/*
Pro Spring
By Rob Harrop
Jan Machacek
ISBN: 1-59059-461-4
Publisher: Apress
*/
///////////////////////////////////////////////////////////////////////////////////////
class UserInfo {
private String userName;
private String password;
public UserInfo(String userName, String password) {
this.userName = userName;
this.password = password;
}
public String getPassword() {
return password;
}
public String getUserName() {
return userName;
}
}
///////////////////////////////////////////////////////////////////////////////////////
public class SecureBean {
public void writeSecureMessage() {
System.out.println("Every time I learn something new, "
+ "it pushes some old stuff out my brain");
}
}
///////////////////////////////////////////////////////////////////////////////////////
import java.lang.reflect.Method;
import org.springframework.aop.MethodBeforeAdvice;
public class SecurityAdvice implements MethodBeforeAdvice {
private SecurityManager securityManager;
public SecurityAdvice() {
this.securityManager = new SecurityManager();
}
public void before(Method method, Object[] args, Object target)
throws Throwable {
UserInfo user = securityManager.getLoggedOnUser();
if (user == null) {
System.out.println("No user authenticated");
throw new SecurityException(
"You must login before attempting to invoke the method: "
+ method.getName());
} else if ("robh".equals(user.getUserName())) {
System.out.println("Logged in user is robh - OKAY!");
} else {
System.out.println("Logged in user is " + user.getUserName()
+ " NOT GOOD :(");
throw new SecurityException("User " + user.getUserName()
+ " is not allowed access to method " + method.getName());
}
}
}
///////////////////////////////////////////////////////////////////////////////////////
public class SecurityManager {
private static ThreadLocal threadLocal = new ThreadLocal();
public void login(String userName, String password) {
// assumes that all credentials
// are valid for a login
threadLocal.set(new UserInfo(userName, password));
}
public void logout() {
threadLocal.set(null);
int x = 0;
}
public UserInfo getLoggedOnUser() {
return (UserInfo) threadLocal.get();
}
}
///////////////////////////////////////////////////////////////////////////////////////
import org.springframework.aop.framework.ProxyFactory;
public class SecurityExample {
public static void main(String[] args) {
// get the security manager
SecurityManager mgr = new SecurityManager();
// get the bean
SecureBean bean = getSecureBean();
// try as robh
mgr.login("robh", "pwd");
bean.writeSecureMessage();
mgr.logout();
// try as janm
try {
mgr.login("janm", "pwd");
bean.writeSecureMessage();
} catch(SecurityException ex) {
System.out.println("Exception Caught: " + ex.getMessage());
} finally {
mgr.logout();
}
// try with no credentials
try {
bean.writeSecureMessage();
} catch(SecurityException ex) {
System.out.println("Exception Caught: " + ex.getMessage());
}
}
private static SecureBean getSecureBean() {
// create the target
SecureBean target = new SecureBean();
// create the advice
SecurityAdvice advice = new SecurityAdvice();
// get the proxy
ProxyFactory factory = new ProxyFactory();
factory.setTarget(target);
factory.addAdvice(advice);
SecureBean proxy = (SecureBean)factory.getProxy();
return proxy;
}
}
|
SecurityExample.zip( 1,481 k)