| Home >> All >> net >> sf >> [ acegisecurity Javadoc ] |
Page 1 2
• net.sf.acegisecurity: Javadoc index of package net.sf.acegisecurity.
Package Samples:
• net.sf.acegisecurity.ui.x509: Authentication processing mechanisms, which respond to the submission of authentication credentials using various protocols (eg BASIC, CAS, form login etc).
• net.sf.acegisecurity.ui.basicauth: Authentication processing mechanisms, which respond to the submission of authentication credentials using various protocols (eg BASIC, CAS, form login etc).
• net.sf.acegisecurity.providers.cas.cache: An authentication provider that can process Yale Central Authentication Service (CAS) service tickets and proxy tickets.
• net.sf.acegisecurity.intercept.method.aopalliance: Provides support objects for securing Java method invocations via different AOP libraries.
• net.sf.acegisecurity.adapters.resin: Allows external containers to obtain authentication information from the system.
• net.sf.acegisecurity.adapters.jboss: Allows external containers to obtain authentication information from the system.
• net.sf.acegisecurity.adapters.cas: Allows external containers to obtain authentication information from the system.
• net.sf.acegisecurity.acl.basic: Enables retrieval of access control lists (ACLs) for domain object instances.
• net.sf.acegisecurity.intercept.event: Actually enforces the security and ties the whole security system together.
• net.sf.acegisecurity.taglibs.authz: Provides core Acegi Security System for Spring interfaces and classes.
• net.sf.acegisecurity.securechannel: Provides core Acegi Security System for Spring interfaces and classes.
• net.sf.acegisecurity.context: Provides core Acegi Security System for Spring interfaces and classes.
• net.sf.acegisecurity.intercept: Provides core Acegi Security System for Spring interfaces and classes.
• net.sf.acegisecurity.providers.dao.salt: An authentication provider that relies upon a data access object.
• net.sf.acegisecurity.providers.rememberme: Implements a provider-based approach to authentication decisions.
• net.sf.acegisecurity.acl.basic.jdbc: Access control list implementation based on integer bit masks.
• net.sf.acegisecurity.acl.basic.cache: Access control list implementation based on integer bit masks.
• net.sf.acegisecurity.context.rmi: Provides a "request context".
• net.sf.acegisecurity.context.httpinvoker: Provides a "request context".
• net.sf.acegisecurity.ui
Classes:
• JaasAuthenticationProvider: An net.sf.acegisecurity.providers.AuthenticationProvider implementation that retrieves user details from a JAAS login configuration. This AuthenticationProvider is capable of validating net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken requests contain the correct username and password. This implementation is backed by a JAAS configuration. The loginConfig property must be set to a given JAAS configuration file. This setter accepts a Spring org.springframework.core.io.Resource instance. It should point to a JAAS configuration file containing an index matching the loginContextName ...
• BasicAclEntryVoter: Given a domain object instance passed as a method argument, ensures the principal has appropriate permission as defined by the net.sf.acegisecurity.acl.AclManager . The AclManager is used to retrieve the access control list (ACL) permissions associated with a domain object instance for the current Authentication object. This class is designed to process net.sf.acegisecurity.acl.AclEntry s that are subclasses of net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry only. Generally these are obtained by using the net.sf.acegisecurity.acl.basic.BasicAclProvider . The voter will vote if any ConfigAttribute.getAttribute() ...
• AbstractSecurityInterceptor: Abstract class that implements security interception for secure objects. The AbstractSecurityInterceptor will ensure the proper startup configuration of the security interceptor. It will also implement the proper handling of secure object invocations, being: Extract the net.sf.acegisecurity.context.security.SecureContext from the net.sf.acegisecurity.context.ContextHolder , handling any errors such as invalid or null objects. Obtain the net.sf.acegisecurity.Authentication object from the extracted SecureContext . Determine if the request relates to a secured or public invocation by looking up the ...
• FilterChainProxy: Delegates Filter requests to a list of Spring-managed beans. The FilterChainProxy is loaded via a standard FilterToBeanProxy declaration in web.xml . FilterChainProxy will then pass init(FilterConfig) 55 , destroy() 55 , #doInit() and doFilter(ServletRequest, ServletResponse, FilterChain) 55 invocations through to each Filter defined against FilterChainProxy . FilterChainProxy is configured using a standard net.sf.acegisecurity.intercept.web.FilterInvocationDefinitionSource . Each possible URI pattern that FilterChainProxy should service must be entered. The first matching URI pattern located by ...
• BasicAclEntryAfterInvocationCollectionFilteringProvider: Given a Collection of domain object instances returned from a secure object invocation, remove any Collection elements the principal does not have appropriate permission to access as defined by the net.sf.acegisecurity.acl.AclManager . The AclManager is used to retrieve the access control list (ACL) permissions associated with each Collection domain object instance element for the current Authentication object. This class is designed to process net.sf.acegisecurity.acl.AclEntry s that are subclasses of net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry only. Generally these are obtained by using ...
• PasswordDaoAuthenticationProvider: An net.sf.acegisecurity.providers.AuthenticationProvider implementation that retrieves user details from a PasswordAuthenticationDao . This AuthenticationProvider is capable of validating net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken requests containing the correct username, password and when the user is not disabled. Unlike DaoAuthenticationProvider , the responsibility for password validation is delegated to PasswordAuthenticationDao . Upon successful validation, a UsernamePasswordAuthenticationToken will be created and returned to the caller. The token will include as its ...
• AbstractProcessingFilter: Abstract processor of browser-based HTTP-based authentication requests. This filter is responsible for processing authentication requests. If authentication is successful, the resulting net.sf.acegisecurity.Authentication object will be placed into the ContextHolder , which is guaranteed to have already been created by an earlier filter. If authentication fails, the AuthenticationException will be placed into the HttpSession with the attribute defined by ACEGI_SECURITY_LAST_EXCEPTION_KEY 55 . To use this filter, it is necessary to specify the following properties: defaultTargetUrl indicates the ...
• FilterToBeanProxy: Delegates Filter requests to a Spring-managed bean. This class acts as a proxy on behalf of a target Filter that is defined in the Spring bean context. It is necessary to specify which target Filter should be proxied as a filter initialization parameter. On filter initialisation, the class will use Spring's WebApplicationContextUtils.getWebApplicationContext(ServletContext sc) > WebApplicationContextUtils.getWebApplicationContext(ServletContext sc) 55 method to obtain an ApplicationContext instance. It will expect to find the target Filter in this ApplicationContext . To use this filter, it is ...
• DaoAuthenticationProvider: An net.sf.acegisecurity.providers.AuthenticationProvider implementation that retrieves user details from an AuthenticationDao . This AuthenticationProvider is capable of validating net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken requests contain the correct username, password and the user is not disabled. Upon successful validation, a UsernamePasswordAuthenticationToken will be created and returned to the caller. The token will include as its principal either a String representation of the username, or the net.sf.acegisecurity.UserDetails that was returned from the authentication ...
• BasicAclEntryAfterInvocationProvider: Given a domain object instance returned from a secure object invocation, ensures the principal has appropriate permission as defined by the net.sf.acegisecurity.acl.AclManager . The AclManager is used to retrieve the access control list (ACL) permissions associated with a domain object instance for the current Authentication object. This class is designed to process net.sf.acegisecurity.acl.AclEntry s that are subclasses of net.sf.acegisecurity.acl.basic.AbstractBasicAclEntry only. Generally these are obtained by using the net.sf.acegisecurity.acl.basic.BasicAclProvider . This after invocation ...
• TokenBasedRememberMeServices: Identifies previously remembered users by a Base-64 encoded cookie. This implementation does not rely on an external database, so is attractive for simple applications. The cookie will be valid for a specific period from the date of the last loginSuccess(HttpServletRequest, HttpServletResponse, Authentication) 55 . As per the interface contract, this method will only be called when the principal completes a successful interactive authentication. As such the time period commences from the last authentication attempt where they furnished credentials - not the time period they last logged in via remember-me. ...
• HttpSessionContextIntegrationFilter: Populates the ContextHolder with information obtained from the HttpSession . The HttpSession will be queried to retrieve the Context that should be stored against the ContextHolder for the duration of the web request. At the end of the web request, any updates made to the ContextHolder will be persisted back to the HttpSession by this filter. If a valid Context cannot be obtained from the HttpSession for whatever reason, a fresh Context will be created and used instead. The created object will be of the instance defined by the setContext(Class) 55 method. No HttpSession will be created by this ...
• SecurityEnforcementFilter: Wraps requests to the FilterSecurityInterceptor . This filter is necessary because it provides the bridge between incoming requests and the FilterSecurityInterceptor instance. If an net.sf.acegisecurity.AuthenticationException is detected, the filter will launch the authenticationEntryPoint . This allows common handling of authentication failures originating from any subclass of net.sf.acegisecurity.intercept.AbstractSecurityInterceptor . If an net.sf.acegisecurity.AccessDeniedException is detected, the filter will determine whether or not the user is an anonymous user. If they are an anonymous ...
• BasicAclProvider: Retrieves access control lists (ACL) entries for domain object instances from a data access object (DAO). This implementation will provide ACL lookup services for any object that it can determine the AclObjectIdentity for by calling the obtainIdentity(Object) 55 method. Subclasses can override this method if they only want the BasicAclProvider responding to particular domain object instances. BasicAclProvider will walk an inheritance hierarchy if a BasicAclEntry returned by the DAO indicates it has a parent. NB: inheritance occurs at a domain instance object level. It does not occur at an ACL recipient ...
• BasicProcessingFilter: Processes a HTTP request's BASIC authorization headers, putting the result into the ContextHolder . For a detailed background on what this filter is designed to process, refer to RFC 1945, Section 11.1 . Any realm name presented in the HTTP request is ignored. In summary, this filter is responsible for processing any request that has a HTTP request header of Authorization with an authentication scheme of Basic and a Base64-encoded username:password token. For example, to authenticate user "Aladdin" with password "open sesame" the following header would be presented: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== ...
• DigestProcessingFilter: Processes a HTTP request's Digest authorization headers, putting the result into the ContextHolder . For a detailed background on what this filter is designed to process, refer to RFC 2617 (which superseded RFC 2069, although this filter support clients that implement either RFC 2617 or RFC 2069). This filter can be used to provide Digest authentication services to both remoting protocol clients (such as Hessian and SOAP) as well as standard user agents (such as Internet Explorer and FireFox). This Digest implementation has been designed to avoid needing to store session state between invocations. ...
• AnonymousProcessingFilter: Detects if there is no Authentication object in the ContextHolder , and populates it with one if needed. In summary, this filter is responsible for processing any request that has a HTTP request header of Authorization with an authentication scheme of Basic and a Base64-encoded username:password token. For example, to authenticate user "Aladdin" with password "open sesame" the following header would be presented: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== . This filter can be used to provide BASIC authentication services to both remoting protocol clients (such as Hessian and SOAP) as well ...
• RunAsManagerImpl: Basic concrete implementation of a net.sf.acegisecurity.RunAsManager . Is activated if any ConfigAttribute.getAttribute() > ConfigAttribute.getAttribute() 55 is prefixed with RUN_AS_ . If found, it generates a new RunAsUserToken containing the same principal, credentials and granted authorities as the original net.sf.acegisecurity.Authentication object, along with net.sf.acegisecurity.GrantedAuthorityImpl s for each RUN_AS_ indicated. The created GrantedAuthorityImpl s will be prefixed with a special prefix indicating that it is a role (default prefix value is ROLE_ ), and then the remainder of ...
• RunAsManager: Creates a new temporary Authentication object for the current secure object invocation only. This interface permits implementations to replace the Authentication object that applies to the current secure object invocation only. The net.sf.acegisecurity.intercept.AbstractSecurityInterceptor will replace the Authentication object held in the net.sf.acegisecurity.context.security.SecureContext for the duration of the secure object callback only, returning it to the original Authentication object when the callback ends. This is provided so that systems with two layers of objects can be established. ...
• StatelessTicketCache: Caches CAS service tickets and CAS proxy tickets for stateless connections. When a service ticket or proxy ticket is validated against the CAS server, it is unable to be used again. Most types of callers are stateful and are associated with a given HttpSession . This allows the affirmative CAS validation outcome to be stored in the HttpSession , meaning the removal of the ticket from the CAS server is not an issue. Stateless callers, such as remoting protocols, cannot take advantage of HttpSession . If the stateless caller is located a significant network distance from the CAS server, acquiring ...
• CasPasswordHandlerProxy: Enables CAS to use the Acegi Security System for authentication. This class works along with CasPasswordHandler to enable users to easily migrate from stand-alone Acegi Security System deployments to enterprise-wide CAS deployments. It should be noted that the Acegi Security System will operate as a CAS client irrespective of the PasswordHandler used on the CAS server. In other words, this class need not be used on the CAS server if not desired. It exists solely for the convenience of users wishing have CAS delegate to an Acegi Security System-based AuthenticationManager . This class works requires ...
• GrantedAuthorityEffectiveAclsResolver: Simple implementation of EffectiveAclsResolver . This implementation does not need to understand the "recipient" types presented in a BasicAclEntry because it merely delegates to the detected Authentication.getPrincipal() > Authentication.getPrincipal() 55 or Authentication.getAuthorities() > Authentication.getAuthorities() 55 . The principal object or granted authorities object has its Object.equals(recipient) method called to make the decision as to whether the recipient in the BasicAclEntry is the same as the principal or granted authority. This class should prove an adequate ACLs resolver if ...
• RoleVoter: Votes if any ConfigAttribute.getAttribute() > ConfigAttribute.getAttribute() 55 starts with a prefix indicating that it is a role. The default prefix string is ROLE_ , but this may be overriden to any value. It may also be set to empty, which means that essentially any attribute will be voted on. As described further below, the effect of an empty prefix may not be quite desireable. Abstains from voting if no configuration attribute commences with the role prefix. Votes to grant access if there is an exact matching net.sf.acegisecurity.GrantedAuthority to a ConfigAttribute starting with the role ...
• CasProcessingFilter: Processes a CAS service ticket. A service ticket consists of an opaque ticket string. It arrives at this filter by the user's browser successfully authenticating using CAS, and then receiving a HTTP redirect to a service . The opaque ticket string is presented in the ticket request parameter. This filter monitors the service URL so it can receive the service ticket and process it. The CAS server knows which service URL to use via the ServiceProperties.getService() 55 method. Processing the service ticket involves creating a UsernamePasswordAuthenticationToken which uses CAS_STATEFUL_IDENTIFIER ...
• CasProxyDecider: Decides whether a proxy list presented via CAS is trusted or not. CAS 1.0 allowed services to receive a service ticket and then validate it. CAS 2.0 allows services to receive a service ticket and then validate it with a proxy callback URL. The callback will enable the CAS server to authenticate the service. In doing so the service will receive a proxy-granting ticket and a proxy-granting ticket IOU. The IOU is just an internal record that a proxy-granting ticket is due to be received via the callback URL. With a proxy-granting ticket, a service can request the CAS server provides it with a proxy ...
| Home | Contact Us | Privacy Policy | Terms of Service |