...
Code Block | ||||
---|---|---|---|---|
| ||||
<systemConfig> <\!\[CDATA\[ <config> <users> <user> <username>foo</username> <password>bar</password> </user> </users> </config> \]\]> </systemConfig> |
Using Authentication and Authorization in Application Code
Authentication is typically enabled on a binding configuration. Please refer to the binding chapters for specific examples.
...
The Fabric3 API includes the org.fabric3.api.annotation.security.RolesAllowed annotation, which is used to specify roles required to execute a portion of code. The RolesAllowed annotation can be placed on a method or class (in which case it will be applied to all methods contained in the class) to restrict access to security subjects with certain roles as follows:
Code Block | ||||
---|---|---|---|---|
| ||||
import org.fabric3.api.annotation.security.RolesAllowed;
public class SecureRolesServiceImpl implements SecureService {
@RolesAllowed({"role1", "role2"})
public void call() \{
// ...
}
}
|
Note that the current security subject can be injected using the SCA @Context annotation on a field or setter method that takes the SCA RequestContext type. Alternatively, additional Fabric3 APIs security information including roles can be accessed by using the org.fabric3.api.Fabric3RequestContext type in place of the SCA RequestContext type.
Code Block | ||||
---|---|---|---|---|
| ||||
import org.fabric3.api.Fabric3RequestContext; public class SecureRolesServiceImpl implements SecureService { @Context protected Fabric3RequestContext context; public void call() \{ SecuritySubject context.getCurrentSubject(); String userName = context.getUsername(); // iterate roles for (Role role: context.getRoles() { String roleName = role.getName(); } } } |
Simulating Authentication in Integration Tests
...