跳至主要内容

Java EE Security API 1.0: SecurityContext

SecurityContext

In Java EE 7 or earlier versions, other specfications, such as Servelt, EJB, JAX-RS, JAX-WS, etc. have their own specific APIs to query current security context.
  • Servlet - HttpServletRequest#getUserPrincipal, HttpServletRequest#isUserInRole
  • EJB - EJBContext#getCallerPrincipal, EJBContext#isCallerInRole
  • JAX-WS - WebServiceContext#getUserPrincipal, WebServiceContext#isUserInRole
  • JAX-RS - SecurityContext#getUserPrincipal, SecurityContext#isUserInRole
  • JSF - ExternalContext#getUserPrincipal, ExternalContext#isUserInRole
  • CDI - @Inject Principal
  • WebSockets - Session#getUserPrincipal
In Java EE 8, you can use the new SecurityContext introduced in Java EE Security 1.0 instead.
A default implementation should be available at runime, you can inject it in CDI beans.
@Inject SecurityContext securityContext;
The new SecurityContext provides similiar methods with the one in other specfications.
Principal getCallerPrincipal();
<T extends Principal> Set<T> getPrincipalsByType(Class<T> pType);
boolean isCallerInRole(String role);
The new SecurityContext allow you create own Principal instead of the default one, getPrincipalsByType can be used to fetch it.
Beside these methods.
It also provides,
  • boolean hasAccessToWebResource(String resource, String... methods) to check the caller has permission to access some web resources.
  • AuthenticationStatus authenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationParameters parameters); perform a manual authentication flow.
Grab the source codes from my github account, and have a try.
标签:

评论

Roy Thomas说…
Valuable blog,Informative content...thanks for sharing, Waiting for the next update…
Structure of GST
Purpose of GST
4:19 上午
SHASHI说…
Really an informative blog...Thanks for sharing an informative article with us.
Toefl Coaching in Madurai
Toefl Training in Madurai
5:44 上午
发表评论

此博客中的热门博文

AngularJS CakePHP Sample codes

Introduction This sample is a Blog application which has the same features with the official CakePHP Blog tutorial, the difference is AngularJS was used as frontend solution, and CakePHP was only use for building backend RESR API. Technologies AngularJS   is a popular JS framework in these days, brought by Google. In this example application, AngularJS and Bootstrap are used to implement the frontend pages. CakePHP   is one of the most popular PHP frameworks in the world. CakePHP is used as the backend REST API producer. MySQL   is used as the database in this sample application. A PHP runtime environment is also required, I was using   WAMP   under Windows system. Post links I assume you have some experience of PHP and CakePHP before, and know well about Apache server. Else you could read the official PHP introduction( php.net ) and browse the official CakePHP Blog tutorial to have basic knowledge about CakePHP. In these posts, I tried to follow the steps describ
2 条评论
阅读全文

JPA 2.1: Attribute Converter

JPA 2.1: Attribute Converter If you are using Hibernate, and want a customized type is supported in your Entity class, you could have to write a custom Hibernate Type. JPA 2.1 brings a new feature named attribute converter, which can help you convert your custom class type to JPA supported type. Create an Entity Reuse the   Post   entity class as example. @Entity @Table(name="POSTS") public class Post implements Serializable { private static final long serialVersionUID = 1L; @Id @GeneratedValue(strategy = GenerationType.AUTO) @Column(name="ID") private Long id; @Column(name="TITLE") private String title; @Column(name="BODY") private String body; @Temporal(javax.persistence.TemporalType.DATE) @Column(name="CREATED") private Date created; @Column(name="TAGS") private List<String> tags=new ArrayList<>(); } Create an attribute convert
发表评论
阅读全文

Auditing with Hibernate Envers

Auditing with Hibernate Envers The approaches provided in JPA lifecyle hook and Spring Data auditing only track the creation and last modification info of an Entity, but all the modification history are not tracked. Hibernate Envers fills the blank table. Since Hibernate 3.5, Envers is part of Hibernate core project. Configuration Configure Hibernate Envers in your project is very simple, just need to add   hibernate-envers   as project dependency. <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-envers</artifactId> </dependency> Done. No need extra Event listeners configuration as the early version. Basic Usage Hibernate Envers provides a simple   @Audited   annotation, you can place it on an Entity class or property of an Entity. @Audited private String description; If   @Audited   annotation is placed on a property, this property can be tracked. @Entity @Audited public class Signup implements Serializa
发表评论
阅读全文