Package org.chenile.samples.security.interceptor

Class SecurityInterceptor

java.lang.Object

org.chenile.core.interceptors.BaseChenileInterceptor

org.chenile.samples.security.interceptor.SecurityInterceptor

All Implemented Interfaces:

org.chenile.owiz.Command<org.chenile.core.context.ChenileExchange>

public class SecurityInterceptor
extends org.chenile.core.interceptors.BaseChenileInterceptor

This interceptor uses SecurityConfig to secure this particular resource. It looks at the authorities of the signed-in user and compares them with the ones that are expected in the SecurityConfig and throws an exception if they are not available in the current user. It also throws a 401 (UNAUTHORIZED) if there are no security credentials that exist.
Finally, if the SecurityConfig says that the resource is UNPROTECTED, it does not do anything

Field Summary

Fields

Modifier and Type	Field	Description
(package private) ApplicationContext	applicationContext
private static final org.slf4j.Logger	logger
static final String	SCOPE_PREFIX

Constructor Summary

Constructors

Constructor	Description
SecurityInterceptor()

Method Summary

Modifier and Type	Method	Description
protected boolean	bypassInterception(org.chenile.core.context.ChenileExchange exchange)	This bypasses the logic only if the security config is configured to be unprotected or if the security config does not exist at all.
protected void	doPreProcessing(org.chenile.core.context.ChenileExchange exchange)
private Collection<org.springframework.security.core.GrantedAuthority>	getAuthorities()
private String[]	getGuardingAuthorities(org.chenile.core.context.ChenileExchange exchange)
private boolean	guardingAuthoritiesNotFoundInCurrentAuthorities(String[] guardingAuthorities, Collection<org.springframework.security.core.GrantedAuthority> currentAuthorities)

Methods inherited from class org.chenile.core.interceptors.BaseChenileInterceptor

doContinue, doPostProcessing, execute, getExtensionByAnnotation, getExtensionByAnnotation, resumeFromSavedPoint, savePoint

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

private static final org.slf4j.Logger logger

applicationContext

@Autowired
ApplicationContext applicationContext

SCOPE_PREFIX

public static final String SCOPE_PREFIX

See Also:

• Constant Field Values

Constructor Details

SecurityInterceptor

public SecurityInterceptor()

Method Details

doPreProcessing

protected void doPreProcessing(org.chenile.core.context.ChenileExchange exchange)

Overrides:

doPreProcessing in class org.chenile.core.interceptors.BaseChenileInterceptor

guardingAuthoritiesNotFoundInCurrentAuthorities

private boolean guardingAuthoritiesNotFoundInCurrentAuthorities(String[] guardingAuthorities,
 Collection<org.springframework.security.core.GrantedAuthority> currentAuthorities)

getGuardingAuthorities

private String[] getGuardingAuthorities(org.chenile.core.context.ChenileExchange exchange)

getAuthorities

private Collection<org.springframework.security.core.GrantedAuthority> getAuthorities()

bypassInterception

protected boolean bypassInterception(org.chenile.core.context.ChenileExchange exchange)

This bypasses the logic only if the security config is configured to be unprotected or if the security config does not exist at all.

Overrides:

bypassInterception in class org.chenile.core.interceptors.BaseChenileInterceptor

Parameters:

exchange - the exchange

Returns:

true if the SecurityConfig is configured to be UNPROTECTED or if config is missing