Package security

Class InMemorySecuredResourceScanner

java.lang.Object

security.AbstractSecuredResourceScanner

security.InMemorySecuredResourceScanner

All Implemented Interfaces:

jakarta.servlet.ServletContextListener, EventListener

public class InMemorySecuredResourceScanner
extends AbstractSecuredResourceScanner

In-memory implementation of AbstractSecuredResourceScanner.

This is the declarative (InMemory) approach to access control — the default provided by the DynTabs library. Secured resources and their allowed roles are declared directly in annotations (@DynTab(securedResource=true, allowedRoles=...) and @AccessCheck(allowedRoles=...)) and stored in memory at deploy time.

Stores secured resources in a static ConcurrentHashMap, keyed by resource identifier (either @DynTab.uniqueIdentifier for tab-level security, or fully qualified method name for method-level security). Also stores the declared allowedRoles for each resource, which are read by the paired InMemoryAccessCheckInterceptor at runtime.

Must be paired with InMemoryAccessCheckInterceptor.

Alternative: For applications needing dynamic, admin-managed access rules, the developer creates a custom DBSecuredResourceScanner (extending AbstractSecuredResourceScanner) that writes resources to a database table, ignoring the allowedRoles annotation attribute. Access rules are then managed through an Admin UI and enforced by a custom DBAccessCheckInterceptor.

Registration in web.xml:

 <listener>
     <listener-class>security.InMemorySecuredResourceScanner</listener-class>
 </listener>
 

Author:

DynTabs

See Also:

• AbstractSecuredResourceScanner
• InMemoryAccessCheckInterceptor

Field Summary

Fields inherited from class security.AbstractSecuredResourceScanner

log

Constructor Summary

Constructors

Constructor	Description
InMemorySecuredResourceScanner()

Method Summary

Modifier and Type	Method	Description
static Set<String>	getAllowedRoles(String resource)	Returns the allowed roles for a secured resource, as declared in the annotation.
static Set<String>	getAllSecuredResources()	Returns an unmodifiable view of all registered secured resources.
static String	getDisplayName(String resource)	Returns the display name of a secured resource.
static boolean	isSecuredResource(String resource)	Checks if a resource is registered as secured.
protected void	registerSecuredResource(Class<?> cls, String resource, String resourceDisplayName, String[] allowedRoles)	Called when a secured resource is discovered (a @DynTab with securedResource=true, or a method annotated with @AccessCheck).
protected void	un_registerSecuredResource(Class<?> cls, String resource, String resourceDisplayName)	Called when a resource is found NOT to be secured (e.g., @DynTab with securedResource=false, or a method without @AccessCheck).

Methods inherited from class security.AbstractSecuredResourceScanner

contextDestroyed, contextInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

InMemorySecuredResourceScanner

public InMemorySecuredResourceScanner()

Method Details

registerSecuredResource

protected void registerSecuredResource(Class<?> cls,
 String resource,
 String resourceDisplayName,
 String[] allowedRoles)

Description copied from class: AbstractSecuredResourceScanner

Called when a secured resource is discovered (a @DynTab with securedResource=true, or a method annotated with @AccessCheck).

InMemory implementations store both the resource and its allowedRoles in memory. DB implementations write the resource to a database table (typically ignoring allowedRoles, since roles are managed via Admin UI).

Specified by:

registerSecuredResource in class AbstractSecuredResourceScanner

Parameters:

cls - the class containing the secured resource

resource - the resource identifier (uniqueIdentifier for tabs, fully qualified method name for methods)

resourceDisplayName - human-readable name for admin UIs

allowedRoles - roles declared in the annotation (may be empty; used by InMemory implementations, ignored by DB implementations)

un_registerSecuredResource

protected void un_registerSecuredResource(Class<?> cls,
 String resource,
 String resourceDisplayName)

Description copied from class: AbstractSecuredResourceScanner

Called when a resource is found NOT to be secured (e.g., @DynTab with securedResource=false, or a method without @AccessCheck).

Useful for cleanup — removing previously registered resources that have been un-secured in a redeployment.

Specified by:

un_registerSecuredResource in class AbstractSecuredResourceScanner

Parameters:

cls - the class containing the resource

resource - the resource identifier

resourceDisplayName - human-readable name (may be null)

isSecuredResource

public static boolean isSecuredResource(String resource)

Checks if a resource is registered as secured.

Parameters:

resource - the resource identifier (@DynTab.uniqueIdentifier or fully qualified method name)

Returns:

true if the resource requires access control

getDisplayName

public static String getDisplayName(String resource)

Returns the display name of a secured resource.

Parameters:

resource - the resource identifier

Returns:

the display name, or null if not a secured resource

getAllowedRoles

public static Set<String> getAllowedRoles(String resource)

Returns the allowed roles for a secured resource, as declared in the annotation.

Parameters:

resource - the resource identifier

Returns:

unmodifiable set of role names, or empty set if no roles declared

getAllSecuredResources

public static Set<String> getAllSecuredResources()

Returns an unmodifiable view of all registered secured resources.

Returns:

set of secured resource identifiers