org.vaadin.spring.security.shared

Class DefaultVaadinSharedSecurity

java.lang.Object

org.vaadin.spring.security.AbstractVaadinSecurity

org.vaadin.spring.security.shared.DefaultVaadinSharedSecurity

All Implemented Interfaces:

Aware, InitializingBean, ApplicationContextAware, VaadinSharedSecurity, VaadinSecurity, VaadinSecurityContext

public class DefaultVaadinSharedSecurity
extends AbstractVaadinSecurity
implements VaadinSharedSecurity

Default implementation of VaadinSharedSecurity.

Author:

Petter Holmström (petter@vaadin.com), Gert-Jan Timmer (gjr.timmer@gmail.com)

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected class	DefaultVaadinSharedSecurity.RememberMeRequestWrapper A request wrapper that overrides the value of the remember me parameter based on the values provided in the constructor.

Constructor Summary

Constructors

Constructor and Description
DefaultVaadinSharedSecurity()

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
Authentication	getAuthentication() Gets the authentication token of the current user.
protected javax.servlet.http.HttpServletRequest	getCurrentRequest() Returns the HTTP request bound to the current thread.
protected javax.servlet.http.HttpServletResponse	getCurrentResponse() Returns the HTTP response bound to the current thread.
protected String	getRememberMeParameter() Returns the name of the request parameter that enables or disables remember me authentication.
protected SessionAuthenticationStrategy	getSessionAuthenticationStrategy()
protected VaadinAuthenticationSuccessHandler	getVaadinAuthenticationSuccessHandler()
protected VaadinLogoutHandler	getVaadinLogoutHandler()
Authentication	login(Authentication authentication) Tries to login using the specified authentication object.
Authentication	login(Authentication authentication, boolean rememberMe) Tries to login using the specified authentication object.
Authentication	login(String username, String password, boolean rememberMe) Convenience method that invokes VaadinSecurity.login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.
void	logout() Logs the user out.
void	setSaveContextInSessionAfterLogin(boolean saveContextInSessionAfterLogin) Specifies whether the security context should be explicitly saved in the session after login(org.springframework.security.core.Authentication, boolean) completes.
void	setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy) Makes it possible to replace the SessionAuthenticationStrategy after the bean has been configured.
void	setSpringSecurityContextKey(String springSecurityContextKey) Sets the session attribute key under which the security context is stored.
void	setVaadinAuthenticationSuccessHandler(VaadinAuthenticationSuccessHandler vaadinAuthenticationSuccessHandler) Makes it possible to replace the VaadinAuthenticationSuccessHandler after the bean has been configured.
void	setVaadinLogoutHandler(VaadinLogoutHandler vaadinLogoutHandler) Makes it possible to replace the VaadinLogoutHandler after the bean has been configured.
protected void	successfulAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Called by login(Authentication, boolean) upon successful authentication.
protected void	unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Called by login(Authentication, boolean) upon unsuccessful authentication.

Methods inherited from class org.vaadin.spring.security.AbstractVaadinSecurity

getAccessDecisionManager, getApplicationContext, getAuthenticationManager, getRememberMeServices, hasAccessDecisionManager, hasAccessToObject, hasAccessToSecuredMethod, hasAccessToSecuredObject, hasAnyAuthority, hasAuthenticationManager, hasAuthorities, hasAuthority, isAuthenticated, isAuthenticatedAnonymously, isFullyAuthenticated, isRememberMeAuthenticated, login, setApplicationContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.vaadin.spring.security.VaadinSecurity

hasAccessToObject, hasAccessToSecuredMethod, hasAccessToSecuredObject, hasAnyAuthority, hasAuthorities, hasAuthority, isAuthenticated, isAuthenticatedAnonymously, isFullyAuthenticated, isRememberMeAuthenticated, login

Methods inherited from interface org.vaadin.spring.security.VaadinSecurityContext

getAccessDecisionManager, getApplicationContext, getAuthenticationManager, getRememberMeServices, hasAccessDecisionManager, hasAuthenticationManager

Constructor Detail

DefaultVaadinSharedSecurity

public DefaultVaadinSharedSecurity()

Method Detail

login

public Authentication login(Authentication authentication,
                            boolean rememberMe)
                     throws Exception

Description copied from interface: VaadinSharedSecurity

Tries to login using the specified authentication object. If authentication succeeds, this method will return without exceptions.

Specified by:

login in interface VaadinSharedSecurity

Parameters:

authentication - the authentication object to authenticate, must not be null.

rememberMe - boolean to indicate if remember me authentication should be activated

Returns:

the authenticated Authentication token.

Throws:

AuthenticationException - if authentication fails.

Exception

getRememberMeParameter

protected String getRememberMeParameter()

Returns the name of the request parameter that enables or disables remember me authentication. If the RememberMeServices extends AbstractRememberMeServices, the parameter will be retrieved from there. Otherwise, AbstractRememberMeServices.DEFAULT_PARAMETER is returned.

unsuccessfulAuthentication

protected void unsuccessfulAuthentication(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response)

Called by login(Authentication, boolean) upon unsuccessful authentication. This implementation will clear the security context holder and inform the RememberMeServices of the failed login.

Parameters:

request - the current request.

response - the current response.

successfulAuthentication

protected void successfulAuthentication(Authentication authentication,
                                        javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response)
                                 throws Exception

Called by login(Authentication, boolean) upon successful authentication. This implementation will update the security context holder, inform the RememberMeServices and invoke the authentication success handler.

Parameters:

authentication - the authentication token returned by the AuthenticationManager.

request - the current request.

response - the current response.

Throws:

Exception

getCurrentRequest

protected javax.servlet.http.HttpServletRequest getCurrentRequest()

Returns the HTTP request bound to the current thread.

getCurrentResponse

protected javax.servlet.http.HttpServletResponse getCurrentResponse()

Returns the HTTP response bound to the current thread.

login

public Authentication login(String username,
                            String password,
                            boolean rememberMe)
                     throws Exception

Description copied from interface: VaadinSharedSecurity

Convenience method that invokes VaadinSecurity.login(org.springframework.security.core.Authentication) with a UsernamePasswordAuthenticationToken-object.

Specified by:

login in interface VaadinSharedSecurity

Parameters:

username - the username to use, must not be null.

password - the password to use, must not be null.

rememberMe - boolean to set remember me authentication

Returns:

the authenticated Authentication token.

Throws:

AuthenticationException - if authentication fails.

Exception

login

public Authentication login(Authentication authentication)
                     throws Exception

Description copied from interface: VaadinSecurity

Tries to login using the specified authentication object. If authentication succeeds, this method will return without exceptions.

Specified by:

login in interface VaadinSecurity

Parameters:

authentication - the authentication object to authenticate, must not be null.

Returns:

the authenticated Authentication token.

Throws:

AuthenticationException - if authentication fails.

Exception

logout

public void logout()

Description copied from interface: VaadinSecurity

Logs the user out.

Specified by:

logout in interface VaadinSecurity

getAuthentication

public Authentication getAuthentication()

Description copied from interface: VaadinSecurity

Gets the authentication token of the current user.

Specified by:

getAuthentication in interface VaadinSecurity

Returns:

the Authentication token stored in the current SecurityContext, or null.

setSpringSecurityContextKey

public void setSpringSecurityContextKey(String springSecurityContextKey)

Sets the session attribute key under which the security context is stored. Defaults to HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY.

setSaveContextInSessionAfterLogin

public void setSaveContextInSessionAfterLogin(boolean saveContextInSessionAfterLogin)

Specifies whether the security context should be explicitly saved in the session after login(org.springframework.security.core.Authentication, boolean) completes. Defaults to false.

See Also:

setSpringSecurityContextKey(String)

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface InitializingBean

Overrides:

afterPropertiesSet in class AbstractVaadinSecurity

Throws:

Exception

setVaadinAuthenticationSuccessHandler

public void setVaadinAuthenticationSuccessHandler(VaadinAuthenticationSuccessHandler vaadinAuthenticationSuccessHandler)

Makes it possible to replace the VaadinAuthenticationSuccessHandler after the bean has been configured.

getVaadinAuthenticationSuccessHandler

protected VaadinAuthenticationSuccessHandler getVaadinAuthenticationSuccessHandler()

setSessionAuthenticationStrategy

public void setSessionAuthenticationStrategy(SessionAuthenticationStrategy sessionAuthenticationStrategy)

Makes it possible to replace the SessionAuthenticationStrategy after the bean has been configured.

getSessionAuthenticationStrategy

protected SessionAuthenticationStrategy getSessionAuthenticationStrategy()

setVaadinLogoutHandler

public void setVaadinLogoutHandler(VaadinLogoutHandler vaadinLogoutHandler)

Makes it possible to replace the VaadinLogoutHandler after the bean has been configured.

getVaadinLogoutHandler

protected VaadinLogoutHandler getVaadinLogoutHandler()