Security Example : Spring Aspect « Spring « Java






Security Example


/*
Pro Spring
By Rob Harrop
Jan Machacek
ISBN: 1-59059-461-4
Publisher: Apress
*/



///////////////////////////////////////////////////////////////////////////////////////
class UserInfo {
    private String userName;

    private String password;

    public UserInfo(String userName, String password) {
        this.userName = userName;
        this.password = password;
    }
    
    public String getPassword() {
        return password;
    }
    public String getUserName() {
        return userName;
    }
}

///////////////////////////////////////////////////////////////////////////////////////
public class SecureBean {

    public void writeSecureMessage() {
        System.out.println("Every time I learn something new, "
                + "it pushes some old stuff out my brain");
    }
}

///////////////////////////////////////////////////////////////////////////////////////

import java.lang.reflect.Method;

import org.springframework.aop.MethodBeforeAdvice;

public class SecurityAdvice implements MethodBeforeAdvice {

    private SecurityManager securityManager;

    public SecurityAdvice() {
        this.securityManager = new SecurityManager();
    }

    public void before(Method method, Object[] args, Object target)
            throws Throwable {
        UserInfo user = securityManager.getLoggedOnUser();

        if (user == null) {
            System.out.println("No user authenticated");
            throw new SecurityException(
                    "You must login before attempting to invoke the method: "
                            + method.getName());
        } else if ("robh".equals(user.getUserName())) {
            System.out.println("Logged in user is robh - OKAY!");
        } else {
            System.out.println("Logged in user is " + user.getUserName()
                    + " NOT GOOD :(");
            throw new SecurityException("User " + user.getUserName()
                    + " is not allowed access to method " + method.getName());
        }

    }
}

///////////////////////////////////////////////////////////////////////////////////////
public class SecurityManager {

    private static ThreadLocal threadLocal = new ThreadLocal();

    public void login(String userName, String password) {
        // assumes that all credentials
        // are valid for a login
        threadLocal.set(new UserInfo(userName, password));
    }

    public void logout() {
        threadLocal.set(null);
        int x = 0;
    }

    public UserInfo getLoggedOnUser() {
        return (UserInfo) threadLocal.get();
    }
}

///////////////////////////////////////////////////////////////////////////////////////


import org.springframework.aop.framework.ProxyFactory;

public class SecurityExample {

    public static void main(String[] args) {
        // get the security manager
        SecurityManager mgr = new SecurityManager();
        
        // get the bean
        SecureBean bean = getSecureBean();

        // try as robh
        mgr.login("robh", "pwd");
        bean.writeSecureMessage();
        mgr.logout();
        
        // try as janm
        try {
            mgr.login("janm", "pwd");
            bean.writeSecureMessage();
        } catch(SecurityException ex) {
            System.out.println("Exception Caught: " + ex.getMessage());
        } finally {
            mgr.logout();
        }
        
        // try with no credentials
        try {
            bean.writeSecureMessage();
        } catch(SecurityException ex) {
            System.out.println("Exception Caught: " + ex.getMessage());
        }

    }
    
    private static SecureBean getSecureBean() {
        // create the target
        SecureBean target = new SecureBean();

        // create the advice
        SecurityAdvice advice = new SecurityAdvice();
        
        // get the proxy
        ProxyFactory factory = new ProxyFactory();
        factory.setTarget(target);
        factory.addAdvice(advice);
        SecureBean proxy = (SecureBean)factory.getProxy();
        
        return proxy;
        
    }
}

           
       








SecurityExample.zip( 1,481 k)

Related examples in the same category

1.Profiling Example
2.Introduction Config Example
3.Simple After Returning Advice
4.Simple Before Advice
5.Simple Throws Advice
6.Composable Pointcut Example
7.Control Flow Example
8.Dynamic Pointcut Example
9.Hello World With Pointcut
10.Spring Aspect Introduction Example
11.Static Pointcut Example
12.Name Pointcut Example
13.Name Pointcut Using Advisor
14.Proxy Factory Bean Example
15.Proxy Perf Test
16.Regexp Pointcut Example
17.After Advice Example
18.AspectJ Example from Pro Spring
19.Aspect Hello World Example