[aerogear-dev] [aerogear-controller] Handling SecurityProvider Exceptions/Events

Daniel Bevenius daniel.bevenius at gmail.com
Fri Nov 2 10:54:04 EDT 2012 

I've pushed a suggestion and tried to explain it here:
https://gist.github.com/4001775

Let me know what you think.

Thanks,


On 2 November 2012 08:45, Daniel Bevenius <daniel.bevenius at gmail.com> wrote:
> That makes sense for sure. How about a SecurityDecision or
> SecurityResult class that a SecurityProvider can return.
>
> public class SecurityDecision {
>     public boolean allowed() {
>          return allowed;
>     }
>
>     public Response response() {
>         return response;
>     }
>
> }
> Response would contain the statusCode and statusMessage to be returned
> to the caller.
>
>
> On 2 November 2012 07:58, Bruno Oliveira <bruno at abstractj.org> wrote:
>> Great gist my friend! I was wondering about another alternative more simple.
>> Currently AeroGear security implements HttpStatusAwareException (I'll rename
>> to HttpStatusAware and qmx is responsible for the hipster name)
>>
>> public class AeroGearSecurityMeh implements HttpStatusAware {
>>
>>     @Override
>>     public int getStatus() {
>>       //something here
>>     }
>>
>>     @Override
>>     public String getMessage() {
>>       //something here
>>     }
>> }
>>
>> Then in AeroGearSecurityProvider we could change the method return and do
>> something like this:
>>
>> public class AeroGearSecurityProvider implements SecurityProvider {
>>
>>     @Inject
>>     private AeroGearPrincipal principal;
>>
>>     @Override
>>     public AeroGearSecurityMeh isRouteAllowed(Route route) throws
>> ServletException {
>>
>>         if (!principal.hasRoles(route.getRoles())) {
>>             return new AeroGearSecurityMeh(1, "Geez, authentication has
>> failed");
>>         }
>>     }
>> }
>>
>> Wdyt? Makes sense?
>>
>> --
>> "The measure of a man is what he does with power" - Plato
>> -
>> @abstractj
>> -
>> Volenti Nihil Difficile
>>
>> On Thursday, November 1, 2012 at 6:14 AM, Daniel Bevenius wrote:
>>
>> Hi,
>>
>> I'm working on AEROGEAR-581 and have put together some background
>> information and some prototype code in this gist:
>> https://gist.github.com/3992369
>>
>> If you read the conclusion section you'll see that I'm not convinced
>> that CDI events are a good fit in this specific situation, but I'd be
>> happy to learn otherwise :)
>>
>> Thanks,
>>
>> /Dan
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>

More information about the aerogear-dev mailing list