Demonstrate the creation of a custom authorization example using @SecurityBindingType from DeltaSpike
Security binding is DeltaSpike feature that restricts who can invoke a method (under the covers, it uses interceptors).
To restrict who can invoke a method, we create an annotation, called a security binding type. This quickstart has two security binding types - @AdminAllowed
and @GuestAllowed
.
The quickstart defines an Authorizer
class that implements the restrictions for the security binding types. The authorizer is a CDI bean which defines methods (annotated with `@Secures) which perform the authorization checks for each security binding we create.
In this quickstart the Authorizer
we delegate authentication to JAAS, but other authentication solutions could be used.
Methods on the Controller
bean have been restricted using the security binding types.
The application will be running at the following URL: http://localhost:8080/{artifactId}/.
When you access the application you are redirected to a login form, already filled in with the details of the application user you set up above. Once you have logged into the application you see a page showing your username and two buttons.
When you click on the Employee Method
button you will see the following message: You executed a @EmployeeAllowed method
- you are authorized to invoke this method.
When you click on the Admin Method
button, you are redirected to an error page with the following exception: org.apache.deltaspike.security.api.authorization.AccessDeniedException
because you aren’t authorized to invoke this method.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。