Commit f1c7d2ef930de9e51fd954d07cc4f5137d8bd9db
1 parent
b54b4355
Exists in
master
Refatorando interface de segurança
Showing
6 changed files
with
66 additions
and
15 deletions
Show diff stats
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/InvalidCredentialsException.java
0 → 100644
| ... | ... | @@ -0,0 +1,18 @@ |
| 1 | +package br.gov.frameworkdemoiselle.security; | |
| 2 | + | |
| 3 | +/** | |
| 4 | + * Thrown when the user's credentials are invalid. | |
| 5 | + * | |
| 6 | + * @author SERPRO | |
| 7 | + */ | |
| 8 | +public class InvalidCredentialsException extends AuthenticationException { | |
| 9 | + | |
| 10 | + private static final long serialVersionUID = 1L; | |
| 11 | + | |
| 12 | + /** | |
| 13 | + * Constructs an <code>InvalidCredentialsException</code> with a message. | |
| 14 | + */ | |
| 15 | + public InvalidCredentialsException(String message) { | |
| 16 | + super(message); | |
| 17 | + } | |
| 18 | +} | ... | ... |
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/NotLoggedInException.java
| ... | ... | @@ -41,12 +41,12 @@ package br.gov.frameworkdemoiselle.security; |
| 41 | 41 | * |
| 42 | 42 | * @author SERPRO |
| 43 | 43 | */ |
| 44 | -public class NotLoggedInException extends SecurityException { | |
| 44 | +public class NotLoggedInException extends AuthenticationException { | |
| 45 | 45 | |
| 46 | 46 | private static final long serialVersionUID = 1L; |
| 47 | - | |
| 47 | + | |
| 48 | 48 | /** |
| 49 | - * Constructs an <code>NotLoggedInException</code> with no detail message. | |
| 49 | + * Constructs an <code>NotLoggedInException</code> with a message. | |
| 50 | 50 | */ |
| 51 | 51 | public NotLoggedInException(String message) { |
| 52 | 52 | super(message); | ... | ... |
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java
| ... | ... | @@ -50,14 +50,17 @@ public interface SecurityContext extends Serializable { |
| 50 | 50 | * |
| 51 | 51 | * @throws AuthenticationException |
| 52 | 52 | * When the logon process fails, this exception is thrown. |
| 53 | + * @throws InvalidCredentialsException | |
| 54 | + * When the user's credentials coudn't be validated. InvalidCredentialsException is a special case of | |
| 55 | + * AuthenticationException. | |
| 53 | 56 | */ |
| 54 | 57 | void login(); |
| 55 | 58 | |
| 56 | 59 | /** |
| 57 | 60 | * Executes the logout of a user. |
| 58 | 61 | * |
| 59 | - * @throws NotLoggedInException | |
| 60 | - * if there is no user logged in a specific session | |
| 62 | + * @throws AuthenticationException | |
| 63 | + * When the logout process fails, this exception is thrown. | |
| 61 | 64 | */ |
| 62 | 65 | void logout(); |
| 63 | 66 | |
| ... | ... | @@ -82,7 +85,8 @@ public interface SecurityContext extends Serializable { |
| 82 | 85 | * @param operation |
| 83 | 86 | * operation to be checked |
| 84 | 87 | * @return {@code true} if the user has the permission |
| 85 | - * | |
| 88 | + * @throws AuthorizationException | |
| 89 | + * When the permission checking fails, this exception is thrown. | |
| 86 | 90 | * @throws NotLoggedInException |
| 87 | 91 | * if there is no user logged in a specific session. |
| 88 | 92 | */ |
| ... | ... | @@ -94,7 +98,8 @@ public interface SecurityContext extends Serializable { |
| 94 | 98 | * @param role |
| 95 | 99 | * role to be checked |
| 96 | 100 | * @return {@code true} if the user has the role |
| 97 | - * | |
| 101 | + * @throws AuthorizationException | |
| 102 | + * When the permission checking fails, this exception is thrown. | |
| 98 | 103 | * @throws NotLoggedInException |
| 99 | 104 | * if there is no user logged in a specific session. |
| 100 | 105 | */ |
| ... | ... | @@ -103,7 +108,8 @@ public interface SecurityContext extends Serializable { |
| 103 | 108 | /** |
| 104 | 109 | * Return the user logged in the session. |
| 105 | 110 | * |
| 106 | - * @return the user logged in a specific session. If there is no active session returns {@code null} | |
| 111 | + * @return the user logged in a specific authenticated session. If there is no active session {@code null} is | |
| 112 | + * returned. | |
| 107 | 113 | */ |
| 108 | 114 | User getUser(); |
| 109 | 115 | ... | ... |
impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java
| ... | ... | @@ -54,7 +54,7 @@ public class SecurityException extends DemoiselleException { |
| 54 | 54 | * @param message |
| 55 | 55 | * the detail message. |
| 56 | 56 | */ |
| 57 | - public SecurityException(String message) { | |
| 57 | + SecurityException(String message) { | |
| 58 | 58 | super(message); |
| 59 | 59 | } |
| 60 | 60 | |
| ... | ... | @@ -64,7 +64,7 @@ public class SecurityException extends DemoiselleException { |
| 64 | 64 | * @param cause |
| 65 | 65 | * exception cause |
| 66 | 66 | */ |
| 67 | - public SecurityException(Throwable cause) { | |
| 67 | + SecurityException(Throwable cause) { | |
| 68 | 68 | super(cause); |
| 69 | 69 | } |
| 70 | 70 | |
| ... | ... | @@ -76,7 +76,7 @@ public class SecurityException extends DemoiselleException { |
| 76 | 76 | * @param cause |
| 77 | 77 | * exception cause |
| 78 | 78 | */ |
| 79 | - public SecurityException(String message, Throwable cause) { | |
| 79 | + SecurityException(String message, Throwable cause) { | |
| 80 | 80 | super(message, cause); |
| 81 | 81 | } |
| 82 | 82 | } | ... | ... |
impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java
| ... | ... | @@ -58,7 +58,7 @@ public class ServletAuthenticator implements Authenticator { |
| 58 | 58 | @Override |
| 59 | 59 | public void authenticate() throws AuthenticationException { |
| 60 | 60 | try { |
| 61 | - if (this.getUser() == null) { | |
| 61 | + if (getRequest().getUserPrincipal() == null) { | |
| 62 | 62 | getRequest().login(getCredentials().getUsername(), getCredentials().getPassword()); |
| 63 | 63 | } |
| 64 | 64 | } catch (ServletException cause) { |
| ... | ... | @@ -77,9 +77,36 @@ public class ServletAuthenticator implements Authenticator { |
| 77 | 77 | getRequest().getSession().invalidate(); |
| 78 | 78 | } |
| 79 | 79 | |
| 80 | + // TODO Criar uma delegação especializada de User ao invés de retornar | |
| 81 | + // uma inner class | |
| 80 | 82 | @Override |
| 81 | - public Principal getUser() { | |
| 82 | - return getRequest().getUserPrincipal(); | |
| 83 | + public User getUser() { | |
| 84 | + final Principal principal = getRequest().getUserPrincipal(); | |
| 85 | + | |
| 86 | + User user = null; | |
| 87 | + | |
| 88 | + if (principal!=null) { | |
| 89 | + user = new User() { | |
| 90 | + | |
| 91 | + private static final long serialVersionUID = 1L; | |
| 92 | + | |
| 93 | + @Override | |
| 94 | + public String getId() { | |
| 95 | + return principal.getName(); | |
| 96 | + } | |
| 97 | + | |
| 98 | + @Override | |
| 99 | + public void setAttribute(Object key, Object value) { | |
| 100 | + } | |
| 101 | + | |
| 102 | + @Override | |
| 103 | + public Object getAttribute(Object key) { | |
| 104 | + return null; | |
| 105 | + } | |
| 106 | + }; | |
| 107 | + } | |
| 108 | + | |
| 109 | + return user; | |
| 83 | 110 | } |
| 84 | 111 | |
| 85 | 112 | protected Credentials getCredentials() { | ... | ... |