org.jsecurity.SecurityUtils
|
JSecurity | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public abstract class SecurityUtils
Accesses the currently accessible Subject for the calling code depending on runtime environment.
| Constructor Summary | |
|---|---|
SecurityUtils()
|
|
| Method Summary | |
|---|---|
static SecurityManager |
getSecurityManager()
Returns the VM (static) singleton SecurityManager. |
static Subject |
getSubject()
Returns the currently accessible Subject available to the calling code depending on runtime environment. |
static void |
setSecurityManager(SecurityManager securityManager)
Sets a VM (static) singleton SecurityManager, specifically for transparent use in the getSubject() implementation. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public SecurityUtils()
| Method Detail |
|---|
public static Subject getSubject()
This method is provided as a way of obtaining a Subject without having to resort to implementation-specific methods. It also allows the JSecurity team to change the underlying implementation of this method in the future depending on requirements/updates without affecting your code that uses it.
public static void setSecurityManager(SecurityManager securityManager)
getSubject() implementation.
This method call exists mainly for framework development support. Application developers should rarely, if ever, need to call this method.
The JSecurity development team prefers that SecurityManager instances are non-static application singletons and not VM static singletons. Application singletons that do not use static memory require some sort of application configuration framework to maintain the application-wide SecurityManager instance for you (for example, Spring or EJB3 environments) such that the object reference does not need to be static.
In these environments, JSecurity acquires Subject data based on the currently executing Thread via its own framework integration code, and this is the preferred way to use JSecurity.
However in some environments, such as a standalone desktop application or Applets that do not use Spring or EJB or similar config frameworks, a VM-singleton might make more sense (although the former is still preferred).
In these environments, setting the SecurityManager via this method will automatically enable thegetSubject() call to function with little configuration.
For example, in these environments, this will work:
DefaultSecurityManager securityManager = new DefaultSecurityManager();
securityManager.setRealms( ... ); //one or more Realms
SecurityUtils.setSecurityManager( securityManager );
And then anywhere in the application code, the following call will return the application's Subject:
Subject currentUser = SecurityUtils.getSubject()
by calling the VM static securityManager.getSubject()
method. Note that the underlying injected SecurityManager still needs to know how to acquire a Subject
instance for the calling code, which might mean from static memory, or a config file, or other
environment-specific means.
securityManager - public static SecurityManager getSecurityManager()
This method is only used in rare occasions. Please read the setSecurityManager
JavaDoc for usage patterns.
|
JSecurity | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||