Package cloud.piranha.webapp.impl
Class DefaultSecurityManager
- java.lang.Object
-
- cloud.piranha.webapp.impl.DefaultSecurityManager
-
- All Implemented Interfaces:
SecurityManager
public class DefaultSecurityManager extends Object implements SecurityManager
The default SecurityManager.This security manager implies the use of DefaultWebApplicationRequest, if your server / web application does not want to use DefaultWebApplicationRequest or subclass DefaultWebApplicationRequest you have to implement your own security manager.
- Author:
- Manfred Riem ([email protected])
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface cloud.piranha.webapp.api.SecurityManager
SecurityManager.AuthenticateSource, SecurityManager.UsernamePasswordLoginHandler
-
-
Field Summary
Fields Modifier and Type Field Description protected booleandenyUncoveredHttpMethodsStores if we are denying uncovered HTTP methods.protected HashMap<String,String>loginsStores the logins.protected ArrayList<String>rolesStores the roles.protected HashMap<String,String[]>userRolesStores the user roles.protected WebApplicationwebApplicationStores the web application.
-
Constructor Summary
Constructors Constructor Description DefaultSecurityManager()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddUser(String username, String password, String... roles)Add user.booleanauthenticate(HttpServletRequest request, HttpServletResponse response)Authenticate the request.voiddeclareRoles(String[] roles)Declare roles.booleangetDenyUncoveredHttpMethods()Get if we are denying uncovered HTTP methods.WebApplicationgetWebApplication()Get the web application.booleanisUserInRole(HttpServletRequest request, String role)Is the user in the given role.voidlogin(HttpServletRequest request, String username, String password)Login with the given username and password.voidlogout(HttpServletRequest request, HttpServletResponse response)Logout.voidremoveUser(String username)Remove the given user.voidsetDenyUncoveredHttpMethods(boolean denyUncoveredHttpMethods)Set if we are denying uncovered HTTP methods.voidsetWebApplication(WebApplication webApplication)Set the web application.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface cloud.piranha.webapp.api.SecurityManager
authenticate, getAuthenticatedRequest, getAuthenticatedResponse, isCallerAuthorizedForResource, isRequestedResourcePublic, isRequestSecurityAsRequired, postRequestProcess, setUsernamePasswordLoginHandler
-
-
-
-
Field Detail
-
denyUncoveredHttpMethods
protected boolean denyUncoveredHttpMethods
Stores if we are denying uncovered HTTP methods.
-
webApplication
protected WebApplication webApplication
Stores the web application.
-
-
Method Detail
-
addUser
public void addUser(String username, String password, String... roles)
Add user.- Parameters:
username- the username.password- the password.roles- the roles.
-
authenticate
public boolean authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
Authenticate the request.- Specified by:
authenticatein interfaceSecurityManager- Parameters:
request- the request.response- the response.- Returns:
- true if authenticated, false otherwise.
- Throws:
IOException- when an I/O error occurs.ServletException- when a Servlet error occurs.
-
declareRoles
public void declareRoles(String[] roles)
Declare roles.- Specified by:
declareRolesin interfaceSecurityManager- Parameters:
roles- the roles.
-
getDenyUncoveredHttpMethods
public boolean getDenyUncoveredHttpMethods()
Get if we are denying uncovered HTTP methods.- Specified by:
getDenyUncoveredHttpMethodsin interfaceSecurityManager- Returns:
- true if we are, false otherwise.
-
getWebApplication
public WebApplication getWebApplication()
Get the web application.- Specified by:
getWebApplicationin interfaceSecurityManager- Returns:
- the web application.
-
isUserInRole
public boolean isUserInRole(HttpServletRequest request, String role)
Is the user in the given role.- Specified by:
isUserInRolein interfaceSecurityManager- Parameters:
request- the request.role- the role.- Returns:
- true if in the role, false otherwise.
-
login
public void login(HttpServletRequest request, String username, String password) throws ServletException
Login with the given username and password.- Specified by:
loginin interfaceSecurityManager- Parameters:
request- the servlet request.username- the username.password- the password.- Throws:
ServletException- when a serious error occurs.
-
logout
public void logout(HttpServletRequest request, HttpServletResponse response) throws ServletException
Logout.- Specified by:
logoutin interfaceSecurityManager- Parameters:
request- the request.response- the response.- Throws:
ServletException- when a serious error occurs.
-
removeUser
public void removeUser(String username)
Remove the given user.- Parameters:
username- the username.
-
setDenyUncoveredHttpMethods
public void setDenyUncoveredHttpMethods(boolean denyUncoveredHttpMethods)
Set if we are denying uncovered HTTP methods.- Specified by:
setDenyUncoveredHttpMethodsin interfaceSecurityManager- Parameters:
denyUncoveredHttpMethods- the boolean value.
-
setWebApplication
public void setWebApplication(WebApplication webApplication)
Set the web application.- Specified by:
setWebApplicationin interfaceSecurityManager- Parameters:
webApplication- the web application.
-
-