@ComponentSpecification public interface RemoteInvocationSecurityDetector
RemoteInvocationCall is secured or
a login operation.CsrfTokenManager.generateInitialToken()| Modifier and Type | Field and Description |
|---|---|
static String |
LOGIN_COMMAND_NAME
|
static String |
LOGIN_METHOD_NAME
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
isLogin(AnnotatedElement operation)
Determines if a
RemoteInvocationCall represents the login operation. |
boolean |
isSecured(AnnotatedElement operation)
Determines if a
RemoteInvocationCall is secured. |
static final String LOGIN_METHOD_NAME
static final String LOGIN_COMMAND_NAME
boolean isSecured(AnnotatedElement operation)
RemoteInvocationCall is secured. Here secured
means that it can not be invoked before the login operation has been
invoked and a CsrfToken has been
generated. RemoteInvocationCall will be considered as secured if annotated with
security.RolesAllowed and will not be secured if annotated with
security.PermitAll.operation - is the AnnotatedElement to check. In case of a
RemoteInvocationCommand this will be the command class, in
case of a RemoteInvocationService operation this will be the
Method.true if secured, false otherwise (no security required).boolean isLogin(AnnotatedElement operation)
RemoteInvocationCall represents the login operation. It is
technically possible to have multiple login operations. However, for simplicity this should be avoided if
possible. A regular implementation should honor the Login annotation as
well as conventions such as a LOGIN_METHOD_NAME and LOGIN_COMMAND_NAME.operation - is the AnnotatedElement to check. In case of a
RemoteInvocationCommand this will be the command class, in
case of a RemoteInvocationService operation this will be the
Method.true if the given command represents the login operation,
false otherwise.Copyright © 2001–2016 mmm-Team. All rights reserved.