org.vaadin.spring.security

Interface VaadinSecurity

All Superinterfaces:

VaadinSecurityContext

All Known Implementing Classes:

GenericVaadinSecurity

public interface VaadinSecurity
extends VaadinSecurityContext

Interface that provides the Spring Security operations that are most commonly required in a Vaadin application.

Author:

Petter Holmström (petter@vaadin.com), Gert-Jan Timmer (gjr.timmer@gmail.com)

Method Summary

Modifier and Type	Method and Description
Authentication	getAuthentication() Gets the authentication token of the current user.
boolean	hasAccessToObject(Object securedObject, String... securityConfigurationAttributes) Checks if the current user is authorized based on the specified security configuration attributes.
boolean	hasAccessToSecuredMethod(Object securedObject, String methodName, Class<?>... methodParameterTypes) Uses the Secured annotation on the specified method to check if the current user has access to the secured object.
boolean	hasAccessToSecuredObject(Object securedObject) Convenience method that invokes hasAccessToObject(Object, String...), using the Secured annotation of the secured object to get the security configuration attributes.
boolean	hasAnyAuthority(String... authorities) Checks if the current user has at least one of the specified authorities.
boolean	hasAuthorities(String... authorities) Checks if the current user has all required authorities.
boolean	hasAuthority(String authority) Checks if the current user has the specified authority.
boolean	isAuthenticated() Checks if the current user is authenticated.
void	login(Authentication authentication) Tries to login using the specified authentication object.
void	login(Authentication authentication, boolean rememberMe) Tries to login using the specified authentication object.
void	login(String username, String password) Convenience method that invokes login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.
void	login(String username, String password, boolean rememberMe) Convenience method that invokes login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.
void	logout() Logs the user out, and have Spring-Security handle the logout with the configured LogoutConfigurer of the HttpSecurity.
void	setLogoutProcessingUrl(String logoutUrl) Set the logout processing URL, defaults to '/logout'.
void	setSpringSecurityContextKey(String springSecurityContextKey) Allows the session attribute name to be customized for this repository instance.

Methods inherited from interface org.vaadin.spring.security.VaadinSecurityContext

addAuthenticationFailureHandler, addAuthenticationSuccessHandler, getAccessDecisionManager, getApplicationContext, getAuthenticationManager, getSessionAuthenticationStrategy, hasAccessDecisionManager, hasAuthenticationFailureHandlerConfigured, hasAuthenticationSuccessHandlerConfigured

Method Detail

isAuthenticated

boolean isAuthenticated()

Checks if the current user is authenticated.

Returns:

true if the current SecurityContext contains an Authentication token, and the token has been authenticated by an AuthenticationManager.

See Also:

Authentication.isAuthenticated()

login

void login(Authentication authentication,
           boolean rememberMe)
    throws AuthenticationException,
           Exception

Tries to login using the specified authentication object. If authentication succeeds, this method will return without exceptions.

Parameters:

authentication - the authentication object to authenticate, must not be null.

rememberMe - boolean to indicate if remember me authentication should be activated

Throws:

AuthenticationException - if authentication fails.

Exception

login

void login(Authentication authentication)
    throws AuthenticationException,
           Exception

Tries to login using the specified authentication object. If authentication succeeds, this method will return without exceptions.

Remember Me authentication is ignored

Parameters:

authentication - the authentication object to authenticate, must not be null.

Throws:

AuthenticationException - if authentication fails.

Exception

login

void login(String username,
           String password,
           boolean rememberMe)
    throws AuthenticationException,
           Exception

Convenience method that invokes login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.

Parameters:

username - the username to use, must not be null.

password - the password to use, must not be null.

rememberMe - boolean to set remember me authentication

Throws:

AuthenticationException - if authentication fails.

javax.servlet.ServletException - if Authentication{Success/Failure}Handler fails

IOException - if Authentication{Success/Failure}Handler fails

Exception

login

void login(String username,
           String password)
    throws AuthenticationException,
           Exception

Convenience method that invokes login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.

Remember me authentication is ignored

Parameters:

username - the username to use, must not be null.

password - the password to use, must not be null.

Throws:

AuthenticationException - if authentication fails.

javax.servlet.ServletException - if Authentication{Success/Failure}Handler fails

IOException - if Authentication{Success/Failure}Handler fails

Exception

setLogoutProcessingUrl

void setLogoutProcessingUrl(String logoutUrl)

Set the logout processing URL, defaults to '/logout'. This property should match the configured value with HttpSecurity configuration.

Parameters:

logoutUrl - the use url at which the logout is configured with HttpSecurity

logout

void logout()

Logs the user out, and have Spring-Security handle the logout with the configured LogoutConfigurer of the HttpSecurity.

hasAuthority

boolean hasAuthority(String authority)

Checks if the current user has the specified authority. This method works with static authorities (such as roles). If you need more dynamic authorization (such as ACLs or EL expressions), use hasAccessToObject(Object, String...).

Parameters:

authority - the authority to check, must not be null.

Returns:

true if the current SecurityContext contains an authenticated Authentication token that has a GrantedAuthority whose string representation matches the specified authority.

See Also:

Authentication.getAuthorities(), GrantedAuthority.getAuthority()

getAuthentication

Authentication getAuthentication()

Gets the authentication token of the current user.

Returns:

the Authentication token stored in the current SecurityContext, or null.

hasAccessToObject

boolean hasAccessToObject(Object securedObject,
                          String... securityConfigurationAttributes)

Checks if the current user is authorized based on the specified security configuration attributes. The attributes can be roles or Spring EL expressions (basically anything you can specify as values of the Secured annotation).

Parameters:

securedObject - the secured object.

securityConfigurationAttributes - the security configuration attributes.

Returns:

true if the current user is authorized, false if not.

hasAccessToSecuredObject

boolean hasAccessToSecuredObject(Object securedObject)

Convenience method that invokes hasAccessToObject(Object, String...), using the Secured annotation of the secured object to get the security configuration attributes.

Parameters:

securedObject - the secured object, must not be null and must have the Secured annotation.

Returns:

true if the current user is authorized, false if not.

hasAccessToSecuredMethod

boolean hasAccessToSecuredMethod(Object securedObject,
                                 String methodName,
                                 Class<?>... methodParameterTypes)

Uses the Secured annotation on the specified method to check if the current user has access to the secured object.

Parameters:

securedObject - the secured object, must not be null.

methodName - the name of the method holding the Secured annotation.

methodParameterTypes - the parameter types of the method holding the Secured annotation.

Returns:

true if the current user is authorized, false if not.

See Also:

hasAccessToSecuredObject(Object)

hasAuthorities

boolean hasAuthorities(String... authorities)

Checks if the current user has all required authorities.

Parameters:

authorities - the required authorities.

Returns:

true if the current user is authenticated and has all of the specified authorities.

See Also:

hasAuthority(String), hasAnyAuthority(String...)

hasAnyAuthority

boolean hasAnyAuthority(String... authorities)

Checks if the current user has at least one of the specified authorities.

Parameters:

authorities - the authorities.

Returns:

true if the current user is authenticated and has at least one of the specified authorities.

See Also:

hasAuthority(String), hasAuthorities(String...)

setSpringSecurityContextKey

void setSpringSecurityContextKey(String springSecurityContextKey)

Allows the session attribute name to be customized for this repository instance.

Parameters:

springSecurityContextKey - the key under which the security context will be stored. Defaults to