[aerogear-dev] [aerogear-controller] Handling SecurityProvider Exceptions/Events

Daniel Bevenius daniel.bevenius at gmail.com
Fri Nov 2 03:45:12 EDT 2012 

That makes sense for sure. How about a SecurityDecision or
SecurityResult class that a SecurityProvider can return.

public class SecurityDecision {
    public boolean allowed() {
         return allowed;
    }

    public Response response() {
        return response;
    }

}
Response would contain the statusCode and statusMessage to be returned
to the caller.


On 2 November 2012 07:58, Bruno Oliveira <bruno at abstractj.org> wrote:
> Great gist my friend! I was wondering about another alternative more simple.
> Currently AeroGear security implements HttpStatusAwareException (I'll rename
> to HttpStatusAware and qmx is responsible for the hipster name)
>
> public class AeroGearSecurityMeh implements HttpStatusAware {
>
>     @Override
>     public int getStatus() {
>       //something here
>     }
>
>     @Override
>     public String getMessage() {
>       //something here
>     }
> }
>
> Then in AeroGearSecurityProvider we could change the method return and do
> something like this:
>
> public class AeroGearSecurityProvider implements SecurityProvider {
>
>     @Inject
>     private AeroGearPrincipal principal;
>
>     @Override
>     public AeroGearSecurityMeh isRouteAllowed(Route route) throws
> ServletException {
>
>         if (!principal.hasRoles(route.getRoles())) {
>             return new AeroGearSecurityMeh(1, "Geez, authentication has
> failed");
>         }
>     }
> }
>
> Wdyt? Makes sense?
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> On Thursday, November 1, 2012 at 6:14 AM, Daniel Bevenius wrote:
>
> Hi,
>
> I'm working on AEROGEAR-581 and have put together some background
> information and some prototype code in this gist:
> https://gist.github.com/3992369
>
> If you read the conclusion section you'll see that I'm not convinced
> that CDI events are a good fit in this specific situation, but I'd be
> happy to learn otherwise :)
>
> Thanks,
>
> /Dan
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>

More information about the aerogear-dev mailing list