RoleValidator Interface

Owned by Xiaoyan Kong (Unlicensed)
Last updated: Oct 24, 2012Version comment
2 min read

A new interface, RoleValidator, was created to allow validation of custom user details. So instead of simply validating simply against roles, addition properties of the custom user details can be used in the validation. To know more details, checkout  reference API , click the link of Reference Framework then select com.nexaweb.referenceframework.core.security package.

BasicRoleValidator is the default implementation of the RoleValidator interface. However it only supports the validateRole( String role ) method and validates the passed in role against the UserDetails roles based on the configured role voter. By default the role voter is configured to Affirmative.

A custom implantation of RoleValidator can specified in the security section of the nexaweb-reference-framework.xml.

<security>
 <!-- Whether or not security is enable -->
 <enabled>true</enabled>
 <!-- xal file to use as login page -->
 <loginPage>XAL/login/Login.xal</loginPage>
        
 <!-- custom role validator -->
 <roleValidator>com.mycompany.security.impleCustomRoleValidator</roleValidator>       
</security>

This will instantiate the specified class and set it as the roleValidator.

Then in the impleCustomRoleValidator class, you can implement the method below:

public boolean validateElement( Element element )

 

For example, if we have a button in the page like this:

 <button text="Push Me" validate="true" dept="Department_A"/>

In the validateElement( Element element )  function, we could have codes like:

   

public boolean validateElement( Element element ) 
 {
 
 //validation returning value
 boolean retValue = false; 
 
 //User details of the logged in user
 CustomUserDetailsuserDetails = (CustomUserDetails)AppContext.getAppContext().getSecurityManager().getUserDetails(); 
 //if no validation needed or user's dept attributes contains "Department_A"
 if(element.getAttribute("validate").equalsIgnoreCase("false") ( 
 element.getAttribute("validate").equalsIgnoreCase("true") &&
 element.getAttribute("dept").indexOf(userDetails.getDepartment())!=-1)){
 
 retValue=true; 
 
 element.setAttribute("text", "passed");//validation passed
 }else{ 
 element.setAttribute("text","failed"); //otherwise validation failed
 }
 return retValue;
 }

If validation is set to true and the user has the value of "Department_A" in the "dept" attribute (Note: the user could be assigned with more than one dept), then the validation is passed.

If not, then validation is failed.

The validation could be triggered by events through MCO function call or through SecurityManager interface. For the sample above using "onCreate" event, it could be:

1. Using Mco calls:

    <button text="Push Me" validate="true" dept="Department_A" onCreate="mco:MyMco.validateElement(this)"/>

ln the MyMco,  there will be lines like bellow:

     private impleCustomRoleValidator roleValidator = (impleCustomRoleValidator) AppContext.getAppContext().getSecurityManager().getRoleValidator();
 
      ...
 
      public void validateElement(Element element){
          roleValidator.validateElement(element) );
      }

2. Using SecurityManager interface:

    <button text="Push Me" validate="true" dept="Department_A" onCreate="SecurityManager.validateElement(this)"/>

These two methods would serve the same purpose.

 

Similarly, in the impleCustomRoleValidator class, you we could also implement:

   

public boolean validateInfo( Object infoObj )

In this case you could pass any object to be validated.

For the same example above, it will be:

1. Using Mco calls:

    <button text="Push Me" validate="true" dept="Department_A" onCreate="mco:MyMco.validateInfo(this)"/>

2. Using SecurityManager interface:

    <button text="Push Me" validate="true" dept="Department_A" onCreate="SecurityManager.validateInfo(this)"/>