net.sf.mmm.service.impl.server

Class RemoteInvocationSecurityDetectorImpl

java.lang.Object

net.sf.mmm.util.component.base.AbstractComponent

net.sf.mmm.service.impl.server.RemoteInvocationSecurityDetectorImpl

All Implemented Interfaces:

RemoteInvocationSecurityDetector

public class RemoteInvocationSecurityDetectorImpl
extends AbstractComponent
implements RemoteInvocationSecurityDetector

This is the default implementation of RemoteInvocationSecurityDetector.

Since:

1.0.0

Author:

Joerg Hohwiller (hohwille at users.sourceforge.net)

Field Summary

Fields inherited from interface net.sf.mmm.service.base.server.RemoteInvocationSecurityDetector

LOGIN_COMMAND_NAME, LOGIN_METHOD_NAME

Constructor Summary

Constructors

Constructor and Description
RemoteInvocationSecurityDetectorImpl() The constructor.

Method Summary

Modifier and Type	Method and Description
boolean	isLogin(AnnotatedElement operation) Determines if a RemoteInvocationCall represents the login operation.
protected boolean	isLoginByName(AnnotatedElement operation) Checks for isLogin(AnnotatedElement) by naming convention.
boolean	isSecured(AnnotatedElement operation) Determines if a RemoteInvocationCall is secured.
protected Boolean	isSecured(Annotation annotation)
protected boolean	isSecuredByDefault() This method gets the default value for isSecured(AnnotatedElement) if no annotation or other hint was found.

Methods inherited from class net.sf.mmm.util.component.base.AbstractComponent

doInitialize, doInitialized, getInitializationState, initialize

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RemoteInvocationSecurityDetectorImpl

public RemoteInvocationSecurityDetectorImpl()

The constructor.

Method Detail

isSecured

public boolean isSecured(AnnotatedElement operation)

Determines if a RemoteInvocationCall is secured. Here secured means that it can not be invoked before the login operation has been invoked and a CsrfToken has been generated.
A typical implementation shall honor common standards such as JSR 250 so RemoteInvocationCall will be considered as secured if annotated with security.RolesAllowed and will not be secured if annotated with security.PermitAll.

Specified by:

isSecured in interface RemoteInvocationSecurityDetector

Parameters:

operation - is the AnnotatedElement to check. In case of a RemoteInvocationCommand this will be the command class, in case of a RemoteInvocationService operation this will be the Method.

Returns:

true if secured, false otherwise (no security required).

isSecuredByDefault

protected boolean isSecuredByDefault()

This method gets the default value for isSecured(AnnotatedElement) if no annotation or other hint was found. This implementation returns true. Override to change.

Returns:

the default value for isSecured(AnnotatedElement).

isSecured

protected Boolean isSecured(Annotation annotation)

Parameters:

annotation - is the Annotation to check.

Returns:

true if secured, false if unsecured and null if the given annotation is not known to be related to security.

isLogin

public boolean isLogin(AnnotatedElement operation)

Determines if a RemoteInvocationCall represents the login operation. It is technically possible to have multiple login operations. However, for simplicity this should be avoided if possible. A regular implementation should honor the Login annotation as well as conventions such as a RemoteInvocationSecurityDetector.LOGIN_METHOD_NAME and RemoteInvocationSecurityDetector.LOGIN_COMMAND_NAME.

Specified by:

isLogin in interface RemoteInvocationSecurityDetector

Parameters:

operation - is the AnnotatedElement to check. In case of a RemoteInvocationCommand this will be the command class, in case of a RemoteInvocationService operation this will be the Method.

Returns:

true if the given command represents the login operation, false otherwise.

isLoginByName

protected boolean isLoginByName(AnnotatedElement operation)

Checks for isLogin(AnnotatedElement) by naming convention.

Parameters:

operation - - see isLogin(AnnotatedElement).

Returns:

true if the given operation is a login operation due to naming convention, false otherwise.

See Also:

RemoteInvocationSecurityDetector.LOGIN_METHOD_NAME, RemoteInvocationSecurityDetector.LOGIN_COMMAND_NAME