java.lang.Object
cloud.piranha.webapp.impl.DefaultSecurityManager
- All Implemented Interfaces:
SecurityManager
public class DefaultSecurityManager extends java.lang.Object implements SecurityManager
The default SecurityManager.
This security manager implies the use of DefaultWebApplicationRequest, if your server / web application does not want to use DefaultWebApplicationRequest or subclass DefaultWebApplicationRequest you have to implement your own security manager.
- Author:
- Manfred Riem ([email protected])
-
Nested Class Summary
Nested classes/interfaces inherited from interface cloud.piranha.webapp.api.SecurityManager
SecurityManager.AuthenticateSource, SecurityManager.UsernamePasswordLoginHandler
-
Field Summary
Fields Modifier and Type Field Description protected boolean
denyUncoveredHttpMethods
Stores if we are denying uncovered HTTP methods.protected java.util.HashMap<java.lang.String,java.lang.String>
logins
Stores the logins.protected java.util.ArrayList<java.lang.String>
roles
Stores the roles.protected java.util.HashMap<java.lang.String,java.lang.String[]>
userRoles
Stores the user roles.protected WebApplication
webApplication
Stores the web application. -
Constructor Summary
Constructors Constructor Description DefaultSecurityManager()
-
Method Summary
Modifier and Type Method Description void
addUser(java.lang.String username, java.lang.String password, java.lang.String... roles)
Add user.boolean
authenticate(HttpServletRequest request, HttpServletResponse response)
Authenticate the request.void
declareRoles(java.lang.String[] roles)
Declare roles.boolean
getDenyUncoveredHttpMethods()
Get if we are denying uncovered HTTP methods.java.util.Set<java.lang.String>
getRoles()
Get the declared rolesWebApplication
getWebApplication()
Get the web application.boolean
isUserInRole(HttpServletRequest request, java.lang.String role)
Is the user in the given role.void
login(HttpServletRequest request, java.lang.String username, java.lang.String password)
Login with the given username and password.void
logout(HttpServletRequest request, HttpServletResponse response)
Logout.void
removeUser(java.lang.String username)
Remove the given user.void
setDenyUncoveredHttpMethods(boolean denyUncoveredHttpMethods)
Set if we are denying uncovered HTTP methods.void
setWebApplication(WebApplication webApplication)
Set the web application.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface cloud.piranha.webapp.api.SecurityManager
authenticate, declareRoles, getAuthenticatedRequest, getAuthenticatedResponse, isCallerAuthorizedForResource, isRequestedResourcePublic, isRequestSecurityAsRequired, postRequestProcess, setUsernamePasswordLoginHandler
-
Field Details
-
denyUncoveredHttpMethods
protected boolean denyUncoveredHttpMethodsStores if we are denying uncovered HTTP methods. -
logins
protected final java.util.HashMap<java.lang.String,java.lang.String> loginsStores the logins. -
roles
protected java.util.ArrayList<java.lang.String> rolesStores the roles. -
userRoles
protected final java.util.HashMap<java.lang.String,java.lang.String[]> userRolesStores the user roles. -
webApplication
Stores the web application.
-
-
Constructor Details
-
DefaultSecurityManager
public DefaultSecurityManager()
-
-
Method Details
-
addUser
public void addUser(java.lang.String username, java.lang.String password, java.lang.String... roles)Add user.- Parameters:
username
- the username.password
- the password.roles
- the roles.
-
authenticate
public boolean authenticate(HttpServletRequest request, HttpServletResponse response) throws java.io.IOException, ServletExceptionAuthenticate the request.- Specified by:
authenticate
in interfaceSecurityManager
- Parameters:
request
- the request.response
- the response.- Returns:
- true if authenticated, false otherwise.
- Throws:
java.io.IOException
- when an I/O error occurs.ServletException
- when a Servlet error occurs.
-
declareRoles
public void declareRoles(java.lang.String[] roles)Declare roles.- Specified by:
declareRoles
in interfaceSecurityManager
- Parameters:
roles
- the roles.
-
getRoles
public java.util.Set<java.lang.String> getRoles()Description copied from interface:SecurityManager
Get the declared roles- Specified by:
getRoles
in interfaceSecurityManager
- Returns:
- the roles
-
getDenyUncoveredHttpMethods
public boolean getDenyUncoveredHttpMethods()Get if we are denying uncovered HTTP methods.- Specified by:
getDenyUncoveredHttpMethods
in interfaceSecurityManager
- Returns:
- true if we are, false otherwise.
-
getWebApplication
Get the web application.- Specified by:
getWebApplication
in interfaceSecurityManager
- Returns:
- the web application.
-
isUserInRole
Is the user in the given role.- Specified by:
isUserInRole
in interfaceSecurityManager
- Parameters:
request
- the request.role
- the role.- Returns:
- true if in the role, false otherwise.
-
login
public void login(HttpServletRequest request, java.lang.String username, java.lang.String password) throws ServletExceptionLogin with the given username and password.- Specified by:
login
in interfaceSecurityManager
- Parameters:
request
- the servlet request.username
- the username.password
- the password.- Throws:
ServletException
- when a serious error occurs.
-
logout
public void logout(HttpServletRequest request, HttpServletResponse response) throws ServletExceptionLogout.- Specified by:
logout
in interfaceSecurityManager
- Parameters:
request
- the request.response
- the response.- Throws:
ServletException
- when a serious error occurs.
-
removeUser
public void removeUser(java.lang.String username)Remove the given user.- Parameters:
username
- the username.
-
setDenyUncoveredHttpMethods
public void setDenyUncoveredHttpMethods(boolean denyUncoveredHttpMethods)Set if we are denying uncovered HTTP methods.- Specified by:
setDenyUncoveredHttpMethods
in interfaceSecurityManager
- Parameters:
denyUncoveredHttpMethods
- the boolean value.
-
setWebApplication
Set the web application.- Specified by:
setWebApplication
in interfaceSecurityManager
- Parameters:
webApplication
- the web application.
-