AbstractSecurityController (Spring richclient 1.0.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES All Classes

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.richclient.security.support
Class AbstractSecurityController

java.lang.Object
  org.springframework.richclient.security.support.AbstractSecurityController

All Implemented Interfaces:: InitializingBean, AuthenticationAware, SecurityController

Direct Known Subclasses:: UserRoleSecurityController

public abstract class AbstractSecurityController
extends Object
implements SecurityController, InitializingBean
extends Object
implements SecurityController, InitializingBean

Abstract implementation of a security controller. Derived classes are responsible for providing the ConfigAttributeDefinition and any secured object that will be used by the decision manager to make the decision to authorize the controlled objects.

This class uses weak references to track the the controlled objects, so they can be GCed as needed.

If a subclass provides a new post-processor action, then it needs to call registerPostProcessorAction(String) during construction and it must override doPostProcessorAction(String, Object, boolean). It is critical that the overridden doPostProcessorAction method call super.doPostProcessorAction for any action id it does not directly handle.

This base class provides the following post-processor actions:

visibleTracksAuthorized - if the controlled object has a setVisible(boolean) method then it is called with the authorized value. Thus, if the object is not authorized, it will have setVisible(false) called on it.

Author:: Larry Streepy
See Also:: getSecuredObject(), getConfigAttributeDefinition(Object)

Field Summary
`static String`	`VISIBLE_TRACKS_AUTHORIZED_ACTION`

Constructor Summary
`protected`	`AbstractSecurityController()` Constructor.

Method Summary
`void`	`addControlledObject(Authorizable object)` Add an object to our controlled set.
`void`	`afterPropertiesSet()` Validate our configuration.
`protected void`	`doPostProcessorAction(String actionId, Object controlledObject, boolean authorized)` Post-process a controlled object after its authorization state has been updated.
`org.acegisecurity.AccessDecisionManager`	`getAccessDecisionManager()` Get the access decision manager in use
`protected abstract org.acegisecurity.ConfigAttributeDefinition`	`getConfigAttributeDefinition(Object securedObject)` Get the ConfigAttributeDefinition for the secured object.
`protected org.acegisecurity.Authentication`	`getLastAuthentication()`
`String`	`getPostProcessorActionsToRun()` Get the list of post-processor actions to run.
`protected abstract Object`	`getSecuredObject()` Get the secured object on which we are making the authorization decision.
`protected void`	`registerPostProcessorAction(String actionId)` Register a post-processor action.
`Object`	`removeControlledObject(Authorizable object)` Remove an object from our controlled set.
`protected void`	`runAuthorization()` Update the authorization of all controlled objects.
`protected void`	`runPostProcessorActions(Object controlledObject, boolean authorized)` Run all the requested post-processor actions.
`void`	`setAccessDecisionManager(org.acegisecurity.AccessDecisionManager accessDecisionManager)` Set the access decision manager to use
`void`	`setAuthenticationToken(org.acegisecurity.Authentication authentication)` The authentication token for the current user has changed.
`void`	`setControlledObjects(List secured)` Set the objects that are to be controlled.
`protected void`	`setLastAuthentication(org.acegisecurity.Authentication authentication)`
`void`	`setPostProcessorActionsToRun(String actions)` Set the list of post-processor actions to be run.
`protected boolean`	`shouldAuthorize(org.acegisecurity.Authentication authentication)` Determine if our controlled objects should be authorized based on the provided authentication token.
`protected void`	`updateControlledObject(Authorizable controlledObject, boolean authorized)` Update a controlled object based on the given authorization state.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

VISIBLE_TRACKS_AUTHORIZED_ACTION

public static final String VISIBLE_TRACKS_AUTHORIZED_ACTION

See Also:: Constant Field Values

Constructor Detail

AbstractSecurityController

protected AbstractSecurityController()

Constructor.

Method Detail

getSecuredObject

protected abstract Object getSecuredObject()

Get the secured object on which we are making the authorization decision. This may be null if no specific object is to be considered in the decision.

Returns:: secured object

getConfigAttributeDefinition

protected abstract org.acegisecurity.ConfigAttributeDefinition getConfigAttributeDefinition(Object securedObject)

Get the ConfigAttributeDefinition for the secured object. This will provide the authorization information to the access decision manager.

Parameters:: securedObject - Secured object for whom the config attribute definition is to be rretrieved. This may be null.
Returns:: attribute definition for the provided secured object

setPostProcessorActionsToRun

public void setPostProcessorActionsToRun(String actions)

Set the list of post-processor actions to be run. This must be a comma-separated list of action names.

Parameters:: actions - Comma-separated list of post-processor action names

getPostProcessorActionsToRun

public String getPostProcessorActionsToRun()

Get the list of post-processor actions to run.

Returns:: Comma-separated list of post-processor action names

registerPostProcessorAction

protected void registerPostProcessorAction(String actionId)

Register a post-processor action. The action id specified must not conflict with any other action registered. Subclasses that provide additional post-processor actions MUST call this method to register them.

Parameters:: actionId - Id of post-processor action to register

setAuthenticationToken

public void setAuthenticationToken(org.acegisecurity.Authentication authentication)

The authentication token for the current user has changed. Update all our controlled objects accordingly.

Specified by:: setAuthenticationToken in interface AuthenticationAware

Parameters:: authentication - now in effect, may be null

runAuthorization

protected void runAuthorization()

Update the authorization of all controlled objects.

updateControlledObject

protected void updateControlledObject(Authorizable controlledObject,
                                      boolean authorized)

Update a controlled object based on the given authorization state.

Parameters:: controlledObject - Object being controlled; authorized - state that has been installed on controlledObject

runPostProcessorActions

protected void runPostProcessorActions(Object controlledObject,
                                       boolean authorized)

Run all the requested post-processor actions.

Parameters:: controlledObject - Object being controlled; authorized - state that has been installed on controlledObject

doPostProcessorAction

protected void doPostProcessorAction(String actionId,
                                     Object controlledObject,
                                     boolean authorized)

Post-process a controlled object after its authorization state has been updated. Subclasses that override this method MUST ensure that this method is called id they do not process the given action id.

Parameters:: actionId - Id of the post-processor action to run; controlledObject - Object being controlled; authorized - state that has been installed on controlledObject

shouldAuthorize

protected boolean shouldAuthorize(org.acegisecurity.Authentication authentication)

Determine if our controlled objects should be authorized based on the provided authentication token.

Parameters:: authentication - token
Returns:: true if should authorize

setAccessDecisionManager

public void setAccessDecisionManager(org.acegisecurity.AccessDecisionManager accessDecisionManager)

Set the access decision manager to use

Specified by:: setAccessDecisionManager in interface SecurityController

Parameters:: accessDecisionManager -

getAccessDecisionManager

public org.acegisecurity.AccessDecisionManager getAccessDecisionManager()

Get the access decision manager in use

Specified by:: getAccessDecisionManager in interface SecurityController

Returns:: decision manager

setControlledObjects

public void setControlledObjects(List secured)

Set the objects that are to be controlled. Only beans that implement the Authorized interface are processed.

Specified by:: setControlledObjects in interface SecurityController

Parameters:: secured - List of objects to control

addControlledObject

public void addControlledObject(Authorizable object)

Add an object to our controlled set.

Specified by:: addControlledObject in interface SecurityController

Parameters:: object - to control

removeControlledObject

public Object removeControlledObject(Authorizable object)

Remove an object from our controlled set.

Specified by:: removeControlledObject in interface SecurityController

Parameters:: object - to remove
Returns:: object removed or null if not found

setLastAuthentication

protected void setLastAuthentication(org.acegisecurity.Authentication authentication)

getLastAuthentication

protected org.acegisecurity.Authentication getLastAuthentication()

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Validate our configuration.

Specified by:: afterPropertiesSet in interface InitializingBean

Throws:: Exception