com.gigaspaces.security.spring

Class SpringSecurityManager

java.lang.Object

com.gigaspaces.security.spring.SpringSecurityManager

All Implemented Interfaces:

SecurityManager

public class SpringSecurityManager
extends Object
implements SecurityManager

A Spring security bridge over the GigaSpaces SecurityManager interface. The Spring security configurations are loaded using the FileSystemXmlApplicationContext taking the context definition files from the file system or from URLs. The location of the configuration file is set using the spring-security-config-location property; if not set, a default security-config.xml is considered (if present).

A common GigaSpaces security configuration: ([Gigaspaces root]/config/security/security.properties)

 com.gs.security.security-manager.class = com.gigaspaces.security.spring.SpringSecurityManager
 spring-security-config-location = ../config/security/security-config.xml
 

Since:

7.1.1

Author:

Moran Avigdor

Field Summary

Fields

Modifier and Type	Field and Description
static String	SPRING_SECURITY_CONFIG_LOCATION The security-config xml file location to create a new FileSystemXmlApplicationContext from

Fields inherited from interface com.gigaspaces.security.SecurityManager

SECURITY_MANAGER_CLASS_PROPERTY_KEY

Constructor Summary

Constructors

Constructor and Description
SpringSecurityManager()

Method Summary

Modifier and Type	Method and Description
Authentication	authenticate(UserDetails userDetails) Attempts to authenticate the passed UserDetails object, returning a fully populated Authentication object (including granted authorities) if successful.
void	close() Closes the Spring application context using ConfigurableApplicationContext.close().
protected org.springframework.security.core.Authentication	createAuthenticationRequest(UserDetails userDetails) Creates an Authentication request object to be passed to the AuthenticationManager.authenticate(org.springframework.security.core.Authentication) method on each call to authenticate(UserDetails).
DirectoryManager	createDirectoryManager(UserDetails userDetails) Throws a DirectoryAccessDeniedException on any attempt to manage the users/roles using this API.
void	init(Properties properties) Initialize the security manager using the spring security configuration.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SPRING_SECURITY_CONFIG_LOCATION

public static final String SPRING_SECURITY_CONFIG_LOCATION

The security-config xml file location to create a new FileSystemXmlApplicationContext from

See Also:

Constant Field Values

Constructor Detail

SpringSecurityManager

public SpringSecurityManager()

Method Detail

init

public void init(Properties properties)
          throws SecurityException

Initialize the security manager using the spring security configuration.

Specified by:

init in interface SecurityManager

Parameters:

properties - properties to use configure this instance.

Throws:

SecurityException

authenticate

public Authentication authenticate(UserDetails userDetails)
                            throws AuthenticationException

Attempts to authenticate the passed UserDetails object, returning a fully populated Authentication object (including granted authorities) if successful.

The API call is delegated to the configured AuthenticationManager, using a UsernamePasswordAuthenticationToken , converting the returned Authentication object (including fully populated granted authorities) to the GigaSpaces Authentication object.

Specified by:

authenticate in interface SecurityManager

Parameters:

userDetails - The GigaSpaces user details request object

Returns:

a fully authenticated object including authorities

Throws:

AuthenticationException - if authentication fails

createAuthenticationRequest

protected org.springframework.security.core.Authentication createAuthenticationRequest(UserDetails userDetails)

Creates an Authentication request object to be passed to the AuthenticationManager.authenticate(org.springframework.security.core.Authentication) method on each call to authenticate(UserDetails).

This method can be overridden by subclasses which require authentication request other than the default UsernamePasswordAuthenticationToken.

Parameters:

userDetails - The GigaSpaces user details request object

Returns:

an authentication request object

close

public void close()

Closes the Spring application context using ConfigurableApplicationContext.close().

Specified by:

close in interface SecurityManager

createDirectoryManager

public DirectoryManager createDirectoryManager(UserDetails userDetails)
                                        throws AuthenticationException,
                                               AccessDeniedException

Throws a DirectoryAccessDeniedException on any attempt to manage the users/roles using this API.

Specified by:

createDirectoryManager in interface SecurityManager

Parameters:

userDetails - the user request object

Returns:

a directory manager instance

Throws:

AuthenticationException - if authentication fails for the specified user

AccessDeniedException - if not granted sufficient access required to manage role details

DirectoryAccessDeniedException - if the directory should not be managed by API.