (or as global-alternative).</p>
+<p>In case of global-alternatives an additional config needs to be added to <code>/META-INF/</code>
- e.g.:</p>
+<p><strong>Note</strong>: The config for global-alternatives is following
the pattern: globalAlternatives.<code>&lt;interface-name&gt;</code>=<code>&lt;implementation-class-name&gt;</code></p>

View raw message