Author: gpetracek
Date: Mon Apr 28 11:53:22 2014
New Revision: 1590613
URL: http://svn.apache.org/r1590613
Log:
DELTASPIKE-572 thx to Rafael Benevides
Modified:
deltaspike/site/trunk/content/security.mdtext
Modified: deltaspike/site/trunk/content/security.mdtext
URL:
http://svn.apache.org/viewvc/deltaspike/site/trunk/content/security.mdtext?rev=1590613&r1=1590612&r2=1590613&view=diff
==============================================================================
--- deltaspike/site/trunk/content/security.mdtext (original)
+++ deltaspike/site/trunk/content/security.mdtext Mon Apr 28 11:53:22 2014
@@ -16,6 +16,24 @@ Notice: Licensed to the Apache Softwa
specific language governing permissions and limitations
under the License.
+Title: DeltaSpike Security Module
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
[TOC]
***
@@ -224,7 +242,24 @@ This interface is (besides the `Secured`
In case of a detected violation a `SecurityViolation` has to be added to the
result returned by the `AccessDecisionVoter`.
-[TODO] AbstractAccessDecisionVoter
+## AbstractAccessDecisionVoter
+
+You can also implement the abstract class `AbstractAccessDecisionVoter`. This
is a convenience class which allows an easier usage:
+
+Example:
+ :::java
+ public class CustomAccessDecisionVoter extends AbstractAccessDecisionVoter
+ {
+
+ @Override
+ protected void checkPermission(AccessDecisionVoterContext
accessDecisionVoterContext,
+ Set<SecurityViolation> violations)
+ {
+ // check for violations
+ violations.add(newSecurityViolation("access not allowed due to
..."));
+ }
+ }
+
## @Secured and Stereotypes with custom Meta-data
@@ -282,8 +317,23 @@ Stereotype of @Secured with custom meta-
# AccessDecisionVoterContext
-[TODO]
+Because the `AccessDecisionVoter` can be chained, `AccessDecisionVoterContext`
allows to get the current state as well as the results of the security check.
+
+There are several methods that can be useful
+
+- `getState()` - Exposes the current state : INITIAL, VOTE_IN_PROGRESS,
VIOLATION_FOUND, NO_VIOLATION_FOUND
+- `getViolations()` - Exposes the found violations
+- `getSource()` - Exposes e.g. the current instance of
`javax.interceptor.InvocationContext` in combination with `@Secured` used as
interceptor.
+- `getMetaData()` - Exposes the found meta-data e.g. the view-config-class if
`@Secured` is used in combination with type-safe view-configs
+- `getMetaDataFor(String, Class<T>)` - Exposes meta-data for the given key
## SecurityStrategy SPI
-[TODO]
+The `SecurityStrategy` interface allows to provide a custom implementation
which should be used for `@Secured`.
+Provide a custom implementation as bean-class in combination with
`@Alternative` or `@Specializes` (or as global-alternative).
+
+In case of global-alternatives an additional config needs to be added to
`/META-INF/apache-deltaspike.properties` - e.g.:
+
+`globalAlternatives.org.apache.deltaspike.security.spi.authorization.SecurityStrategy=mypackage.CustomSecurityStrategy`
+
+__Note__: The config for global-alternatives is following the pattern:
globalAlternatives.`<interface-name>`=`<implementation-class-name>`
