java example for Security

/*
Pro Spring
By Rob Harrop
Jan Machacek
ISBN: 1-59059-461-4
Publisher: Apress
*/



///////////////////////////////////////////////////////////////////////////////////////
class UserInfo {
private String userName;

private String password;

public UserInfo(String userName, String password) {
this.userName = userName;
this.password = password;
}

public String getPassword() {
return password;
}
public String getUserName() {
return userName;
}
}

///////////////////////////////////////////////////////////////////////////////////////
public class SecureBean {

public void writeSecureMessage() {
System.out.println("Every time I learn something new, "
+ "it pushes some old stuff out my brain");
}
}

///////////////////////////////////////////////////////////////////////////////////////

import java.lang.reflect.Method;

import org.springframework.aop.MethodBeforeAdvice;

public class SecurityAdvice implements MethodBeforeAdvice {

private SecurityManager securityManager;

public SecurityAdvice() {
this.securityManager = new SecurityManager();
}

public void before(Method method, Object[] args, Object target)
throws Throwable {
UserInfo user = securityManager.getLoggedOnUser();

if (user == null) {
System.out.println("No user authenticated");
throw new SecurityException(
"You must login before attempting to invoke the method: "
+ method.getName());
} else if ("robh".equals(user.getUserName())) {
System.out.println("Logged in user is robh - OKAY!");
} else {
System.out.println("Logged in user is " + user.getUserName()
+ " NOT GOOD :(");
throw new SecurityException("User " + user.getUserName()
+ " is not allowed access to method " + method.getName());
}

}
}

///////////////////////////////////////////////////////////////////////////////////////
public class SecurityManager {

private static ThreadLocal threadLocal = new ThreadLocal();

public void login(String userName, String password) {
// assumes that all credentials
// are valid for a login
threadLocal.set(new UserInfo(userName, password));
}

public void logout() {
threadLocal.set(null);
int x = 0;
}

public UserInfo getLoggedOnUser() {
return (UserInfo) threadLocal.get();
}
}

///////////////////////////////////////////////////////////////////////////////////////


import org.springframework.aop.framework.ProxyFactory;

public class SecurityExample {

public static void main(String[] args) {
// get the security manager
SecurityManager mgr = new SecurityManager();

// get the bean
SecureBean bean = getSecureBean();

// try as robh
mgr.login("robh", "pwd");
bean.writeSecureMessage();
mgr.logout();

// try as janm
try {
mgr.login("janm", "pwd");
bean.writeSecureMessage();
} catch(SecurityException ex) {
System.out.println("Exception Caught: " + ex.getMessage());
} finally {
mgr.logout();
}

// try with no credentials
try {
bean.writeSecureMessage();
} catch(SecurityException ex) {
System.out.println("Exception Caught: " + ex.getMessage());
}

}

private static SecureBean getSecureBean() {
// create the target
SecureBean target = new SecureBean();

// create the advice
SecurityAdvice advice = new SecurityAdvice();

// get the proxy
ProxyFactory factory = new ProxyFactory();
factory.setTarget(target);
factory.addAdvice(advice);
SecureBean proxy = (SecureBean)factory.getProxy();

return proxy;

}
}