org.springframework.richclient.security
Interface ApplicationSecurityManager

All Known Implementing Classes:
DefaultApplicationSecurityManager

public interface ApplicationSecurityManager

This interface defines the operations required of an Application Security Manager for the RCP framework. The security manager is responsible for handling login and logout requests, interacting with the AuthenticationManager that will perform the actual user authentication, and firing the events associated with application security lifecycle. See ClientSecurityEvent and its subclasses.

The Security Manager is available as an application service via org.springframework.richclient.application.ApplicationServices#getSecurityManager.

See SecurityAwareConfigurer for more details on how to configure components for automatic notification of security events.

Author:
Larry Streepy
See Also:
DefaultApplicationSecurityManager, AuthenticationAware, LoginAware, SecurityAwareConfigurer

Method Summary
 org.acegisecurity.Authentication doLogin(org.acegisecurity.Authentication authentication)
          Process a login attempt and fire all related events.
 org.acegisecurity.Authentication doLogout()
          Perform a logout.
 org.acegisecurity.Authentication getAuthentication()
          Get the authentication token for the currently logged in user.
 org.acegisecurity.AuthenticationManager getAuthenticationManager()
          Get the authentication manager in use.
 boolean isUserInRole(String role)
          Determine if the currently authenticated user has the role provided.
 boolean isUserLoggedIn()
          Return if a user is currently logged in, meaning that a previous call to doLogin resulted in a valid authentication request.
 void setAuthenticationManager(org.acegisecurity.AuthenticationManager authenticationManager)
          Set the authentication manager to use.
 

Method Detail

doLogin

org.acegisecurity.Authentication doLogin(org.acegisecurity.Authentication authentication)
                                         throws org.acegisecurity.AcegiSecurityException
Process a login attempt and fire all related events. If the authentication fails, then a AuthenticationFailedEvent is published and the exception is rethrown. If the authentication succeeds, then an AuthenticationEvent is published, followed by a LoginEvent.

Parameters:
authentication - token to use for the login attempt
Returns:
Authentication token resulting from a successful call to AuthenticationManager.authenticate(org.acegisecurity.Authentication).
Throws:
org.acegisecurity.AcegiSecurityException - If the authentication attempt fails

isUserLoggedIn

boolean isUserLoggedIn()
Return if a user is currently logged in, meaning that a previous call to doLogin resulted in a valid authentication request.

Returns:
true if a user is logged in

getAuthentication

org.acegisecurity.Authentication getAuthentication()
Get the authentication token for the currently logged in user.

Returns:
authentication token, null if not logged in

isUserInRole

boolean isUserInRole(String role)
Determine if the currently authenticated user has the role provided.

Parameters:
role - to check
Returns:
true if the user has the role requested

doLogout

org.acegisecurity.Authentication doLogout()
Perform a logout. Set the current authentication token to null (in both the per-thread security context and the global context), then publish an AuthenticationEvent followed by a LogoutEvent.

Returns:
Authentication token that was in place prior to the logout.

setAuthenticationManager

void setAuthenticationManager(org.acegisecurity.AuthenticationManager authenticationManager)
Set the authentication manager to use.

Parameters:
authenticationManager - instance to use for authentication requests

getAuthenticationManager

org.acegisecurity.AuthenticationManager getAuthenticationManager()
Get the authentication manager in use.

Returns:
authenticationManager instance used for authentication requests


Copyright © 2004-2008 The Spring Framework. All Rights Reserved.