Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jboss.seam.security
Class IdentityImpl

java.lang.Object
  extended by org.jboss.seam.security.IdentityImpl
All Implemented Interfaces:
Serializable, Identity
@Named(value="identity")
@SessionScoped
public class IdentityImpl
extends Object
implements Identity, Serializable

Identity implementation for authentication and authorization

Author:
Shane Bryzak
See Also:
Serialized Form

Field Summary
protected static boolean securityEnabled
           
 
Fields inherited from interface org.jboss.seam.security.Identity
RESPONSE_LOGIN_EXCEPTION, RESPONSE_LOGIN_FAILED, RESPONSE_LOGIN_SUCCESS
 
Constructor Summary
IdentityImpl()
           
 
Method Summary
 boolean addGroup(String name, String groupType)
          Adds the user to the specified group.
 boolean addRole(String roleType, String group, String groupType)
          Adds a role to the authenticated user.
protected  boolean authenticate()
           
 void checkGroup(String group, String groupType)
           
 void checkPermission(Object target, String action)
          Checks if the currently authenticated user has the specified permission for the specified resource.
 void checkRestriction(String expr)
          Performs an authorization check, based on the specified security expression string.
 void checkRole(String roleType, String group, String groupType)
          Checks that the current authenticated user is a member of the specified role.
protected  void deferredAuthenticationObserver(DeferredAuthenticationEvent event)
           
 void filterByPermission(Collection<?> collection, String action)
          Filters a collection of objects by a specified action, by removing the objects from the collection for which the user doesn't have the necessary privileges to perform the specified action against that object.
 Class<Authenticator> getAuthenticatorClass()
           
 String getAuthenticatorName()
           
 Set<org.picketlink.idm.api.Group> getGroups()
          Returns an immutable set containing all the current user's group memberships
 Set<org.picketlink.idm.api.Role> getRoles()
          Returns an immutable set containing all the current user's granted roles
 org.picketlink.idm.api.User getUser()
          Returns the currently authenticated user
 boolean hasPermission(Object target, String action)
          Checks if the currently authenticated user has the necessary permission for a specific resource.
 boolean hasRole(String roleType, String group, String groupType)
          Checks if the authenticated user is a member of the specified role.
 boolean inGroup(String name, String groupType)
          Checks if the authenticated user is a member of the specified group
 boolean isLoggedIn()
          Simple check that returns true if the user is logged in, without attempting to authenticate
static boolean isSecurityEnabled()
           
 boolean isVerified()
          Returns true if the currently authenticated user has provided their correct credentials within the verification window configured by the application.
 String login()
          Performs an authorization check, based on the specified security expression string.
 void logout()
          Logs out the currently authenticated user
protected  Authenticator lookupAuthenticator()
          Returns an Authenticator instance to be used for authentication.
protected  void postAuthenticate()
           
protected  void preAuthenticate()
          Clears any roles added by calling addRole() while not authenticated.
 void quietLogin()
          Attempts a quiet login, suppressing any login exceptions and not creating any faces messages.
 void removeGroup(String name, String groupType)
          Removes the currently authenticated user from the specified group
 void removeRole(String roleType, String group, String groupType)
          Removes a role from the authenticated user
 void runAs(RunAsOperation operation)
           
 void setAuthenticatorClass(Class<Authenticator> authenticatorClass)
           
 void setAuthenticatorName(String authenticatorName)
           
static void setSecurityEnabled(boolean enabled)
           
 boolean tryLogin()
          Will attempt to authenticate quietly if the user's credentials are set and they haven't authenticated already.
 void unAuthenticate()
          Resets all security state and credentials
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

securityEnabled

protected static boolean securityEnabled
Constructor Detail

IdentityImpl

public IdentityImpl()
Method Detail

isSecurityEnabled

public static boolean isSecurityEnabled()

setSecurityEnabled

public static void setSecurityEnabled(boolean enabled)

isLoggedIn

public boolean isLoggedIn()
Description copied from interface: Identity
Simple check that returns true if the user is logged in, without attempting to authenticate

Specified by:
isLoggedIn in interface Identity
Returns:
true if the user is logged in

getAuthenticatorClass

public Class<Authenticator> getAuthenticatorClass()
Specified by:
getAuthenticatorClass in interface Identity

setAuthenticatorClass

public void setAuthenticatorClass(Class<Authenticator> authenticatorClass)
Specified by:
setAuthenticatorClass in interface Identity

getAuthenticatorName

public String getAuthenticatorName()
Specified by:
getAuthenticatorName in interface Identity

setAuthenticatorName

public void setAuthenticatorName(String authenticatorName)
Specified by:
setAuthenticatorName in interface Identity

tryLogin

public boolean tryLogin()
Description copied from interface: Identity
Will attempt to authenticate quietly if the user's credentials are set and they haven't authenticated already. A quiet authentication doesn't throw any exceptions if authentication fails.

Specified by:
tryLogin in interface Identity
Returns:
true if the user is logged in, false otherwise

login

public String login()
Performs an authorization check, based on the specified security expression string.

Specified by:
login in interface Identity
Parameters:
expr - The security expression string to evaluate
Returns:
String returns "loggedIn" if user is authenticated, or null if not.
Throws:
NotLoggedInException - Thrown if the authorization check fails and the user is not authenticated
AuthorizationException - Thrown if the authorization check fails and the user is authenticated

quietLogin

public void quietLogin()
Description copied from interface: Identity
Attempts a quiet login, suppressing any login exceptions and not creating any faces messages. This method is intended to be used primarily as an internal API call, however has been made public for convenience.

Specified by:
quietLogin in interface Identity

authenticate

protected boolean authenticate()
                        throws AuthenticationException
Throws:
AuthenticationException

preAuthenticate

protected void preAuthenticate()
Clears any roles added by calling addRole() while not authenticated. This method may be overridden by a subclass if different pre-authentication logic should occur.

deferredAuthenticationObserver

protected void deferredAuthenticationObserver(@Observes
                                              DeferredAuthenticationEvent event)

postAuthenticate

protected void postAuthenticate()

lookupAuthenticator

protected Authenticator lookupAuthenticator()
                                     throws AuthenticationException
Returns an Authenticator instance to be used for authentication. The default implementation obeys the following business logic: 1. If the user has specified an authenticatorClass property, use it to locate the Authenticator with that exact type 2. If the user has specified an authenticatorName property, use it to locate and return the Authenticator with that name 3. If the authenticatorClass and authenticatorName haven't been specified, and the user has provided their own custom Authenticator, return that one 4. If the user hasn't provided a custom Authenticator, return IdmAuthenticator and attempt to use the identity management API to authenticate

Returns:
Throws:
AuthenticationException

unAuthenticate

public void unAuthenticate()
Resets all security state and credentials

logout

public void logout()
Description copied from interface: Identity
Logs out the currently authenticated user

Specified by:
logout in interface Identity

hasRole

public boolean hasRole(String roleType,
                       String group,
                       String groupType)
Description copied from interface: Identity
Checks if the authenticated user is a member of the specified role.

Specified by:
hasRole in interface Identity
Parameters:
roleType - String The name of the role to check
Returns:
boolean True if the user is a member of the specified role

addRole

public boolean addRole(String roleType,
                       String group,
                       String groupType)
Description copied from interface: Identity
Adds a role to the authenticated user. If the user is not logged in, the role will be added to a list of roles that will be granted to the user upon successful authentication, but only during the authentication process.

Specified by:
addRole in interface Identity
Parameters:
roleType - The name of the role to add

inGroup

public boolean inGroup(String name,
                       String groupType)
Description copied from interface: Identity
Checks if the authenticated user is a member of the specified group

Specified by:
inGroup in interface Identity
Parameters:
name - The name of the group
groupType - The type of the group, e.g. "office", "department", "global role", etc
Returns:
true if the user is a member of the group

addGroup

public boolean addGroup(String name,
                        String groupType)
Description copied from interface: Identity
Adds the user to the specified group. See hasRole() for semantics in relationship to the authenticated status of the user.

Specified by:
addGroup in interface Identity
Parameters:
name - The name of the group
groupType - The type of the group
Returns:
true if the group was successfully added

removeGroup

public void removeGroup(String name,
                        String groupType)
Description copied from interface: Identity
Removes the currently authenticated user from the specified group

Specified by:
removeGroup in interface Identity
Parameters:
name - The name of the group
groupType - The type of the group

removeRole

public void removeRole(String roleType,
                       String group,
                       String groupType)
Removes a role from the authenticated user

Specified by:
removeRole in interface Identity
Parameters:
role - The name of the role to remove

checkRole

public void checkRole(String roleType,
                      String group,
                      String groupType)
Description copied from interface: Identity
Checks that the current authenticated user is a member of the specified role.

Specified by:
checkRole in interface Identity
Parameters:
roleType - String The name of the role to check

checkGroup

public void checkGroup(String group,
                       String groupType)
Specified by:
checkGroup in interface Identity

checkPermission

public void checkPermission(Object target,
                            String action)
Description copied from interface: Identity
Checks if the currently authenticated user has the specified permission for the specified resource.

Specified by:
checkPermission in interface Identity
Parameters:
target - The resource for which the user wishes to perform a restricted action
action - The name of the permission that the user requires to invoke the operation

filterByPermission

public void filterByPermission(Collection<?> collection,
                               String action)
Description copied from interface: Identity
Filters a collection of objects by a specified action, by removing the objects from the collection for which the user doesn't have the necessary privileges to perform the specified action against that object.

Specified by:
filterByPermission in interface Identity
Parameters:
collection - The Collection to filter

hasPermission

public boolean hasPermission(Object target,
                             String action)
Description copied from interface: Identity
Checks if the currently authenticated user has the necessary permission for a specific resource.

Specified by:
hasPermission in interface Identity
Returns:
true if the user has the required permission, otherwise false

runAs

public void runAs(RunAsOperation operation)

checkRestriction

public void checkRestriction(String expr)
Description copied from interface: Identity
Performs an authorization check, based on the specified security expression string.

Specified by:
checkRestriction in interface Identity
Parameters:
expr - The security expression string to evaluate

getUser

public org.picketlink.idm.api.User getUser()
Description copied from interface: Identity
Returns the currently authenticated user

Specified by:
getUser in interface Identity
Returns:

getRoles

public Set<org.picketlink.idm.api.Role> getRoles()
Description copied from interface: Identity
Returns an immutable set containing all the current user's granted roles

Specified by:
getRoles in interface Identity
Returns:

getGroups

public Set<org.picketlink.idm.api.Group> getGroups()
Description copied from interface: Identity
Returns an immutable set containing all the current user's group memberships

Specified by:
getGroups in interface Identity
Returns:

isVerified

public boolean isVerified()
Description copied from interface: Identity
Returns true if the currently authenticated user has provided their correct credentials within the verification window configured by the application.

Specified by:
isVerified in interface Identity
Returns:
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2011 Seam Framework. All Rights Reserved.