Example 1 with AccessDeniedException
use of org.apache.deltaspike.security.api.authorization.AccessDeniedException in project deltaspike by apache.
the class SecuredAnnotationAuthorizer method invokeVoters.
/**
* Helper for invoking the given {@link AccessDecisionVoter}s
*
* @param invocationContext current invocation-context (might be null in case of secured views)
* @param accessDecisionVoters current access-decision-voters
*/
private void invokeVoters(InvocationContext invocationContext, List<Class<? extends AccessDecisionVoter>> accessDecisionVoters) {
if (accessDecisionVoters.isEmpty()) {
return;
}
AccessDecisionState voterState = AccessDecisionState.VOTE_IN_PROGRESS;
try {
if (voterContext instanceof EditableAccessDecisionVoterContext) {
((EditableAccessDecisionVoterContext) voterContext).setState(voterState);
((EditableAccessDecisionVoterContext) voterContext).setSource(invocationContext);
}
Set<SecurityViolation> violations;
AccessDecisionVoter voter;
for (Class<? extends AccessDecisionVoter> voterClass : accessDecisionVoters) {
voter = BeanProvider.getContextualReference(voterClass, false);
violations = voter.checkPermission(voterContext);
if (violations != null && !violations.isEmpty()) {
if (voterContext instanceof EditableAccessDecisionVoterContext) {
voterState = AccessDecisionState.VIOLATION_FOUND;
for (SecurityViolation securityViolation : violations) {
((EditableAccessDecisionVoterContext) voterContext).addViolation(securityViolation);
}
}
this.exceptionBroadcaster.broadcastAccessDeniedException(new AccessDeniedException(violations));
}
}
} finally {
if (voterContext instanceof EditableAccessDecisionVoterContext) {
if (AccessDecisionState.VOTE_IN_PROGRESS.equals(voterState)) {
voterState = AccessDecisionState.NO_VIOLATION_FOUND;
}
((EditableAccessDecisionVoterContext) voterContext).setState(voterState);
}
}
}
Also used :
AccessDeniedException(org.apache.deltaspike.security.api.authorization.AccessDeniedException)
AccessDecisionState(org.apache.deltaspike.security.api.authorization.AccessDecisionState)
AccessDecisionVoter(org.apache.deltaspike.security.api.authorization.AccessDecisionVoter)
SecurityViolation(org.apache.deltaspike.security.api.authorization.SecurityViolation)
EditableAccessDecisionVoterContext(org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext)
Example 2 with AccessDeniedException
use of org.apache.deltaspike.security.api.authorization.AccessDeniedException in project deltaspike by apache.
the class Authorizer method authorize.
void authorize(final InvocationContext ic, final Object returnValue, BeanManager beanManager) throws IllegalAccessException, IllegalArgumentException {
if (boundAuthorizerBean == null) {
lazyInitTargetBean(beanManager);
}
final CreationalContext<?> creationalContext = beanManager.createCreationalContext(boundAuthorizerBean);
Object reference = beanManager.getReference(boundAuthorizerBean, boundAuthorizerMethod.getJavaMember().getDeclaringClass(), creationalContext);
Object result = boundAuthorizerMethodProxy.invoke(reference, creationalContext, new SecurityParameterValueRedefiner(creationalContext, ic, returnValue));
if (Boolean.FALSE.equals(result)) {
Set<SecurityViolation> violations = new HashSet<SecurityViolation>();
violations.add(new SecurityViolation() {
private static final long serialVersionUID = 2358753444038521129L;
@Override
public String getReason() {
return "Authorization check failed";
}
});
throw new AccessDeniedException(violations);
}
}
Also used :
AccessDeniedException(org.apache.deltaspike.security.api.authorization.AccessDeniedException)
SecurityViolation(org.apache.deltaspike.security.api.authorization.SecurityViolation)
SecurityParameterValueRedefiner(org.apache.deltaspike.security.impl.authorization.SecurityParameterValueRedefiner)
HashSet(java.util.HashSet)
Example 3 with AccessDeniedException
use of org.apache.deltaspike.security.api.authorization.AccessDeniedException in project deltaspike by apache.
the class BridgeExceptionHandlerWrapper method processEvent.
@Override
public void processEvent(SystemEvent event) throws AbortProcessingException {
//needed because #handle gets called too late in this case
if (event instanceof ExceptionQueuedEvent) {
ExceptionQueuedEvent exceptionQueuedEvent = (ExceptionQueuedEvent) event;
FacesContext facesContext = exceptionQueuedEvent.getContext().getContext();
if (facesContext.getCurrentPhaseId() == PhaseId.RENDER_RESPONSE && exceptionQueuedEvent.getContext().inBeforePhase()) {
Throwable exception = getRootCause(exceptionQueuedEvent.getContext().getException());
if (exception instanceof AccessDeniedException) {
processAccessDeniedException(exception);
} else {
ExceptionToCatchEvent exceptionToCatchEvent = new ExceptionToCatchEvent(exception);
exceptionToCatchEvent.setOptional(true);
this.beanManager.fireEvent(exceptionToCatchEvent);
if (exceptionToCatchEvent.isHandled()) {
return;
}
}
}
}
super.processEvent(event);
}
Also used :
ExceptionQueuedEvent(javax.faces.event.ExceptionQueuedEvent)
FacesContext(javax.faces.context.FacesContext)
ErrorViewAwareAccessDeniedException(org.apache.deltaspike.security.api.authorization.ErrorViewAwareAccessDeniedException)
AccessDeniedException(org.apache.deltaspike.security.api.authorization.AccessDeniedException)
ExceptionToCatchEvent(org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent)
Example 4 with AccessDeniedException
use of org.apache.deltaspike.security.api.authorization.AccessDeniedException in project deltaspike by apache.
the class BridgeExceptionHandlerWrapper method handle.
@Override
public void handle() throws FacesException {
FacesContext context = FacesContext.getCurrentInstance();
if (context == null || context.getResponseComplete()) {
return;
}
Iterable<ExceptionQueuedEvent> exceptionQueuedEvents = getUnhandledExceptionQueuedEvents();
if (exceptionQueuedEvents != null && exceptionQueuedEvents.iterator() != null) {
Iterator<ExceptionQueuedEvent> iterator = exceptionQueuedEvents.iterator();
while (iterator.hasNext()) {
Throwable throwable = iterator.next().getContext().getException();
Throwable rootCause = getRootCause(throwable);
if (rootCause instanceof AccessDeniedException) {
processAccessDeniedException(rootCause);
iterator.remove();
continue;
} else {
ExceptionToCatchEvent event = new ExceptionToCatchEvent(rootCause, exceptionQualifier);
event.setOptional(true);
beanManager.fireEvent(event);
if (event.isHandled()) {
iterator.remove();
}
}
// a handle method might redirect and set responseComplete
if (context.getResponseComplete()) {
break;
}
}
}
super.handle();
}
Also used :
FacesContext(javax.faces.context.FacesContext)
ExceptionQueuedEvent(javax.faces.event.ExceptionQueuedEvent)
ErrorViewAwareAccessDeniedException(org.apache.deltaspike.security.api.authorization.ErrorViewAwareAccessDeniedException)
AccessDeniedException(org.apache.deltaspike.security.api.authorization.AccessDeniedException)
ExceptionToCatchEvent(org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent)
Aggregations
AccessDeniedException (org.apache.deltaspike.security.api.authorization.AccessDeniedException)4
FacesContext (javax.faces.context.FacesContext)2
ExceptionQueuedEvent (javax.faces.event.ExceptionQueuedEvent)2
ExceptionToCatchEvent (org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent)2
ErrorViewAwareAccessDeniedException (org.apache.deltaspike.security.api.authorization.ErrorViewAwareAccessDeniedException)2
SecurityViolation (org.apache.deltaspike.security.api.authorization.SecurityViolation)2
HashSet (java.util.HashSet)1
AccessDecisionState (org.apache.deltaspike.security.api.authorization.AccessDecisionState)1
AccessDecisionVoter (org.apache.deltaspike.security.api.authorization.AccessDecisionVoter)1
SecurityParameterValueRedefiner (org.apache.deltaspike.security.impl.authorization.SecurityParameterValueRedefiner)1
EditableAccessDecisionVoterContext (org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext)1
