Author: gpetracek Date: Mon Apr 28 11:53:22 2014 New Revision: 1590613 URL: http://svn.apache.org/r1590613 Log: DELTASPIKE-572 thx to Rafael Benevides
Modified: deltaspike/site/trunk/content/security.mdtext Modified: deltaspike/site/trunk/content/security.mdtext URL: http://svn.apache.org/viewvc/deltaspike/site/trunk/content/security.mdtext?rev=1590613&r1=1590612&r2=1590613&view=diff ============================================================================== --- deltaspike/site/trunk/content/security.mdtext (original) +++ deltaspike/site/trunk/content/security.mdtext Mon Apr 28 11:53:22 2014 @@ -16,6 +16,24 @@ Notice: Licensed to the Apache Softwa specific language governing permissions and limitations under the License. +Title: DeltaSpike Security Module +Notice: Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + [TOC] *** @@ -224,7 +242,24 @@ This interface is (besides the `Secured` In case of a detected violation a `SecurityViolation` has to be added to the result returned by the `AccessDecisionVoter`. -[TODO] AbstractAccessDecisionVoter +## AbstractAccessDecisionVoter + +You can also implement the abstract class `AbstractAccessDecisionVoter`. This is a convenience class which allows an easier usage: + +Example: + :::java + public class CustomAccessDecisionVoter extends AbstractAccessDecisionVoter + { + + @Override + protected void checkPermission(AccessDecisionVoterContext accessDecisionVoterContext, + Set<SecurityViolation> violations) + { + // check for violations + violations.add(newSecurityViolation("access not allowed due to ...")); + } + } + ## @Secured and Stereotypes with custom Meta-data @@ -282,8 +317,23 @@ Stereotype of @Secured with custom meta- # AccessDecisionVoterContext -[TODO] +Because the `AccessDecisionVoter` can be chained, `AccessDecisionVoterContext` allows to get the current state as well as the results of the security check. + +There are several methods that can be useful + +- `getState()` - Exposes the current state : INITIAL, VOTE_IN_PROGRESS, VIOLATION_FOUND, NO_VIOLATION_FOUND +- `getViolations()` - Exposes the found violations +- `getSource()` - Exposes e.g. the current instance of `javax.interceptor.InvocationContext` in combination with `@Secured` used as interceptor. +- `getMetaData()` - Exposes the found meta-data e.g. the view-config-class if `@Secured` is used in combination with type-safe view-configs +- `getMetaDataFor(String, Class<T>)` - Exposes meta-data for the given key ## SecurityStrategy SPI -[TODO] +The `SecurityStrategy` interface allows to provide a custom implementation which should be used for `@Secured`. +Provide a custom implementation as bean-class in combination with `@Alternative` or `@Specializes` (or as global-alternative). + +In case of global-alternatives an additional config needs to be added to `/META-INF/apache-deltaspike.properties` - e.g.: + +`globalAlternatives.org.apache.deltaspike.security.spi.authorization.SecurityStrategy=mypackage.CustomSecurityStrategy` + +__Note__: The config for global-alternatives is following the pattern: globalAlternatives.`<interface-name>`=`<implementation-class-name>`