diff --git a/deltaspike-security/README.md b/deltaspike-authorization/README.md
similarity index 62%
rename from deltaspike-security/README.md
rename to deltaspike-authorization/README.md
index 7ebf3964b5..9bc8cd2fa4 100644
--- a/deltaspike-security/README.md
+++ b/deltaspike-authorization/README.md
@@ -1,4 +1,4 @@
-jboss-as-deltaspike-projectstage: Demonstrate the creation of a custom authorization example using @SecurityBindingType from DeltaSpike
+jboss-as-deltaspike-authorization: Demonstrate the creation of a custom authorization example using @SecurityBindingType from DeltaSpike
======================================================
Author: Rafael Benevides
Level: Beginner
@@ -10,15 +10,15 @@ Target Product: WFK
What is it?
-----------
-SecurityBinding is a feature of the security module that acts by intercepting method calls, and performing a security check before invocation is allowed to proceed.
+Security binding is DeltaSpike feature that restricts who can invoke a method (under the covers, it uses interceptors).
-To use it, it's needed to create a security parameter binding annotation. In this application we created `@AdminAllowed` and `@GuestAllowed` annotations.
+To restrict who can invoke a method, we create an annotation, called a security binding type. This quickstart has two security binding types - `@AdminAllowed` and `@GuestAllowed`.
-The application also defines an `Authorizer` class that implements behavior for both `SecurityBindingType`. This class is simply a CDI bean which declares a @Secures method, qualified with the security binding annotation we created.
+The quickstart defines an `Authorizer` class that implements the restrictions for the security binding types. The authorizer is a CDI bean which defines methods (annotated with `@Secures) which perform the authorization checks for each security binding we create.
-This `Authorizer` is integrated with JAAS so the check is delegated to JAAS API through `FacesContext`, but any other ways to check if the method is allowed could be used.
+In this quickstart the `Authorizer` we delegate authentication to JAAS, but other authentication solutions could be used.
-Both annotations was applied to methods on `SecuredController` class.
+Methods on the `Controller` bean have been restricted using the security binding types.
System requirements
@@ -35,7 +35,6 @@ Configure Maven
If you have not yet done so, you must [Configure Maven](../README.md#mavenconfiguration) before testing the quickstarts.
-
Add an Application User
----------------
This quickstart uses secured management interfaces and requires that you create an application user to access the running application. Instructions to set up the quickstart application user can be found here: [Add an Application User](../README.md#addapplicationuser)
@@ -60,20 +59,19 @@ _NOTE: The following build command assumes you have configured your Maven user s
3. Type this command to build and deploy the archive:
mvn clean package jboss-as:deploy
-4. This will deploy `target/jboss-as-deltaspike-security.war` to the running instance of the server.
+4. This will deploy `target/jboss-as-deltaspike-authorization.war` to the running instance of the server.
+
Access the application
---------------------
-Access the running application in a browser at the following URL:
-
-When you try to access the application, you're redirected to a Login form already filled. (remember to setup the Application User).
+You can access the running application in a browser at the following URL:
-Log in application and you see the secured page showing your username and two buttons.
+When you access the application you are redirected to a login form, already filled in with the details of the application user you set up above. Once you have logged into the application you see a page showing your username and two buttons.
-Click on `Guest Method` button and realize that you will see the following message: `You executed a @GuestAllowed method`.
+When you click on the `Employee Method` button you will see the following message: `You executed a @EmployeeAllowed method` - you are authorized to invoke this method.
-Now, click on `Admin Method` button and you will be redirected to a error page with the following exception: `org.apache.deltaspike.security.api.authorization.AccessDeniedException`
+When you click on the `Admin Method` button you will be redirected to a error page with the following exception: `org.apache.deltaspike.security.api.authorization.AccessDeniedException` - you aren't authorized to invole thos method.
Undeploy the Archive
--------------------
diff --git a/deltaspike-security/pom.xml b/deltaspike-authorization/pom.xml
similarity index 93%
rename from deltaspike-security/pom.xml
rename to deltaspike-authorization/pom.xml
index 71c4eaaa13..4623664dc2 100644
--- a/deltaspike-security/pom.xml
+++ b/deltaspike-authorization/pom.xml
@@ -14,11 +14,11 @@
4.0.0
org.jboss.as.quickstarts
- jboss-as-deltaspike-security
+ jboss-as-deltaspike-authorization
7.1.2-SNAPSHOT
war
- JBoss AS Quickstarts: DeltaSpike Security
- DeltaSpike Security: shows a custom authorization example using @SecurityBindingType from DeltaSpike
+ JBoss AS Quickstarts: DeltaSpike Authorization
+ DeltaSpike Authorization: shows a custom authorization example using security binding types from DeltaSpike
http://jboss.org/jbossas
@@ -126,14 +126,14 @@
provided
-
+
org.apache.deltaspike.core
deltaspike-core-api
compile
-
org.apache.deltaspike.core
@@ -141,15 +141,15 @@
runtime
-
+
org.apache.deltaspike.modules
deltaspike-security-module-api
compile
-
org.apache.deltaspike.modules
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/AdminAllowed.java b/deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/AdminAllowed.java
similarity index 90%
rename from deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/AdminAllowed.java
rename to deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/AdminAllowed.java
index bc306c6f7a..b18b818931 100644
--- a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/AdminAllowed.java
+++ b/deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/AdminAllowed.java
@@ -20,7 +20,7 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.as.quickstarts.deltaspike.security.annotations;
+package org.jboss.as.quickstarts.deltaspike.authorization;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
@@ -31,7 +31,7 @@
import org.apache.deltaspike.security.api.authorization.annotation.SecurityBindingType;
/**
- * This annotation is used to to add security behavior to our business classes and methods
+ * This annotation is used to to add authorization restrictions to beans and methods
*
* @author Rafael Benevides
*
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/SecuredController.java b/deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/Controller.java
similarity index 68%
rename from deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/SecuredController.java
rename to deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/Controller.java
index 3f46aa5053..d9aff044b1 100644
--- a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/SecuredController.java
+++ b/deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/Controller.java
@@ -20,41 +20,38 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.as.quickstarts.deltaspike.security;
+package org.jboss.as.quickstarts.deltaspike.authorization;
import java.io.IOException;
-import javax.enterprise.inject.Model;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
+import javax.inject.Named;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.jboss.as.quickstarts.deltaspike.security.annotations.AdminAllowed;
-import org.jboss.as.quickstarts.deltaspike.security.annotations.GuestAllowed;
/**
+ * The secured controller restricts access to certain method
+ *
* @author Rafael Benevides
*
*/
-// The @Model stereotype is a convenience mechanism to make this a request-scoped bean that has an
-// EL name
-// Read more about the @Model stereotype in this FAQ:
-// http://sfwk.org/Documentation/WhatIsThePurposeOfTheModelAnnotation
-@Model
-public class SecuredController {
+// Expose the bean to EL
+@Named
+public class Controller {
@Inject
private FacesContext facesContext;
- //This method is allowed only to users with Guest role
- @GuestAllowed
- public void guestMethod() {
- facesContext.addMessage(null, new FacesMessage("You executed a @GuestAllowed method"));
+ //This method is allowed only to users with employee role
+ @EmployeeAllowed
+ public void employeeMethod() {
+ facesContext.addMessage(null, new FacesMessage("You executed a @EmployeeAllowed method"));
}
- //This method is allowed only to users with Admin role
+ //This method is allowed only to users with admin role
@AdminAllowed
public void adminMethod() {
facesContext.addMessage(null, new FacesMessage("You executed a @AdminAllowed method"));
@@ -68,5 +65,16 @@ public void logout() throws IOException {
response.sendRedirect("index.html");
facesContext.responseComplete();
}
+
+ //This method return the stack trace string from the Exception
+ public String getStackTrace() {
+ Throwable throwable = (Throwable) FacesContext.getCurrentInstance().getExternalContext().getRequestMap().get("javax.servlet.error.exception");
+ StringBuilder builder = new StringBuilder();
+ builder.append(throwable.getMessage()).append("\n");
+ for (StackTraceElement element : throwable.getStackTrace()) {
+ builder.append(element).append("\n");
+ }
+ return builder.toString();
+ }
}
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/CustomAuthorizer.java b/deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/CustomAuthorizer.java
similarity index 86%
rename from deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/CustomAuthorizer.java
rename to deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/CustomAuthorizer.java
index fb6a1dd1e8..b8b55d2e57 100644
--- a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/CustomAuthorizer.java
+++ b/deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/CustomAuthorizer.java
@@ -20,7 +20,7 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.as.quickstarts.deltaspike.util;
+package org.jboss.as.quickstarts.deltaspike.authorization;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.spi.BeanManager;
@@ -29,11 +29,9 @@
import javax.interceptor.InvocationContext;
import org.apache.deltaspike.security.api.authorization.annotation.Secures;
-import org.jboss.as.quickstarts.deltaspike.security.annotations.AdminAllowed;
-import org.jboss.as.quickstarts.deltaspike.security.annotations.GuestAllowed;
/**
- * This Authorizer class implements behavior for our custom SecurityBindingType. This class is simply a CDI bean which declares
+ * This Authorizer class implements behavior for our security binding types. This class is simply a CDI bean which declares
* a @Secures method, qualified with the security binding annotation.
*
* @author Rafael Benevides
@@ -61,7 +59,7 @@ public boolean doAdminCheck(InvocationContext invocationContext, BeanManager man
}
/**
- * This method is used to check if classes and methods annotated with {@link GuestAllowed} can perform
+ * This method is used to check if classes and methods annotated with {@link EmployeeAllowed} can perform
* the operation or not
*
* @param invocationContext
@@ -70,7 +68,7 @@ public boolean doAdminCheck(InvocationContext invocationContext, BeanManager man
* @throws Exception
*/
@Secures
- @GuestAllowed
+ @EmployeeAllowed
public boolean doGuestCheck(InvocationContext invocationContext, BeanManager manager) throws Exception {
return facesContext.getExternalContext().isUserInRole("guest");
}
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/GuestAllowed.java b/deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/EmployeeAllowed.java
similarity index 88%
rename from deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/GuestAllowed.java
rename to deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/EmployeeAllowed.java
index 00ea6e6cf3..49c7c69743 100644
--- a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/GuestAllowed.java
+++ b/deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/EmployeeAllowed.java
@@ -20,7 +20,7 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.as.quickstarts.deltaspike.security.annotations;
+package org.jboss.as.quickstarts.deltaspike.authorization;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
@@ -31,7 +31,7 @@
import org.apache.deltaspike.security.api.authorization.annotation.SecurityBindingType;
/**
- * This annotation is used to to add security behavior to our business classes and methods
+ * This annotation is used to to add authorization restrictions to beans and methods
*
* @author Rafael Benevides
*
@@ -40,6 +40,6 @@
@Target({ ElementType.TYPE, ElementType.METHOD })
@Documented
@SecurityBindingType
-public @interface GuestAllowed {
+public @interface EmployeeAllowed {
}
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/Resources.java b/deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/util/Resources.java
similarity index 87%
rename from deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/Resources.java
rename to deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/util/Resources.java
index e3cd2489c1..43059ebd2e 100644
--- a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/Resources.java
+++ b/deltaspike-authorization/src/main/java/org/jboss/as/quickstarts/deltaspike/authorization/util/Resources.java
@@ -14,8 +14,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.jboss.as.quickstarts.deltaspike.util;
+package org.jboss.as.quickstarts.deltaspike.authorization.util;
+import java.security.Principal;
import java.util.logging.Logger;
import javax.enterprise.context.RequestScoped;
@@ -43,5 +44,10 @@ public FacesContext getFacesContext() {
return FacesContext.getCurrentInstance();
}
+ @Named
+ @Produces
+ public String getLoggedInUserName(Principal principal) {
+ return principal.getName();
+ }
}
diff --git a/deltaspike-security/src/main/webapp/WEB-INF/beans.xml b/deltaspike-authorization/src/main/webapp/WEB-INF/beans.xml
similarity index 100%
rename from deltaspike-security/src/main/webapp/WEB-INF/beans.xml
rename to deltaspike-authorization/src/main/webapp/WEB-INF/beans.xml
diff --git a/deltaspike-security/src/main/webapp/WEB-INF/faces-config.xml b/deltaspike-authorization/src/main/webapp/WEB-INF/faces-config.xml
similarity index 100%
rename from deltaspike-security/src/main/webapp/WEB-INF/faces-config.xml
rename to deltaspike-authorization/src/main/webapp/WEB-INF/faces-config.xml
diff --git a/deltaspike-security/src/main/webapp/WEB-INF/web.xml b/deltaspike-authorization/src/main/webapp/WEB-INF/web.xml
similarity index 100%
rename from deltaspike-security/src/main/webapp/WEB-INF/web.xml
rename to deltaspike-authorization/src/main/webapp/WEB-INF/web.xml
diff --git a/deltaspike-security/src/main/webapp/error.xhtml b/deltaspike-authorization/src/main/webapp/error.xhtml
similarity index 95%
rename from deltaspike-security/src/main/webapp/error.xhtml
rename to deltaspike-authorization/src/main/webapp/error.xhtml
index 55809b052c..e905a87e9a 100644
--- a/deltaspike-security/src/main/webapp/error.xhtml
+++ b/deltaspike-authorization/src/main/webapp/error.xhtml
@@ -41,7 +41,7 @@ limitations under the License.
diff --git a/deltaspike-security/src/main/webapp/index.html b/deltaspike-authorization/src/main/webapp/index.html
similarity index 100%
rename from deltaspike-security/src/main/webapp/index.html
rename to deltaspike-authorization/src/main/webapp/index.html
diff --git a/deltaspike-security/src/main/webapp/login-error.xhtml b/deltaspike-authorization/src/main/webapp/login-error.xhtml
similarity index 100%
rename from deltaspike-security/src/main/webapp/login-error.xhtml
rename to deltaspike-authorization/src/main/webapp/login-error.xhtml
diff --git a/deltaspike-security/src/main/webapp/login.xhtml b/deltaspike-authorization/src/main/webapp/login.xhtml
similarity index 100%
rename from deltaspike-security/src/main/webapp/login.xhtml
rename to deltaspike-authorization/src/main/webapp/login.xhtml
diff --git a/deltaspike-security/src/main/webapp/template.xhtml b/deltaspike-authorization/src/main/webapp/template.xhtml
similarity index 100%
rename from deltaspike-security/src/main/webapp/template.xhtml
rename to deltaspike-authorization/src/main/webapp/template.xhtml
diff --git a/deltaspike-security/src/main/webapp/welcome.xhtml b/deltaspike-authorization/src/main/webapp/welcome.xhtml
similarity index 72%
rename from deltaspike-security/src/main/webapp/welcome.xhtml
rename to deltaspike-authorization/src/main/webapp/welcome.xhtml
index 998134c750..6f02456469 100644
--- a/deltaspike-security/src/main/webapp/welcome.xhtml
+++ b/deltaspike-authorization/src/main/webapp/welcome.xhtml
@@ -26,15 +26,15 @@ limitations under the License.
-->
Welcome
- Welcome to the secured page!
+ Welcome to the restricted page!
- Welcome #{facesContext.externalContext.userPrincipal.name}!
-
+ Welcome #{loggedInUserName}!
+
- Execute some action:
-
-
+ Execute an action:
+
+
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/ErrorController.java b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/ErrorController.java
deleted file mode 100644
index e1822ab053..0000000000
--- a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/ErrorController.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2012, Red Hat, Inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-
-package org.jboss.as.quickstarts.deltaspike.security;
-
-import javax.enterprise.inject.Model;
-import javax.faces.context.FacesContext;
-
-/**
- * @author Rafael Benevides
- *
- */
-//The @Model stereotype is a convenience mechanism to make this a request-scoped bean that has an
-//EL name
-//Read more about the @Model stereotype in this FAQ:
-//http://sfwk.org/Documentation/WhatIsThePurposeOfTheModelAnnotation
-@Model
-public class ErrorController {
-
- //This method return the stack trace string from the Exception
- public String getStackTrace() {
- Throwable throwable = (Throwable) FacesContext.getCurrentInstance().getExternalContext().getRequestMap().get("javax.servlet.error.exception");
- StringBuilder builder = new StringBuilder();
- builder.append(throwable.getMessage()).append("\n");
- for (StackTraceElement element : throwable.getStackTrace()) {
- builder.append(element).append("\n");
- }
- return builder.toString();
- }
-
-}