org.springframework.richclient.security.support
Class AbstractSecurityController

java.lang.Object
  extended by org.springframework.richclient.security.support.AbstractSecurityController
All Implemented Interfaces:
InitializingBean, AuthenticationAware, SecurityController
Direct Known Subclasses:
UserRoleSecurityController

public abstract class AbstractSecurityController
extends Object
implements SecurityController, InitializingBean

Abstract implementation of a security controller. Derived classes are responsible for providing the ConfigAttributeDefinition and any secured object that will be used by the decision manager to make the decision to authorize the controlled objects.

This class uses weak references to track the the controlled objects, so they can be GCed as needed.

If a subclass provides a new post-processor action, then it needs to call registerPostProcessorAction(String) during construction and it must override doPostProcessorAction(String, Object, boolean). It is critical that the overridden doPostProcessorAction method call super.doPostProcessorAction for any action id it does not directly handle.

This base class provides the following post-processor actions:

visibleTracksAuthorized - if the controlled object has a setVisible(boolean) method then it is called with the authorized value. Thus, if the object is not authorized, it will have setVisible(false) called on it.

Author:
Larry Streepy
See Also:
getSecuredObject(), getConfigAttributeDefinition(Object)

Field Summary
static String VISIBLE_TRACKS_AUTHORIZED_ACTION
           
 
Constructor Summary
protected AbstractSecurityController()
          Constructor.
 
Method Summary
 void addControlledObject(Authorizable object)
          Add an object to our controlled set.
 void afterPropertiesSet()
          Validate our configuration.
protected  void doPostProcessorAction(String actionId, Object controlledObject, boolean authorized)
          Post-process a controlled object after its authorization state has been updated.
 org.acegisecurity.AccessDecisionManager getAccessDecisionManager()
          Get the access decision manager in use
protected abstract  org.acegisecurity.ConfigAttributeDefinition getConfigAttributeDefinition(Object securedObject)
          Get the ConfigAttributeDefinition for the secured object.
protected  org.acegisecurity.Authentication getLastAuthentication()
           
 String getPostProcessorActionsToRun()
          Get the list of post-processor actions to run.
protected abstract  Object getSecuredObject()
          Get the secured object on which we are making the authorization decision.
protected  void registerPostProcessorAction(String actionId)
          Register a post-processor action.
 Object removeControlledObject(Authorizable object)
          Remove an object from our controlled set.
protected  void runAuthorization()
          Update the authorization of all controlled objects.
protected  void runPostProcessorActions(Object controlledObject, boolean authorized)
          Run all the requested post-processor actions.
 void setAccessDecisionManager(org.acegisecurity.AccessDecisionManager accessDecisionManager)
          Set the access decision manager to use
 void setAuthenticationToken(org.acegisecurity.Authentication authentication)
          The authentication token for the current user has changed.
 void setControlledObjects(List secured)
          Set the objects that are to be controlled.
protected  void setLastAuthentication(org.acegisecurity.Authentication authentication)
           
 void setPostProcessorActionsToRun(String actions)
          Set the list of post-processor actions to be run.
protected  boolean shouldAuthorize(org.acegisecurity.Authentication authentication)
          Determine if our controlled objects should be authorized based on the provided authentication token.
protected  void updateControlledObject(Authorizable controlledObject, boolean authorized)
          Update a controlled object based on the given authorization state.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

VISIBLE_TRACKS_AUTHORIZED_ACTION

public static final String VISIBLE_TRACKS_AUTHORIZED_ACTION
See Also:
Constant Field Values
Constructor Detail

AbstractSecurityController

protected AbstractSecurityController()
Constructor.

Method Detail

getSecuredObject

protected abstract Object getSecuredObject()
Get the secured object on which we are making the authorization decision. This may be null if no specific object is to be considered in the decision.

Returns:
secured object

getConfigAttributeDefinition

protected abstract org.acegisecurity.ConfigAttributeDefinition getConfigAttributeDefinition(Object securedObject)
Get the ConfigAttributeDefinition for the secured object. This will provide the authorization information to the access decision manager.

Parameters:
securedObject - Secured object for whom the config attribute definition is to be rretrieved. This may be null.
Returns:
attribute definition for the provided secured object

setPostProcessorActionsToRun

public void setPostProcessorActionsToRun(String actions)
Set the list of post-processor actions to be run. This must be a comma-separated list of action names.

Parameters:
actions - Comma-separated list of post-processor action names

getPostProcessorActionsToRun

public String getPostProcessorActionsToRun()
Get the list of post-processor actions to run.

Returns:
Comma-separated list of post-processor action names

registerPostProcessorAction

protected void registerPostProcessorAction(String actionId)
Register a post-processor action. The action id specified must not conflict with any other action registered. Subclasses that provide additional post-processor actions MUST call this method to register them.

Parameters:
actionId - Id of post-processor action to register

setAuthenticationToken

public void setAuthenticationToken(org.acegisecurity.Authentication authentication)
The authentication token for the current user has changed. Update all our controlled objects accordingly.

Specified by:
setAuthenticationToken in interface AuthenticationAware
Parameters:
authentication - now in effect, may be null

runAuthorization

protected void runAuthorization()
Update the authorization of all controlled objects.


updateControlledObject

protected void updateControlledObject(Authorizable controlledObject,
                                      boolean authorized)
Update a controlled object based on the given authorization state.

Parameters:
controlledObject - Object being controlled
authorized - state that has been installed on controlledObject

runPostProcessorActions

protected void runPostProcessorActions(Object controlledObject,
                                       boolean authorized)
Run all the requested post-processor actions.

Parameters:
controlledObject - Object being controlled
authorized - state that has been installed on controlledObject

doPostProcessorAction

protected void doPostProcessorAction(String actionId,
                                     Object controlledObject,
                                     boolean authorized)
Post-process a controlled object after its authorization state has been updated. Subclasses that override this method MUST ensure that this method is called id they do not process the given action id.

Parameters:
actionId - Id of the post-processor action to run
controlledObject - Object being controlled
authorized - state that has been installed on controlledObject

shouldAuthorize

protected boolean shouldAuthorize(org.acegisecurity.Authentication authentication)
Determine if our controlled objects should be authorized based on the provided authentication token.

Parameters:
authentication - token
Returns:
true if should authorize

setAccessDecisionManager

public void setAccessDecisionManager(org.acegisecurity.AccessDecisionManager accessDecisionManager)
Set the access decision manager to use

Specified by:
setAccessDecisionManager in interface SecurityController
Parameters:
accessDecisionManager -

getAccessDecisionManager

public org.acegisecurity.AccessDecisionManager getAccessDecisionManager()
Get the access decision manager in use

Specified by:
getAccessDecisionManager in interface SecurityController
Returns:
decision manager

setControlledObjects

public void setControlledObjects(List secured)
Set the objects that are to be controlled. Only beans that implement the Authorized interface are processed.

Specified by:
setControlledObjects in interface SecurityController
Parameters:
secured - List of objects to control

addControlledObject

public void addControlledObject(Authorizable object)
Add an object to our controlled set.

Specified by:
addControlledObject in interface SecurityController
Parameters:
object - to control

removeControlledObject

public Object removeControlledObject(Authorizable object)
Remove an object from our controlled set.

Specified by:
removeControlledObject in interface SecurityController
Parameters:
object - to remove
Returns:
object removed or null if not found

setLastAuthentication

protected void setLastAuthentication(org.acegisecurity.Authentication authentication)

getLastAuthentication

protected org.acegisecurity.Authentication getLastAuthentication()

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Validate our configuration.

Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception


Copyright © 2004-2008 The Spring Framework. All Rights Reserved.