Chapter 16. Extensibilty - 0 views
-
16.2. Writing a Security Service
-
login(Object credentials)
-
authorize(AbstractSecurityContext context)
- ...20 more annotations...
-
logout()
-
An implementation of this interface must be thread safe
-
If authorization fails, either because the user is not logged in or because it doesn't have required rights, it must throw an appropriate org.granite.messaging.service.security.SecurityServiceException.
-
Writing a Security Service
-
SecurityService interface
-
nothing to do with a true Flex destination
-
only one instance of this service is used in the entire web-app and will be called by concurrent threads
-
configure
-
login
-
This method is called upon each and every service method call invocations (RemoteObject) or subscribe/publish actions (Consumer/Producer). When used with RemoteObjects, the authorize method is responsible for checking security, calling the service method, and returning the corresponding result.
-
authorize
-
logout
-
handleSecurityException
-
default implementation of this method in AbstractSecurityService is to do nothing
-
security services are not exposed to outside calls
-
configure
-
login
-
authorize
-
logout
-
handleSecurityException