org.vaadin.spring.security

Class GenericVaadinSecurity

java.lang.Object

org.vaadin.spring.security.AbstractVaadinSecurity

org.vaadin.spring.security.GenericVaadinSecurity

All Implemented Interfaces:

Aware, InitializingBean, ApplicationContextAware, VaadinSecurity, VaadinSecurityContext

public class GenericVaadinSecurity
extends AbstractVaadinSecurity
implements VaadinSecurity

Convenience class that provides the Spring Security operations that are most commonly required in a Vaadin application. Additional Code / Documentation from HttpSessionSecurityContextRepository

Author:

Petter Holmström (petter@vaadin.com), Gert-Jan Timmer (gjr.timmer@gmail.com)

Field Summary

Fields

Modifier and Type	Field and Description
static String	SPRING_SECURITY_CONTEXT_KEY The default key under which the security context will be stored in the session.

Constructor Summary

Constructors

Constructor and Description
GenericVaadinSecurity()

Method Summary

Modifier and Type	Method and Description
Authentication	getAuthentication() Gets the authentication token of the current user.
boolean	hasAccessToObject(Object securedObject, String... securityConfigurationAttributes) Checks if the current user is authorized based on the specified security configuration attributes.
boolean	hasAccessToSecuredMethod(Object securedObject, String methodName, Class<?>... methodParameterTypes) Uses the Secured annotation on the specified method to check if the current user has access to the secured object.
boolean	hasAccessToSecuredObject(Object securedObject) Convenience method that invokes VaadinSecurity.hasAccessToObject(Object, String...), using the Secured annotation of the secured object to get the security configuration attributes.
boolean	hasAnyAuthority(String... authorities) Checks if the current user has at least one of the specified authorities.
boolean	hasAuthorities(String... authorities) Checks if the current user has all required authorities.
boolean	hasAuthority(String authority) Checks if the current user has the specified authority.
boolean	isAuthenticated() Checks if the current user is authenticated.
void	login(Authentication authentication) Tries to login using the specified authentication object.
void	login(Authentication authentication, boolean rememberMe) Tries to login using the specified authentication object.
void	login(String username, String password) Convenience method that invokes VaadinSecurity.login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.
void	login(String username, String password, boolean rememberMe) Convenience method that invokes VaadinSecurity.login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.
void	logout() Logs the user out, and have Spring-Security handle the logout with the configured LogoutConfigurer of the HttpSecurity.
void	setLogoutProcessingUrl(String logoutUrl) Set the logout processing URL, defaults to '/logout'.
void	setSpringSecurityContextKey(String springSecurityContextKey) Allows the session attribute name to be customized for this repository instance.

Methods inherited from class org.vaadin.spring.security.AbstractVaadinSecurity

addAuthenticationFailureHandler, addAuthenticationSuccessHandler, afterPropertiesSet, getAccessDecisionManager, getApplicationContext, getAuthenticationFailureHandler, getAuthenticationManager, getAuthenticationSuccessHandler, getSessionAuthenticationStrategy, hasAccessDecisionManager, hasAuthenticationFailureHandlerConfigured, hasAuthenticationSuccessHandlerConfigured, setApplicationContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.vaadin.spring.security.VaadinSecurityContext

addAuthenticationFailureHandler, addAuthenticationSuccessHandler, getAccessDecisionManager, getApplicationContext, getAuthenticationManager, getSessionAuthenticationStrategy, hasAccessDecisionManager, hasAuthenticationFailureHandlerConfigured, hasAuthenticationSuccessHandlerConfigured

Field Detail

SPRING_SECURITY_CONTEXT_KEY

public static final String SPRING_SECURITY_CONTEXT_KEY

The default key under which the security context will be stored in the session. Used by HttpSessionSecurityContextRepository

If this is overriden by the user then also override springSecurityContextKey within HttpSessionSecurityContextRepository to match the new key.

The key of HttpSessionSecurityContextRepository can be overriden with HttpSessionSecurityContextRepository

The SecurityContextPersistenceFilter will use the configured key from HttpSessionSecurityContextRepository

See Also:

Constant Field Values

Constructor Detail

GenericVaadinSecurity

public GenericVaadinSecurity()

Method Detail

isAuthenticated

public boolean isAuthenticated()

Checks if the current user is authenticated.

Specified by:

isAuthenticated in interface VaadinSecurity

Returns:

true if the current SecurityContext contains an Authentication token, and the token has been authenticated by an AuthenticationManager.

See Also:

Authentication.isAuthenticated()

login

public void login(Authentication authentication,
                  boolean rememberMe)
           throws AuthenticationException,
                  Exception

Tries to login using the specified authentication object. If authentication succeeds, this method will return without exceptions.

Specified by:

login in interface VaadinSecurity

Parameters:

authentication - the authentication object to authenticate, must not be null.

rememberMe - boolean to indicate if remember me authentication should be activated

Throws:

AuthenticationException - if authentication fails.

Exception

login

public void login(Authentication authentication)
           throws AuthenticationException,
                  Exception

Tries to login using the specified authentication object. If authentication succeeds, this method will return without exceptions.

Remember Me authentication is ignored

Specified by:

login in interface VaadinSecurity

Parameters:

authentication - the authentication object to authenticate, must not be null.

Throws:

AuthenticationException - if authentication fails.

Exception

login

public void login(String username,
                  String password,
                  boolean rememberMe)
           throws AuthenticationException,
                  Exception

Convenience method that invokes VaadinSecurity.login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.

Specified by:

login in interface VaadinSecurity

Parameters:

username - the username to use, must not be null.

password - the password to use, must not be null.

rememberMe - boolean to set remember me authentication

Throws:

AuthenticationException - if authentication fails.

javax.servlet.ServletException - if Authentication{Success/Failure}Handler fails

IOException - if Authentication{Success/Failure}Handler fails

Exception

login

public void login(String username,
                  String password)
           throws AuthenticationException,
                  Exception

Convenience method that invokes VaadinSecurity.login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.

Remember me authentication is ignored

Specified by:

login in interface VaadinSecurity

Parameters:

username - the username to use, must not be null.

password - the password to use, must not be null.

Throws:

AuthenticationException - if authentication fails.

javax.servlet.ServletException - if Authentication{Success/Failure}Handler fails

IOException - if Authentication{Success/Failure}Handler fails

Exception

setLogoutProcessingUrl

public void setLogoutProcessingUrl(String logoutUrl)

Set the logout processing URL, defaults to '/logout'. This property should match the configured value with HttpSecurity configuration.

Specified by:

setLogoutProcessingUrl in interface VaadinSecurity

Parameters:

logoutUrl - the use url at which the logout is configured with HttpSecurity

logout

public void logout()

Logs the user out, and have Spring-Security handle the logout with the configured LogoutConfigurer of the HttpSecurity.

Specified by:

logout in interface VaadinSecurity

hasAuthority

public boolean hasAuthority(String authority)

Checks if the current user has the specified authority. This method works with static authorities (such as roles). If you need more dynamic authorization (such as ACLs or EL expressions), use VaadinSecurity.hasAccessToObject(Object, String...).

Specified by:

hasAuthority in interface VaadinSecurity

Parameters:

authority - the authority to check, must not be null.

Returns:

true if the current SecurityContext contains an authenticated Authentication token that has a GrantedAuthority whose string representation matches the specified authority.

See Also:

Authentication.getAuthorities(), GrantedAuthority.getAuthority()

getAuthentication

public Authentication getAuthentication()

Gets the authentication token of the current user.

Specified by:

getAuthentication in interface VaadinSecurity

Returns:

the Authentication token stored in the current SecurityContext, or null.

hasAccessToObject

public boolean hasAccessToObject(Object securedObject,
                                 String... securityConfigurationAttributes)

Checks if the current user is authorized based on the specified security configuration attributes. The attributes can be roles or Spring EL expressions (basically anything you can specify as values of the Secured annotation).

Specified by:

hasAccessToObject in interface VaadinSecurity

Parameters:

securedObject - the secured object.

securityConfigurationAttributes - the security configuration attributes.

Returns:

true if the current user is authorized, false if not.

hasAccessToSecuredObject

public boolean hasAccessToSecuredObject(Object securedObject)

Convenience method that invokes VaadinSecurity.hasAccessToObject(Object, String...), using the Secured annotation of the secured object to get the security configuration attributes.

Specified by:

hasAccessToSecuredObject in interface VaadinSecurity

Parameters:

securedObject - the secured object, must not be null and must have the Secured annotation.

Returns:

true if the current user is authorized, false if not.

hasAccessToSecuredMethod

public boolean hasAccessToSecuredMethod(Object securedObject,
                                        String methodName,
                                        Class<?>... methodParameterTypes)

Uses the Secured annotation on the specified method to check if the current user has access to the secured object.

Specified by:

hasAccessToSecuredMethod in interface VaadinSecurity

Parameters:

securedObject - the secured object, must not be null.

methodName - the name of the method holding the Secured annotation.

methodParameterTypes - the parameter types of the method holding the Secured annotation.

Returns:

true if the current user is authorized, false if not.

See Also:

VaadinSecurity.hasAccessToSecuredObject(Object)

hasAuthorities

public boolean hasAuthorities(String... authorities)

Checks if the current user has all required authorities.

Specified by:

hasAuthorities in interface VaadinSecurity

Parameters:

authorities - the required authorities.

Returns:

true if the current user is authenticated and has all of the specified authorities.

See Also:

VaadinSecurity.hasAuthority(String), VaadinSecurity.hasAnyAuthority(String...)

hasAnyAuthority

public boolean hasAnyAuthority(String... authorities)

Checks if the current user has at least one of the specified authorities.

Specified by:

hasAnyAuthority in interface VaadinSecurity

Parameters:

authorities - the authorities.

Returns:

true if the current user is authenticated and has at least one of the specified authorities.

See Also:

VaadinSecurity.hasAuthority(String), VaadinSecurity.hasAuthorities(String...)

setSpringSecurityContextKey

public void setSpringSecurityContextKey(String springSecurityContextKey)

Allows the session attribute name to be customized for this repository instance.

Specified by:

setSpringSecurityContextKey in interface VaadinSecurity

Parameters:

springSecurityContextKey - the key under which the security context will be stored. Defaults to