Security Management

Top  Previous  Next

MoreMotion has a flexible security system that implements the typical users, roles and authorities (the Checkpoints) entities. The persistency level is clearly isolated from the provided functionality by interfacing with special type of java classes called "Security Broker".

The Security Entities

User

A user in the system. It may own one or more Roles. Examples: sa, mehmet, john, etc

Role

A logical entity used to classify the users of the system. A role may have privileges on one or more Checkpoints. 
Examples: SYS_ADM, MANAGER, OPERATOR, etc

CheckPoint

Represents an authority to perform a certain task in the system. Examples: CAN_DELETE_RECORDS, CAN_SEE_REPORT, etc.

Security Domain

Is where the users login. There can be one or more Security Domains in an application. See securityDomain configuration element.

Security Broker

The interface to the persistency level. The developers can use one of the available Security Brokers or introduce new ones by implementing MoreMotion's Security Broker Interface org.moremotion.security.broker.SecurityBroker. See securityBroker configuration element.

Security Component

MoreMotion includes a MoreMotion Component "mor.Security" that provides configurable elements for managing the MoreMotion Security System easily. See mor.Security Component.

Security Context

Is an operational security area that interfaces to the persistency level with a Security Broker and has a User which is logged in a Security Domain.

Before using any of the security functions of the system through MoreMotion API, a Security Context must be obtained.

Example:

  package mypack;
 
  import org.moremotion.action.ActionService;
  import org.moremotion.action.ActionServiceContext;
  import org.moremotion.security.SecurityContext;
  import org.moremotion.security.SecurityContextException;
  import org.moremotion.security.SecurityManager;
  import org.moremotion.security.User;
  import org.moremotion.servlet.MoreMotionRequest;
  import org.moremotion.servlet.ServiceException;
 
  public class MyService implements ActionService {
 
    public void doService(ActionServiceContext asc)
    throws ServiceException, java.io.IOException {
 
      MoreMotionRequest request = asc.getRequest();
 
      try {
        String securityDomain = "main";
 
        SecurityContext sctx = SecurityManager.getSecurityContext(request,securityDomain);
        User currentUser = sctx.getCurrentUser();
        if (currentUser != null) {
          // There is a logged in user
          if (sctx.hasAuthority(currentUser, "CAN_DELETE_RECORDS")) {
            // The user has authority to pass through the checkpoint CAN_DELETE_RECORDS
            ...
          }
        }
      } catch (SecurityContextException ex) {
        ex.printStackTrace();
      }
    }
  }