From f1c7d2ef930de9e51fd954d07cc4f5137d8bd9db Mon Sep 17 00:00:00 2001 From: Cleverson Sacramento Date: Thu, 29 Aug 2013 16:12:13 -0300 Subject: [PATCH] Refatorando interface de segurança --- impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java | 2 +- impl/core/src/main/java/br/gov/frameworkdemoiselle/security/InvalidCredentialsException.java | 18 ++++++++++++++++++ impl/core/src/main/java/br/gov/frameworkdemoiselle/security/NotLoggedInException.java | 6 +++--- impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java | 16 +++++++++++----- impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java | 6 +++--- impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java | 33 ++++++++++++++++++++++++++++++--- 6 files changed, 66 insertions(+), 15 deletions(-) create mode 100644 impl/core/src/main/java/br/gov/frameworkdemoiselle/security/InvalidCredentialsException.java diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java index a2bac8c..23c1177 100644 --- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java +++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/AuthenticationException.java @@ -37,7 +37,7 @@ package br.gov.frameworkdemoiselle.security; /** - * Thrown when the authentication process fails. + * Thrown when the mecanism responsible for the entire authentication lifecycle fails. * * @author SERPRO */ diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/InvalidCredentialsException.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/InvalidCredentialsException.java new file mode 100644 index 0000000..47f8f9f --- /dev/null +++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/InvalidCredentialsException.java @@ -0,0 +1,18 @@ +package br.gov.frameworkdemoiselle.security; + +/** + * Thrown when the user's credentials are invalid. + * + * @author SERPRO + */ +public class InvalidCredentialsException extends AuthenticationException { + + private static final long serialVersionUID = 1L; + + /** + * Constructs an InvalidCredentialsException with a message. + */ + public InvalidCredentialsException(String message) { + super(message); + } +} diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/NotLoggedInException.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/NotLoggedInException.java index cda6c3c..570466f 100644 --- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/NotLoggedInException.java +++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/NotLoggedInException.java @@ -41,12 +41,12 @@ package br.gov.frameworkdemoiselle.security; * * @author SERPRO */ -public class NotLoggedInException extends SecurityException { +public class NotLoggedInException extends AuthenticationException { private static final long serialVersionUID = 1L; - + /** - * Constructs an NotLoggedInException with no detail message. + * Constructs an NotLoggedInException with a message. */ public NotLoggedInException(String message) { super(message); diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java index a34bd52..8f46dcc 100644 --- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java +++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityContext.java @@ -50,14 +50,17 @@ public interface SecurityContext extends Serializable { * * @throws AuthenticationException * When the logon process fails, this exception is thrown. + * @throws InvalidCredentialsException + * When the user's credentials coudn't be validated. InvalidCredentialsException is a special case of + * AuthenticationException. */ void login(); /** * Executes the logout of a user. * - * @throws NotLoggedInException - * if there is no user logged in a specific session + * @throws AuthenticationException + * When the logout process fails, this exception is thrown. */ void logout(); @@ -82,7 +85,8 @@ public interface SecurityContext extends Serializable { * @param operation * operation to be checked * @return {@code true} if the user has the permission - * + * @throws AuthorizationException + * When the permission checking fails, this exception is thrown. * @throws NotLoggedInException * if there is no user logged in a specific session. */ @@ -94,7 +98,8 @@ public interface SecurityContext extends Serializable { * @param role * role to be checked * @return {@code true} if the user has the role - * + * @throws AuthorizationException + * When the permission checking fails, this exception is thrown. * @throws NotLoggedInException * if there is no user logged in a specific session. */ @@ -103,7 +108,8 @@ public interface SecurityContext extends Serializable { /** * Return the user logged in the session. * - * @return the user logged in a specific session. If there is no active session returns {@code null} + * @return the user logged in a specific authenticated session. If there is no active session {@code null} is + * returned. */ User getUser(); diff --git a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java index 4e356b1..bcb4ab9 100644 --- a/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java +++ b/impl/core/src/main/java/br/gov/frameworkdemoiselle/security/SecurityException.java @@ -54,7 +54,7 @@ public class SecurityException extends DemoiselleException { * @param message * the detail message. */ - public SecurityException(String message) { + SecurityException(String message) { super(message); } @@ -64,7 +64,7 @@ public class SecurityException extends DemoiselleException { * @param cause * exception cause */ - public SecurityException(Throwable cause) { + SecurityException(Throwable cause) { super(cause); } @@ -76,7 +76,7 @@ public class SecurityException extends DemoiselleException { * @param cause * exception cause */ - public SecurityException(String message, Throwable cause) { + SecurityException(String message, Throwable cause) { super(message, cause); } } diff --git a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java index ce8cf85..aea5cb2 100644 --- a/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java +++ b/impl/extension/servlet/src/main/java/br/gov/frameworkdemoiselle/security/ServletAuthenticator.java @@ -58,7 +58,7 @@ public class ServletAuthenticator implements Authenticator { @Override public void authenticate() throws AuthenticationException { try { - if (this.getUser() == null) { + if (getRequest().getUserPrincipal() == null) { getRequest().login(getCredentials().getUsername(), getCredentials().getPassword()); } } catch (ServletException cause) { @@ -77,9 +77,36 @@ public class ServletAuthenticator implements Authenticator { getRequest().getSession().invalidate(); } + // TODO Criar uma delegação especializada de User ao invés de retornar + // uma inner class @Override - public Principal getUser() { - return getRequest().getUserPrincipal(); + public User getUser() { + final Principal principal = getRequest().getUserPrincipal(); + + User user = null; + + if (principal!=null) { + user = new User() { + + private static final long serialVersionUID = 1L; + + @Override + public String getId() { + return principal.getName(); + } + + @Override + public void setAttribute(Object key, Object value) { + } + + @Override + public Object getAttribute(Object key) { + return null; + } + }; + } + + return user; } protected Credentials getCredentials() { -- libgit2 0.21.2