Package examples

Class PermissionAuthenticator

java.lang.Object
examples.PermissionAuthenticator
All Implemented Interfaces:
Authenticator

public class PermissionAuthenticator extends Object implements Authenticator

An authenticator implementation that shows one possible use of the Permission object and it's interactions with the Authentication API.

This authenticator uses the permission objects to maintain a list of denied users and denied objects. When the liberator requests an object, if the object is not listed and the user is not listed, then the authenticator will respon with an OK. A real implementation would be a lot more complex than this, but this shows the basics of how an object can be denied or allowed as the case may be. If an object or user changes from deny to allow, there needs to be no special processing as each request for that object will recheck the permissions. However when updates are not rechecked for every update for performance reasons, so when an object or users permission changes from allow to deny, we ahve to tell the liberator that the permissions have changed. We do this by invalidating a users session. In the case of a user permission changing we simply invalidate that users session, but in the case of an object, for performance reasons, we only try to invalidate the users that are actively interested in that object.