Security Example
/* Pro Spring By Rob Harrop Jan Machacek ISBN: 1-59059-461-4 Publisher: Apress *//////////////////////////////////////////////////////////////////////////////////////// class UserInfo { private String userName; private String password; public UserInfo(String userName, String password) { this.userName = userName; this.password = password; } public String getPassword() { return password; } public String getUserName() { return userName; } } /////////////////////////////////////////////////////////////////////////////////////// publicclass SecureBean { publicvoid writeSecureMessage() { System.out.println("Every time I learn something new, " + "it pushes some old stuff out my brain"); } } /////////////////////////////////////////////////////////////////////////////////////// import java.lang.reflect.Method; import org.springframework.aop.MethodBeforeAdvice; publicclass SecurityAdvice implements MethodBeforeAdvice { private SecurityManager securityManager; public SecurityAdvice() { this.securityManager = new SecurityManager(); } publicvoid before(Method method, Object[] args, Object target) throws Throwable { UserInfo user = securityManager.getLoggedOnUser(); if (user == null) { System.out.println("No user authenticated"); thrownew SecurityException( "You must login before attempting to invoke the method: " + method.getName()); } elseif ("robh".equals(user.getUserName())) { System.out.println("Logged in user is robh - OKAY!"); } else { System.out.println("Logged in user is " + user.getUserName() + " NOT GOOD :("); thrownew SecurityException("User " + user.getUserName() + " is not allowed access to method " + method.getName()); } } } /////////////////////////////////////////////////////////////////////////////////////// publicclass SecurityManager { privatestatic ThreadLocal threadLocal = new ThreadLocal(); publicvoid login(String userName, String password) { // assumes that all credentials // are valid for a login threadLocal.set(new UserInfo(userName, password)); } publicvoid logout() { threadLocal.set(null); int x = 0; } public UserInfo getLoggedOnUser() { return (UserInfo) threadLocal.get(); } } /////////////////////////////////////////////////////////////////////////////////////// import org.springframework.aop.framework.ProxyFactory; publicclass SecurityExample { publicstaticvoid main(String[] args) { // get the security manager SecurityManager mgr = new SecurityManager(); // get the bean SecureBean bean = getSecureBean(); // try as robh mgr.login("robh", "pwd"); bean.writeSecureMessage(); mgr.logout(); // try as janm try { mgr.login("janm", "pwd"); bean.writeSecureMessage(); } catch(SecurityException ex) { System.out.println("Exception Caught: " + ex.getMessage()); } finally { mgr.logout(); } // try with no credentials try { bean.writeSecureMessage(); } catch(SecurityException ex) { System.out.println("Exception Caught: " + ex.getMessage()); } } privatestatic SecureBean getSecureBean() { // create the target SecureBean target = new SecureBean(); // create the advice SecurityAdvice advice = new SecurityAdvice(); // get the proxy ProxyFactory factory = new ProxyFactory(); factory.setTarget(target); factory.addAdvice(advice); SecureBean proxy = (SecureBean)factory.getProxy(); return proxy; } } 
SecurityExample.zip( 1,481 k)Related examples in the same category
