跳至主要内容

Java EE Security API 1.0: SecurityContext

SecurityContext

In Java EE 7 or earlier versions, other specfications, such as Servelt, EJB, JAX-RS, JAX-WS, etc. have their own specific APIs to query current security context.
  • Servlet - HttpServletRequest#getUserPrincipal, HttpServletRequest#isUserInRole
  • EJB - EJBContext#getCallerPrincipal, EJBContext#isCallerInRole
  • JAX-WS - WebServiceContext#getUserPrincipal, WebServiceContext#isUserInRole
  • JAX-RS - SecurityContext#getUserPrincipal, SecurityContext#isUserInRole
  • JSF - ExternalContext#getUserPrincipal, ExternalContext#isUserInRole
  • CDI - @Inject Principal
  • WebSockets - Session#getUserPrincipal
In Java EE 8, you can use the new SecurityContext introduced in Java EE Security 1.0 instead.
A default implementation should be available at runime, you can inject it in CDI beans.
@Inject SecurityContext securityContext;
The new SecurityContext provides similiar methods with the one in other specfications.
Principal getCallerPrincipal();
<T extends Principal> Set<T> getPrincipalsByType(Class<T> pType);
boolean isCallerInRole(String role);
The new SecurityContext allow you create own Principal instead of the default one, getPrincipalsByType can be used to fetch it.
Beside these methods.
It also provides,
  • boolean hasAccessToWebResource(String resource, String... methods) to check the caller has permission to access some web resources.
  • AuthenticationStatus authenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationParameters parameters); perform a manual authentication flow.
Grab the source codes from my github account, and have a try.

评论

此博客中的热门博文

Activating CDI in JSF 2.3

Activating CDI in JSF 2.3 When I upgraded my Java EE 7 sample to the newest Java EE 8, the first thing confused me is the CDI beans are not recoganized in Facelects template in a JSF 2.3 based web applicaiton, which is working in the development version, but in the final release version, they are always resolved as null. I filed an issue on Mojarra and discussed it with the developers from communities and the JSF experts. According to the content of README , In a JSF 2.3 application, to activate CDI support, declaring a 2.3 versioned faces-config.xml and adding javax.faces.ENABLE_CDI_RESOLVER_CHAIN in web.xml is not enough, you have to declare @FacesConfig annotated class to enable CDI. Here is the steps I created a workable JSF 2.3 applicatoin in Java EE 8. Create a Java web application, this can be done easily by NetBeans IDE, or generated by Maven archetype, for exmaple. $ mvn archetype:generate -DgroupId=com.example -DartifactId=demo -DarchetypeArtifactId=mav

JSF 2.3:Websocket support

Websocket support One of the most attractive features is JSF 2.3 added native websocket support, it means you can write real-time applications with JSF and no need extra effort. To enable websocket support, you have to add javax.faces.ENABLE_WEBSOCKET_ENDPOINT in web.xml . < context-param > < param-name >javax.faces.ENABLE_WEBSOCKET_ENDPOINT</ param-name > < param-value >true</ param-value > </ context-param > Hello Websocket Let's start with a simple example. @ViewScoped @Named ( " helloBean " ) public class HelloBean implements Serializable { private static final Logger LOG = Logger . getLogger( HelloBean . class . getName()); @Inject @Push PushContext helloChannel; String message; public void sendMessage () { LOG . log( Level . INFO , " send push message " ); this . sendPushMessage( " hello " ); } private

Build a Reactive application with Angular 5 and Spring Boot 2.0

I have created a post to describe Reactive programming supports in Spring 5 and its subprojects, all codes of this article are updated the latest Spring 5 RELEASE, check spring-reactive-sample under my Github account. In this post, I will create a simple blog system, including: A user can sign in and sign out. An authenticated user can create a post. An authenticated user can update a post. Only the user who has ADMIN role can delete a post. All users(including anonymous users) can view post list and post details. An authenticated user can add his comments to a certain post. The backend will be built with the latest Spring 5 reactive stack, including: Spring Boot 2.0, at the moment the latest version is 2.0.0.M7 Spring Data MongoDB supports reactive operations for MongoDB Spring Session adds reactive support for WebSession Spring Security 5 aligns with Spring 5 reactive stack The frontend is an Angular based SPA and it will be generated by Angular CLI. The so