com.neurosys.amorphous.service.jaxrs

Class SecurableService

java.lang.Object

com.neurosys.amorphous.service.jaxrs.AnyWebService

com.neurosys.amorphous.service.jaxrs.SecurableService

Direct Known Subclasses:

AbstractAnyUserUpdateService, AuthorizableSecurableService, EventsQueryService, EventsUpdateService, GenericFormService, GenericObjectQueryService, GenericObjectUpdateService, StrategiesService, UserUpdateService

public abstract class SecurableService
extends AnyWebService

A Service that assumes that it needs to sit in a Secured context; by some form of Auth filtering process.< br /> Every secured method must call checkAuthFilterInvoked() from this.

Author:

Arjun Dhar

Field Summary

Fields inherited from class com.neurosys.amorphous.service.jaxrs.AnyWebService

applicationContext, CACHE, NO_CACHE, request, response

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	SecurableService(boolean checkAuthFiltered)

Method Summary

Modifier and Type	Method and Description
protected void	checkAuthFilterInvoked() Since these services are secured (if specified as so), the Job of Authentication is meant to be handled by the Filter.
protected void	filter(Authorizable authorizable) Authorization filter for User By default there is no additional Authorization check; however one is encouraged to override this and check the User in the request for any additional authorizations.
protected Object	query(String queryNameId, Object inputParams) Fetch Query results from server based on a ExternalAccessTransformer Spring Bean name.

Methods inherited from class com.neurosys.amorphous.service.jaxrs.AnyWebService

filter, getCacheDef, getTestString, query

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurableService

protected SecurableService(boolean checkAuthFiltered)

Method Detail

checkAuthFilterInvoked

protected final void checkAuthFilterInvoked()
                                     throws Exception

Since these services are secured (if specified as so), the Job of Authentication is meant to be handled by the Filter. However, we have an additional check here to check if there was a Filter placed. If not and we want these services to be secured then this check ensures that the service call is not hacked.

Throws:

Exception

filter

protected void filter(Authorizable authorizable)
               throws org.springframework.security.access.AuthorizationServiceException

Authorization filter for User
By default there is no additional Authorization check; however one is encouraged to override this and check the User in the request for any additional authorizations.

Throws:

org.springframework.security.access.AuthorizationServiceException - if user not Authorized for the Service

query

protected Object query(String queryNameId,
                       Object inputParams)
                throws Exception

Fetch Query results from server based on a ExternalAccessTransformer Spring Bean name. The parameters are passed as input to the Transformer
Usually a JPAQueryTransformer will back up the Transformation process; however any adapter could be used to pull data from any data source.

Overrides:

query in class AnyWebService

Parameters:

queryNameId - as beanid for a Transformer that will accept the inputParams being passed

inputParams - as Object @nullable true

Returns:

Object result

Throws:

Exception