Package cloud.piranha.security.jakarta
Class JakartaSecurityManager
java.lang.Object
cloud.piranha.security.jakarta.JakartaSecurityManager
- All Implemented Interfaces:
SecurityManager
public class JakartaSecurityManager extends java.lang.Object implements SecurityManager
SecurityManager implementation that uses Jakarta Security semantics.
WIP!
- Author:
- Arjan Tijms
-
Nested Class Summary
Nested classes/interfaces inherited from interface cloud.piranha.webapp.api.SecurityManager
SecurityManager.AuthenticateSource, SecurityManager.UsernamePasswordLoginHandler
-
Constructor Summary
Constructors Constructor Description JakartaSecurityManager()
-
Method Summary
Modifier and Type Method Description boolean
authenticate(HttpServletRequest request, HttpServletResponse response)
Authenticate the request.boolean
authenticate(HttpServletRequest request, HttpServletResponse response, SecurityManager.AuthenticateSource source)
Authenticate the request.void
declareRoles(java.lang.String[] roles)
Declare roles.void
declareRoles(java.util.Collection<java.lang.String> roles)
HttpServletRequest
getAuthenticatedRequest(HttpServletRequest request, HttpServletResponse response)
Gets the request object the security system wants to put in place.HttpServletResponse
getAuthenticatedResponse(HttpServletRequest request, HttpServletResponse response)
Gets the response object the security system wants to put in place.protected org.omnifaces.eleos.services.DefaultAuthenticationService
getAuthenticationService(HttpServletRequest request)
protected org.omnifaces.exousia.AuthorizationService
getAuthorizationService(HttpServletRequest request)
boolean
getDenyUncoveredHttpMethods()
Get if we are denying uncovered HTTP methods.java.util.Set<java.lang.String>
getRoles()
Get the declared rolesWebApplication
getWebApplication()
Get the web application.boolean
isCallerAuthorizedForResource(HttpServletRequest request)
Check if the current caller (which can be the anonymous caller) is authorized to access the requested resource.boolean
isRequestedResourcePublic(HttpServletRequest request)
Check if the requested resource, represented by the request, is public or not.boolean
isRequestSecurityAsRequired(HttpServletRequest request, HttpServletResponse response)
Check if the current request adheres to the user data constraint, if any.boolean
isUserInRole(HttpServletRequest request, java.lang.String role)
Is the user in the specific role.void
login(HttpServletRequest request, java.lang.String username, java.lang.String password)
Login.void
logout(HttpServletRequest request, HttpServletResponse response)
Logout.void
postRequestProcess(HttpServletRequest request, HttpServletResponse response)
Gives the security system the opportunity to process the response after the request (after the target resource has been invoked).void
setDenyUncoveredHttpMethods(boolean denyUncoveredHttpMethods)
Set if we are denying uncovered HTTP methods.void
setUsernamePasswordLoginHandler(SecurityManager.UsernamePasswordLoginHandler usernamePasswordLoginHandler)
Set the handler that may be used by the login method to contact an identity store.void
setWebApplication(WebApplication webApplication)
Set the web application.
-
Constructor Details
-
JakartaSecurityManager
public JakartaSecurityManager()
-
-
Method Details
-
declareRoles
public void declareRoles(java.lang.String[] roles)Description copied from interface:SecurityManager
Declare roles.- Specified by:
declareRoles
in interfaceSecurityManager
- Parameters:
roles
- the roles.
-
declareRoles
public void declareRoles(java.util.Collection<java.lang.String> roles)- Specified by:
declareRoles
in interfaceSecurityManager
-
getRoles
public java.util.Set<java.lang.String> getRoles()Description copied from interface:SecurityManager
Get the declared roles- Specified by:
getRoles
in interfaceSecurityManager
- Returns:
- the roles
-
isRequestSecurityAsRequired
public boolean isRequestSecurityAsRequired(HttpServletRequest request, HttpServletResponse response) throws java.io.IOException, ServletExceptionDescription copied from interface:SecurityManager
Check if the current request adheres to the user data constraint, if any.In practice this means checking if HTTPS is used when so required by the application.
- Specified by:
isRequestSecurityAsRequired
in interfaceSecurityManager
- Parameters:
request
- the request.response
- the response.- Returns:
- true if request adheres to constraints, false otherwise
- Throws:
java.io.IOException
- when an I/O error occurs.ServletException
- when a servlet error occurs.
-
isRequestedResourcePublic
Description copied from interface:SecurityManager
Check if the requested resource, represented by the request, is public or not.- Specified by:
isRequestedResourcePublic
in interfaceSecurityManager
- Parameters:
request
- the request.- Returns:
- true if the requested resource can be accessed by public (unauthenticated) callers, otherwise false
-
isCallerAuthorizedForResource
Description copied from interface:SecurityManager
Check if the current caller (which can be the anonymous caller) is authorized to access the requested resource.If the unauthenticated caller is authorized, then this means the resource is public (aka unconstrained, aka unchecked), and the outcome of this method MUST be consistent with
SecurityManager.isRequestedResourcePublic(HttpServletRequest)
.- Specified by:
isCallerAuthorizedForResource
in interfaceSecurityManager
- Parameters:
request
- the request.- Returns:
- true if the current caller is allowed to access the requested resource, false otherwise
-
isUserInRole
Description copied from interface:SecurityManager
Is the user in the specific role.- Specified by:
isUserInRole
in interfaceSecurityManager
- Parameters:
request
- the request.role
- the role.- Returns:
- true if in the role, false otherwise.
-
authenticate
public boolean authenticate(HttpServletRequest request, HttpServletResponse response) throws java.io.IOException, ServletExceptionDescription copied from interface:SecurityManager
Authenticate the request.- Specified by:
authenticate
in interfaceSecurityManager
- Parameters:
request
- the request.response
- the response.- Returns:
- true if authenticated.
- Throws:
java.io.IOException
- when an I/O error occurs.ServletException
- when a servlet error occurs.
-
authenticate
public boolean authenticate(HttpServletRequest request, HttpServletResponse response, SecurityManager.AuthenticateSource source) throws java.io.IOException, ServletExceptionDescription copied from interface:SecurityManager
Authenticate the request.- Specified by:
authenticate
in interfaceSecurityManager
- Parameters:
request
- the request.response
- the response.source
- the source or moment from where this authenticate method is called- Returns:
- true if authenticated.
- Throws:
java.io.IOException
- when an I/O error occurs.ServletException
- when a servlet error occurs.
-
login
public void login(HttpServletRequest request, java.lang.String username, java.lang.String password) throws ServletExceptionDescription copied from interface:SecurityManager
Login.- Specified by:
login
in interfaceSecurityManager
- Parameters:
request
- the request.username
- the username.password
- the password.- Throws:
ServletException
- when unable to login.
-
getAuthenticatedRequest
public HttpServletRequest getAuthenticatedRequest(HttpServletRequest request, HttpServletResponse response)Description copied from interface:SecurityManager
Gets the request object the security system wants to put in place.This method allows the security system (or authentication module being delegated to) a custom or, more likely, wrapped request.
- Specified by:
getAuthenticatedRequest
in interfaceSecurityManager
- Parameters:
request
- the request.response
- the response.- Returns:
- a request object that the runtime should put into service
-
getAuthenticatedResponse
public HttpServletResponse getAuthenticatedResponse(HttpServletRequest request, HttpServletResponse response)Description copied from interface:SecurityManager
Gets the response object the security system wants to put in place.This method allows the security system (or authentication module being delegated to) a custom or, more likely, wrapped response.
- Specified by:
getAuthenticatedResponse
in interfaceSecurityManager
- Parameters:
request
- the request.response
- the response.- Returns:
- a response object that the runtime should put into service
-
postRequestProcess
public void postRequestProcess(HttpServletRequest request, HttpServletResponse response) throws java.io.IOException, ServletExceptionDescription copied from interface:SecurityManager
Gives the security system the opportunity to process the response after the request (after the target resource has been invoked).Although this may be rare to used in practice, it allows for encryption of the response, inserting security tokens, signing the response, etc.
- Specified by:
postRequestProcess
in interfaceSecurityManager
- Parameters:
request
- the request.response
- the response.- Throws:
java.io.IOException
- when an I/O error occurs.ServletException
- when a servlet error occurs.
-
logout
public void logout(HttpServletRequest request, HttpServletResponse response) throws ServletExceptionDescription copied from interface:SecurityManager
Logout.- Specified by:
logout
in interfaceSecurityManager
- Parameters:
request
- the request.response
- the response.- Throws:
ServletException
- when a servlet error occurs.
-
getWebApplication
Description copied from interface:SecurityManager
Get the web application.- Specified by:
getWebApplication
in interfaceSecurityManager
- Returns:
- the web application.
-
setWebApplication
Description copied from interface:SecurityManager
Set the web application.- Specified by:
setWebApplication
in interfaceSecurityManager
- Parameters:
webApplication
- the web application.
-
setUsernamePasswordLoginHandler
public void setUsernamePasswordLoginHandler(SecurityManager.UsernamePasswordLoginHandler usernamePasswordLoginHandler)Description copied from interface:SecurityManager
Set the handler that may be used by the login method to contact an identity store.- Specified by:
setUsernamePasswordLoginHandler
in interfaceSecurityManager
- Parameters:
usernamePasswordLoginHandler
- the handler
-
getAuthenticationService
protected org.omnifaces.eleos.services.DefaultAuthenticationService getAuthenticationService(HttpServletRequest request) -
getAuthorizationService
protected org.omnifaces.exousia.AuthorizationService getAuthorizationService(HttpServletRequest request) -
getDenyUncoveredHttpMethods
public boolean getDenyUncoveredHttpMethods()Description copied from interface:SecurityManager
Get if we are denying uncovered HTTP methods.- Specified by:
getDenyUncoveredHttpMethods
in interfaceSecurityManager
- Returns:
- true if we are, false otherwise.
-
setDenyUncoveredHttpMethods
public void setDenyUncoveredHttpMethods(boolean denyUncoveredHttpMethods)Description copied from interface:SecurityManager
Set if we are denying uncovered HTTP methods.- Specified by:
setDenyUncoveredHttpMethods
in interfaceSecurityManager
- Parameters:
denyUncoveredHttpMethods
- the boolean value.
-