Package com.oorian.security

Interface SecurityHandler

public interface SecurityHandler
Interface for application-specific authentication and authorization logic.

Implement this interface to define how the Oorian framework verifies user authentication, roles, and permissions when security annotations are present on page classes.

Register your implementation in the Application subclass:


 @WebListener
 public class MyApplication extends Application {
     @Override
     protected void initialize(AppContext appContext) {
         setSecurityHandler(new MySecurityHandler());
         registerPackage("com.mycompany.pages");
     }
 }

Implementation Example:


 public class MySecurityHandler implements SecurityHandler {
     @Override
     public boolean isAuthenticated(OorianSession session) {
         return session.getAttribute("user") != null;
     }

     @Override
     public boolean hasRole(OorianSession session, String role) {
         User user = (User) session.getAttribute("user");
         return user != null && user.getRoles().contains(role);
     }

     @Override
     public boolean hasPermission(OorianSession session, String permission) {
         User user = (User) session.getAttribute("user");
         return user != null && user.getPermissions().contains(permission);
     }
 }
Since:
2.1
Version:
1.0
Author:
Marvin P. Warble Jr.
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    default String
    getLoginUrl()
    Returns the URL to redirect to when authentication is required but the user is not authenticated.
    boolean
    hasPermission(OorianSession session, String permission)
    Checks whether the current user has the specified permission.
    boolean
    hasRole(OorianSession session, String role)
    Checks whether the current user has the specified role.
    boolean
    isAuthenticated(OorianSession session)
    Checks whether the current user is authenticated.

  • Method Details

    • isAuthenticated

      boolean isAuthenticated(OorianSession session)
      Checks whether the current user is authenticated.
      Parameters:
      session - the current Oorian session
      Returns:
      true if the user is authenticated, false otherwise

    • hasRole

      boolean hasRole(OorianSession session, String role)
      Checks whether the current user has the specified role.

      This method is only called after isAuthenticated(OorianSession) returns true.

      Parameters:
      session - the current Oorian session
      role - the role to check
      Returns:
      true if the user has the role, false otherwise

    • hasPermission

      boolean hasPermission(OorianSession session, String permission)
      Checks whether the current user has the specified permission.

      This method is only called after isAuthenticated(OorianSession) returns true.

      Parameters:
      session - the current Oorian session
      permission - the permission to check
      Returns:
      true if the user has the permission, false otherwise

    • getLoginUrl

      default String getLoginUrl()
      Returns the URL to redirect to when authentication is required but the user is not authenticated.

      If this method returns null, a 401 Unauthorized response is sent instead of a redirect. Override this to redirect unauthenticated users to a login page.

      Returns:
      the login page URL, or null to send a 401 response