org.jboss.seam.security
Class Identity

java.lang.Object
  extended by org.jboss.seam.security.Identity
All Implemented Interfaces:
Serializable

@Name(value="org.jboss.seam.security.identity")
@Scope(value=SESSION)
@Install(precedence=0)
@BypassInterceptors
@Startup
public class Identity
extends Object
implements Serializable

API for authorization and authentication via Seam security. This base implementation supports role-based authorization only. Subclasses may add more sophisticated permissioning mechanisms.

Author:
Shane Bryzak
See Also:
Serialized Form

Field Summary
static String EVENT_ALREADY_LOGGED_IN
           
static String EVENT_LOGGED_OUT
           
static String EVENT_LOGIN_FAILED
           
static String EVENT_LOGIN_SUCCESSFUL
           
static String EVENT_NOT_AUTHORIZED
           
static String EVENT_NOT_LOGGED_IN
           
static String EVENT_POST_AUTHENTICATE
           
static String EVENT_PRE_AUTHENTICATE
           
static String EVENT_QUIET_LOGIN
           
static String ROLES_GROUP
           
protected static boolean securityEnabled
           
 
Constructor Summary
Identity()
           
 
Method Summary
 void acceptExternallyAuthenticatedPrincipal(Principal principal)
           
 boolean addRole(String role)
          Adds a role to the authenticated user.
 void authenticate()
           
protected  void authenticate(LoginContext loginContext)
           
 void checkPermission(Object target, String action)
           
 void checkPermission(String name, String action, Object... arg)
          Checks that the current authenticated user has permission for the specified name and action
 void checkRestriction(String expr)
          Performs an authorization check, based on the specified security expression.
 void checkRole(String role)
          Checks that the current authenticated user is a member of the specified role.
 void create()
           
protected  boolean evaluateExpression(String expr)
          Evaluates the specified security expression, which must return a boolean value.
 void filterByPermission(Collection collection, String action)
           
 Expressions.MethodExpression getAuthenticateMethod()
           
 Credentials getCredentials()
           
 String getJaasConfigName()
           
protected  LoginContext getLoginContext()
           
 String getPassword()
          Deprecated. 
 Principal getPrincipal()
           
 Subject getSubject()
           
 String getUsername()
          Deprecated. 
 boolean hasPermission(Object target, String action)
           
 boolean hasPermission(String name, String action, Object... arg)
          Performs a permission check for the specified name and action
 boolean hasRole(String role)
          Checks if the authenticated user is a member of the specified role.
static Identity instance()
           
 boolean isLoggedIn()
          Simple check that returns true if the user is logged in, without attempting to authenticate
 boolean isLoggedIn(boolean attemptLogin)
          Deprecated. 
 boolean isRememberMe()
          Deprecated. 
static boolean isSecurityEnabled()
           
 String login()
          Attempts to authenticate the user.
 void logout()
           
protected  void postAuthenticate()
          Extracts the principal from the subject, and populates the roles of the authenticated user.
protected  void preAuthenticate()
          Clears any roles added by calling addRole() while not authenticated.
 void quietLogin()
          Attempts a quiet login, suppressing any login exceptions and not creating any faces messages.
 void removeRole(String role)
          Removes a role from the authenticated user
 void setAuthenticateMethod(Expressions.MethodExpression authMethod)
           
 void setJaasConfigName(String jaasConfigName)
           
 void setPassword(String password)
          Deprecated. 
 void setRememberMe(boolean remember)
          Deprecated. 
static void setSecurityEnabled(boolean enabled)
           
 void setUsername(String username)
          Deprecated. 
 boolean tryLogin()
          Will attempt to authenticate quietly if the user's credentials are set and they haven't authenticated already.
 void unAuthenticate()
          Resets all security state and credentials
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

EVENT_LOGIN_SUCCESSFUL

public static final String EVENT_LOGIN_SUCCESSFUL
See Also:
Constant Field Values

EVENT_LOGIN_FAILED

public static final String EVENT_LOGIN_FAILED
See Also:
Constant Field Values

EVENT_NOT_LOGGED_IN

public static final String EVENT_NOT_LOGGED_IN
See Also:
Constant Field Values

EVENT_NOT_AUTHORIZED

public static final String EVENT_NOT_AUTHORIZED
See Also:
Constant Field Values

EVENT_PRE_AUTHENTICATE

public static final String EVENT_PRE_AUTHENTICATE
See Also:
Constant Field Values

EVENT_POST_AUTHENTICATE

public static final String EVENT_POST_AUTHENTICATE
See Also:
Constant Field Values

EVENT_LOGGED_OUT

public static final String EVENT_LOGGED_OUT
See Also:
Constant Field Values

EVENT_ALREADY_LOGGED_IN

public static final String EVENT_ALREADY_LOGGED_IN
See Also:
Constant Field Values

EVENT_QUIET_LOGIN

public static final String EVENT_QUIET_LOGIN
See Also:
Constant Field Values

securityEnabled

protected static boolean securityEnabled

ROLES_GROUP

public static final String ROLES_GROUP
See Also:
Constant Field Values
Constructor Detail

Identity

public Identity()
Method Detail

create

@Create
public void create()

isSecurityEnabled

public static boolean isSecurityEnabled()

setSecurityEnabled

public static void setSecurityEnabled(boolean enabled)

instance

public static Identity instance()

isLoggedIn

public boolean isLoggedIn()
Simple check that returns true if the user is logged in, without attempting to authenticate

Returns:
true if the user is logged in

tryLogin

public boolean tryLogin()
Will attempt to authenticate quietly if the user's credentials are set and they haven't authenticated already. A quiet authentication doesn't throw any exceptions if authentication fails.

Returns:
true if the user is logged in, false otherwise

isLoggedIn

@Deprecated
public boolean isLoggedIn(boolean attemptLogin)
Deprecated. 


acceptExternallyAuthenticatedPrincipal

public void acceptExternallyAuthenticatedPrincipal(Principal principal)

getPrincipal

public Principal getPrincipal()

getSubject

public Subject getSubject()

checkRestriction

public void checkRestriction(String expr)
Performs an authorization check, based on the specified security expression.

Parameters:
expr - The security expression to evaluate
Throws:
NotLoggedInException - Thrown if the authorization check fails and the user is not authenticated
AuthorizationException - Thrown if the authorization check fails and the user is authenticated

login

public String login()
Attempts to authenticate the user. This method is distinct to the authenticate() method in that it raises events in response to whether authentication is successful or not. The following events may be raised by calling login(): org.jboss.seam.security.loginSuccessful - raised when authentication is successful org.jboss.seam.security.loginFailed - raised when authentication fails org.jboss.seam.security.alreadyLoggedIn - raised if the user is already authenticated

Returns:
String returns "loggedIn" if user is authenticated, or null if not.

quietLogin

public void quietLogin()
Attempts a quiet login, suppressing any login exceptions and not creating any faces messages. This method is intended to be used primarily as an internal API call, however has been made public for convenience.


authenticate

public void authenticate()
                  throws LoginException
Throws:
LoginException

authenticate

protected void authenticate(LoginContext loginContext)
                     throws LoginException
Throws:
LoginException

preAuthenticate

protected void preAuthenticate()
Clears any roles added by calling addRole() while not authenticated. This method may be overridden by a subclass if different pre-authentication logic should occur.


postAuthenticate

protected void postAuthenticate()
Extracts the principal from the subject, and populates the roles of the authenticated user. This method may be overridden by a subclass if different post-authentication logic should occur.


unAuthenticate

public void unAuthenticate()
Resets all security state and credentials


getLoginContext

protected LoginContext getLoginContext()
                                throws LoginException
Throws:
LoginException

logout

public void logout()

hasRole

public boolean hasRole(String role)
Checks if the authenticated user is a member of the specified role.

Parameters:
role - String The name of the role to check
Returns:
boolean True if the user is a member of the specified role

addRole

public boolean addRole(String role)
Adds a role to the authenticated user. If the user is not logged in, the role will be added to a list of roles that will be granted to the user upon successful authentication, but only during the authentication process.

Parameters:
role - The name of the role to add

removeRole

public void removeRole(String role)
Removes a role from the authenticated user

Parameters:
role - The name of the role to remove

checkRole

public void checkRole(String role)
Checks that the current authenticated user is a member of the specified role.

Parameters:
role - String The name of the role to check
Throws:
AuthorizationException - if the authenticated user is not a member of the role

checkPermission

public void checkPermission(String name,
                            String action,
                            Object... arg)
Checks that the current authenticated user has permission for the specified name and action

Parameters:
name - String The permission name
action - String The permission action
arg - Object Optional object parameter used to make a permission decision
Throws:
AuthorizationException - if the user does not have the specified permission

checkPermission

public void checkPermission(Object target,
                            String action)

hasPermission

public boolean hasPermission(String name,
                             String action,
                             Object... arg)
Performs a permission check for the specified name and action

Parameters:
name - String The permission name
action - String The permission action
arg - Object Optional object parameter used to make a permission decision
Returns:
boolean True if the user has the specified permission

filterByPermission

public void filterByPermission(Collection collection,
                               String action)

hasPermission

public boolean hasPermission(Object target,
                             String action)

evaluateExpression

protected boolean evaluateExpression(String expr)
Evaluates the specified security expression, which must return a boolean value.

Parameters:
expr - String The expression to evaluate
Returns:
boolean The result of the expression evaluation

getUsername

@Deprecated
public String getUsername()
Deprecated. 

See Also:
Credentials.getUsername()

setUsername

@Deprecated
public void setUsername(String username)
Deprecated. 

See Also:
Credentials.setUsername(String)

getPassword

@Deprecated
public String getPassword()
Deprecated. 

See Also:
Credentials.getPassword()

setPassword

@Deprecated
public void setPassword(String password)
Deprecated. 

See Also:
Credentials.setPassword(String)

isRememberMe

@Deprecated
public boolean isRememberMe()
Deprecated. 

See Also:
RememberMe.isEnabled()

setRememberMe

@Deprecated
public void setRememberMe(boolean remember)
Deprecated. 

See Also:
RememberMe.setEnabled(boolean)

getCredentials

public Credentials getCredentials()

getAuthenticateMethod

public Expressions.MethodExpression getAuthenticateMethod()

setAuthenticateMethod

public void setAuthenticateMethod(Expressions.MethodExpression authMethod)

getJaasConfigName

public String getJaasConfigName()

setJaasConfigName

public void setJaasConfigName(String jaasConfigName)


Copyright © 2011 Seam Framework. All Rights Reserved.