org.vaadin.spring.security

Class AbstractVaadinSecurity

java.lang.Object

org.vaadin.spring.security.AbstractVaadinSecurity

All Implemented Interfaces:

Aware, InitializingBean, ApplicationContextAware, VaadinSecurity, VaadinSecurityContext

Direct Known Subclasses:

DefaultVaadinManagedSecurity, DefaultVaadinSharedSecurity

public abstract class AbstractVaadinSecurity
extends Object
implements ApplicationContextAware, InitializingBean, VaadinSecurity

Abstract base class for implementations of VaadinSecurity

Author:

Petter Holmström (petter@vaadin.com), Gert-Jan Timmer (gjr.timmer@gmail.com)

Constructor Summary

Constructors

Constructor and Description
AbstractVaadinSecurity()

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
AccessDecisionManager	getAccessDecisionManager() Returns the AccessDecisionManager or null if not available.
ApplicationContext	getApplicationContext() Returns the current Spring application context (never null).
AuthenticationManager	getAuthenticationManager() Returns the AuthenticationManager or null if not available.
RememberMeServices	getRememberMeServices() Returns the RememberMeServices or an instance of NullRememberMeServices if not available.
boolean	hasAccessDecisionManager() Checks if an AccessDecisionManager is available or not.
boolean	hasAccessToObject(Object securedObject, String... securityConfigurationAttributes) Checks if the current user is authorized based on the specified security configuration attributes.
boolean	hasAccessToSecuredMethod(Object securedObject, String methodName, Class<?>... methodParameterTypes) Uses the Secured annotation on the specified method to check if the current user has access to the secured object.
boolean	hasAccessToSecuredObject(Object securedObject) Convenience method that invokes VaadinSecurity.hasAccessToObject(Object, String...), using the Secured annotation of the secured object to get the security configuration attributes.
boolean	hasAnyAuthority(String... authorities) Checks if the current user has at least one of the specified authorities.
boolean	hasAuthenticationManager() Checks if an AuthenticationManager is available or not.
boolean	hasAuthorities(String... authorities) Checks if the current user has all required authorities.
boolean	hasAuthority(String authority) Checks if the current user has the specified authority.
boolean	isAuthenticated() Returns true if the current user is authenticated and not anonymous.
boolean	isAuthenticatedAnonymously() Returns true if the current user is authenticated and anonymous.
boolean	isFullyAuthenticated() Returns true if the current user is authenticated and neither anonymous nor a Remember Me user.
boolean	isRememberMeAuthenticated() Returns true if the current user is authenticated by a Remember Me token.
Authentication	login(String username, String password) Convenience method that invokes VaadinSecurity.login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.
void	setApplicationContext(ApplicationContext applicationContext)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.vaadin.spring.security.VaadinSecurity

getAuthentication, login, logout

Constructor Detail

AbstractVaadinSecurity

public AbstractVaadinSecurity()

Method Detail

isAuthenticated

public boolean isAuthenticated()

Description copied from interface: VaadinSecurity

Returns true if the current user is authenticated and not anonymous.

Specified by:

isAuthenticated in interface VaadinSecurity

isAuthenticatedAnonymously

public boolean isAuthenticatedAnonymously()

Description copied from interface: VaadinSecurity

Returns true if the current user is authenticated and anonymous.

Specified by:

isAuthenticatedAnonymously in interface VaadinSecurity

isRememberMeAuthenticated

public boolean isRememberMeAuthenticated()

Description copied from interface: VaadinSecurity

Returns true if the current user is authenticated by a Remember Me token.

Specified by:

isRememberMeAuthenticated in interface VaadinSecurity

isFullyAuthenticated

public boolean isFullyAuthenticated()

Description copied from interface: VaadinSecurity

Returns true if the current user is authenticated and neither anonymous nor a Remember Me user.

Specified by:

isFullyAuthenticated in interface VaadinSecurity

login

public Authentication login(String username,
                            String password)
                     throws AuthenticationException,
                            Exception

Description copied from interface: VaadinSecurity

Convenience method that invokes VaadinSecurity.login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.

Specified by:

login in interface VaadinSecurity

Parameters:

username - the username to use, must not be null.

password - the password to use, must not be null.

Returns:

the authenticated Authentication token.

Throws:

AuthenticationException - if authentication fails.

Exception

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface InitializingBean

Throws:

Exception

getApplicationContext

public ApplicationContext getApplicationContext()

Description copied from interface: VaadinSecurityContext

Returns the current Spring application context (never null).

Specified by:

getApplicationContext in interface VaadinSecurityContext

setApplicationContext

public void setApplicationContext(ApplicationContext applicationContext)
                           throws BeansException

Specified by:

setApplicationContext in interface ApplicationContextAware

Throws:

BeansException

getAuthenticationManager

public AuthenticationManager getAuthenticationManager()

Description copied from interface: VaadinSecurityContext

Returns the AuthenticationManager or null if not available.

Specified by:

getAuthenticationManager in interface VaadinSecurityContext

getAccessDecisionManager

public AccessDecisionManager getAccessDecisionManager()

Description copied from interface: VaadinSecurityContext

Returns the AccessDecisionManager or null if not available.

Specified by:

getAccessDecisionManager in interface VaadinSecurityContext

hasAccessDecisionManager

public boolean hasAccessDecisionManager()

Description copied from interface: VaadinSecurityContext

Checks if an AccessDecisionManager is available or not. When this method returns true, VaadinSecurityContext.getAccessDecisionManager() will always returns a non-null object.

Specified by:

hasAccessDecisionManager in interface VaadinSecurityContext

hasAuthenticationManager

public boolean hasAuthenticationManager()

Description copied from interface: VaadinSecurityContext

Checks if an AuthenticationManager is available or not. When this method returns true, VaadinSecurityContext.getAuthenticationManager() always returns a non-null object.

Specified by:

hasAuthenticationManager in interface VaadinSecurityContext

getRememberMeServices

public RememberMeServices getRememberMeServices()

Description copied from interface: VaadinSecurityContext

Returns the RememberMeServices or an instance of NullRememberMeServices if not available.

Specified by:

getRememberMeServices in interface VaadinSecurityContext

hasAuthority

public boolean hasAuthority(String authority)

Description copied from interface: VaadinSecurity

Checks if the current user has the specified authority. This method works with static authorities (such as roles). If you need more dynamic authorization (such as ACLs or EL expressions), use VaadinSecurity.hasAccessToObject(Object, String...).

Specified by:

hasAuthority in interface VaadinSecurity

Parameters:

authority - the authority to check, must not be null.

Returns:

true if the current SecurityContext contains an authenticated Authentication token that has a GrantedAuthority whose string representation matches the specified authority.

See Also:

Authentication.getAuthorities(), GrantedAuthority.getAuthority()

hasAuthorities

public boolean hasAuthorities(String... authorities)

Description copied from interface: VaadinSecurity

Checks if the current user has all required authorities.

Specified by:

hasAuthorities in interface VaadinSecurity

Parameters:

authorities - the required authorities.

Returns:

true if the current user is authenticated and has all of the specified authorities.

See Also:

VaadinSecurity.hasAuthority(String), VaadinSecurity.hasAnyAuthority(String...)

hasAnyAuthority

public boolean hasAnyAuthority(String... authorities)

Description copied from interface: VaadinSecurity

Checks if the current user has at least one of the specified authorities.

Specified by:

hasAnyAuthority in interface VaadinSecurity

Parameters:

authorities - the authorities.

Returns:

true if the current user is authenticated and has at least one of the specified authorities.

See Also:

VaadinSecurity.hasAuthority(String), VaadinSecurity.hasAuthorities(String...)

hasAccessToObject

public boolean hasAccessToObject(Object securedObject,
                                 String... securityConfigurationAttributes)

Description copied from interface: VaadinSecurity

Checks if the current user is authorized based on the specified security configuration attributes. The attributes can be roles or Spring EL expressions (basically anything you can specify as values of the Secured annotation).

Specified by:

hasAccessToObject in interface VaadinSecurity

Parameters:

securedObject - the secured object.

securityConfigurationAttributes - the security configuration attributes.

Returns:

true if the current user is authorized, false if not.

hasAccessToSecuredObject

public boolean hasAccessToSecuredObject(Object securedObject)

Description copied from interface: VaadinSecurity

Convenience method that invokes VaadinSecurity.hasAccessToObject(Object, String...), using the Secured annotation of the secured object to get the security configuration attributes.

Specified by:

hasAccessToSecuredObject in interface VaadinSecurity

Parameters:

securedObject - the secured object, must not be null and must have the Secured annotation.

Returns:

true if the current user is authorized, false if not.

hasAccessToSecuredMethod

public boolean hasAccessToSecuredMethod(Object securedObject,
                                        String methodName,
                                        Class<?>... methodParameterTypes)

Description copied from interface: VaadinSecurity

Uses the Secured annotation on the specified method to check if the current user has access to the secured object.

Specified by:

hasAccessToSecuredMethod in interface VaadinSecurity

Parameters:

securedObject - the secured object, must not be null.

methodName - the name of the method holding the Secured annotation.

methodParameterTypes - the parameter types of the method holding the Secured annotation.

Returns:

true if the current user is authorized, false if not.

See Also:

VaadinSecurity.hasAccessToSecuredObject(Object)