org.springframework.richclient.security
Interface ApplicationSecurityManager

All Known Implementing Classes:

DefaultApplicationSecurityManager

public interface ApplicationSecurityManager

This interface defines the operations required of an Application Security Manager for the RCP framework. The security manager is responsible for handling login and logout requests, interacting with the AuthenticationManager that will perform the actual user authentication, and firing the events associated with application security lifecycle. See ClientSecurityEvent and its subclasses.

The Security Manager is available as an application service via org.springframework.richclient.application.ApplicationServices#getSecurityManager.

See SecurityAwareConfigurer for more details on how to configure components for automatic notification of security events.

Author:

Larry Streepy

See Also:

DefaultApplicationSecurityManager, AuthenticationAware, LoginAware, SecurityAwareConfigurer

Method Summary

org.acegisecurity.Authentication	doLogin(org.acegisecurity.Authentication authentication) Process a login attempt and fire all related events.
org.acegisecurity.Authentication	doLogout() Perform a logout.
org.acegisecurity.Authentication	getAuthentication() Get the authentication token for the currently logged in user.
org.acegisecurity.AuthenticationManager	getAuthenticationManager() Get the authentication manager in use.
boolean	isUserInRole(String role) Determine if the currently authenticated user has the role provided.
boolean	isUserLoggedIn() Return if a user is currently logged in, meaning that a previous call to doLogin resulted in a valid authentication request.
void	setAuthenticationManager(org.acegisecurity.AuthenticationManager authenticationManager) Set the authentication manager to use.

Method Detail

doLogin

org.acegisecurity.Authentication doLogin(org.acegisecurity.Authentication authentication)
                                         throws org.acegisecurity.AcegiSecurityException

Process a login attempt and fire all related events. If the authentication fails, then a AuthenticationFailedEvent is published and the exception is rethrown. If the authentication succeeds, then an AuthenticationEvent is published, followed by a LoginEvent.

Parameters:

authentication - token to use for the login attempt

Returns:

Authentication token resulting from a successful call to AuthenticationManager.authenticate(org.acegisecurity.Authentication).

Throws:

org.acegisecurity.AcegiSecurityException - If the authentication attempt fails

isUserLoggedIn

boolean isUserLoggedIn()

Return if a user is currently logged in, meaning that a previous call to doLogin resulted in a valid authentication request.

Returns:

true if a user is logged in

getAuthentication

org.acegisecurity.Authentication getAuthentication()

Get the authentication token for the currently logged in user.

Returns:

authentication token, null if not logged in

isUserInRole

boolean isUserInRole(String role)

Determine if the currently authenticated user has the role provided.

Parameters:

role - to check

Returns:

true if the user has the role requested

doLogout

org.acegisecurity.Authentication doLogout()

Perform a logout. Set the current authentication token to null (in both the per-thread security context and the global context), then publish an AuthenticationEvent followed by a LogoutEvent.

Returns:

Authentication token that was in place prior to the logout.

setAuthenticationManager

void setAuthenticationManager(org.acegisecurity.AuthenticationManager authenticationManager)

Set the authentication manager to use.

Parameters:

authenticationManager - instance to use for authentication requests

getAuthenticationManager

org.acegisecurity.AuthenticationManager getAuthenticationManager()

Get the authentication manager in use.

Returns:

authenticationManager instance used for authentication requests