• Home
• About
• Documentation
  • Quickstart
  • The Project Skeleton
  • Managing POJOs
  • Templates
  • Friendly URLs
  • Generic Controllers
  • Dynamic Headline Images
  • Push-Ups
  • Caching
  • Security
  • Database Refactoring
  • Overriding Riot defaults
  • Spring Add-ons
  • fmdoc
• Downloads
• Support
• Demo

Riot Security

With Riot's security system you can control what users are allowed to do in the backoffice. You can limit the access to certain lists, restrict the usage of commands and controll which form fields are editable.

Authentication

To authenticate a user, Riot uses the AuthenticationService interface.

Riot provides the UserDaoAuthenticationService, an implementation that uses a RiotUserDao interface to look up user accounts.

The riot-hibernate module contains a Hibernate based RiotUserDao implementation which makes it easy to use another RiotUser implemenation.

Alternatively you can implement your own AuthenticationService, for example to authenticate users via a LDAP directory.

Authorization

Riot uses the AuthorizationPolicy interface to determine whether a user is allowed to perform a certain action. The policy can return either of the following constants: ACCESS_GRANTED, ACCESS_DENIED or ACCESS_OBSTAIN. In the letter case Riot will continue with the next policy. Policies must implement the Ordered interface, which is used to determine in which order the policies are invoked.

The most convenient way to write a custom policy is to create a subclass of the ReflectionPolicy.

Contact Us