use of org.apache.deltaspike.security.api.authorization.ErrorViewAwareAccessDeniedException in project deltaspike by apache.
the class SecurityAwareViewHandler method createView.
@Override
public UIViewRoot createView(FacesContext context, String viewId) {
UIViewRoot result = this.wrapped.createView(context, viewId);
if (!this.activated) {
return result;
}
if (this.securityModuleActivated == null) {
lazyInit();
}
if (!this.securityModuleActivated) {
return result;
}
UIViewRoot originalViewRoot = context.getViewRoot();
Map<String, Object> viewMap = null;
if (originalViewRoot != null) {
Map<String, Object> originalViewMap = originalViewRoot.getViewMap(false);
if (originalViewMap != null && !originalViewMap.isEmpty()) {
viewMap = new HashMap<String, Object>();
viewMap.putAll(originalViewMap);
}
}
//workaround for PreDestroyViewMapEvent which would be caused by the security check
deactivatePreDestroyViewMapEvent(context);
//we have to use it as current view if an AccessDecisionVoter uses the JSF API to check access to the view-id
context.setViewRoot(result);
try {
ViewRootAccessHandler viewRootAccessHandler = BeanProvider.getContextualReference(ViewRootAccessHandler.class);
viewRootAccessHandler.checkAccessTo(result);
} catch (ErrorViewAwareAccessDeniedException accessDeniedException) {
ViewConfigResolver viewConfigResolver = BeanProvider.getContextualReference(ViewConfigResolver.class);
ViewConfigDescriptor errorViewDescriptor = viewConfigResolver.getViewConfigDescriptor(accessDeniedException.getErrorView());
try {
if (errorViewDescriptor != null && View.NavigationMode.REDIRECT == errorViewDescriptor.getMetaData(View.class).iterator().next().navigation() && /*always available*/
BeanProvider.getContextualReference(JsfModuleConfig.class).isAlwaysUseNavigationHandlerOnSecurityViolation()) {
SecurityUtils.tryToHandleSecurityViolation(accessDeniedException);
} else {
SecurityUtils.handleSecurityViolationWithoutNavigation(accessDeniedException);
}
} finally {
broadcastAccessDeniedException(accessDeniedException);
}
if (errorViewDescriptor != null) {
return this.wrapped.createView(context, errorViewDescriptor.getViewId());
} else {
//the previous page (including the error message)
if (!context.isPostback() && context.getViewRoot() != null) {
context.getViewRoot().setViewId(null);
}
}
//security exception without error-view
throw accessDeniedException;
} finally {
activatePreDestroyViewMapEvent(context);
if (originalViewRoot != null) {
context.setViewRoot(originalViewRoot);
if (viewMap != null) {
originalViewRoot.getViewMap().putAll(viewMap);
}
}
}
return result;
}
use of org.apache.deltaspike.security.api.authorization.ErrorViewAwareAccessDeniedException in project deltaspike by apache.
the class BridgeExceptionHandlerWrapper method processAccessDeniedException.
private void processAccessDeniedException(Throwable throwable) {
if (throwable instanceof ErrorViewAwareAccessDeniedException) {
SecurityUtils.handleSecurityViolationWithoutNavigation((AccessDeniedException) throwable);
} else {
ErrorViewAwareAccessDeniedException securityException = new ErrorViewAwareAccessDeniedException(((AccessDeniedException) throwable).getViolations(), DefaultErrorView.class);
SecurityUtils.handleSecurityViolationWithoutNavigation(securityException);
}
}
use of org.apache.deltaspike.security.api.authorization.ErrorViewAwareAccessDeniedException in project deltaspike by apache.
the class SecurityUtils method invokeVoters.
public static void invokeVoters(EditableAccessDecisionVoterContext accessDecisionVoterContext, ConfigDescriptor<?> viewConfigDescriptor) {
if (viewConfigDescriptor == null) {
return;
}
List<Secured> securedMetaData = viewConfigDescriptor.getMetaData(Secured.class);
if (securedMetaData.isEmpty()) {
return;
}
accessDecisionVoterContext.addMetaData(ViewConfig.class.getName(), viewConfigDescriptor.getConfigClass());
for (Annotation viewMetaData : viewConfigDescriptor.getMetaData()) {
if (!viewMetaData.annotationType().equals(Secured.class)) {
accessDecisionVoterContext.addMetaData(viewMetaData.annotationType().getName(), viewMetaData);
}
}
Secured.Descriptor securedDescriptor = viewConfigDescriptor.getExecutableCallbackDescriptor(Secured.class, Secured.Descriptor.class);
AccessDecisionState voterState = AccessDecisionState.VOTE_IN_PROGRESS;
try {
accessDecisionVoterContext.setState(voterState);
List<Set<SecurityViolation>> violations = securedDescriptor.execute(accessDecisionVoterContext);
Set<SecurityViolation> allViolations = createViolationResult(violations);
if (!allViolations.isEmpty()) {
voterState = AccessDecisionState.VIOLATION_FOUND;
for (SecurityViolation violation : allViolations) {
accessDecisionVoterContext.addViolation(violation);
}
Class<? extends ViewConfig> errorView = securedMetaData.iterator().next().errorView();
throw new ErrorViewAwareAccessDeniedException(allViolations, errorView);
}
} finally {
if (AccessDecisionState.VOTE_IN_PROGRESS.equals(voterState)) {
voterState = AccessDecisionState.NO_VIOLATION_FOUND;
}
accessDecisionVoterContext.setState(voterState);
}
}
use of org.apache.deltaspike.security.api.authorization.ErrorViewAwareAccessDeniedException in project deltaspike by apache.
the class SecurityUtils method tryToHandleSecurityViolation.
private static void tryToHandleSecurityViolation(RuntimeException runtimeException, boolean allowNavigation) {
ErrorViewAwareAccessDeniedException exception = extractException(runtimeException);
if (exception == null) {
throw runtimeException;
}
Class<? extends ViewConfig> errorView = null;
Class<? extends ViewConfig> inlineErrorView = exception.getErrorView();
if (inlineErrorView != null && !DefaultErrorView.class.getName().equals(inlineErrorView.getName())) {
errorView = inlineErrorView;
}
if (errorView == null) {
ViewConfigResolver viewConfigResolver = BeanProvider.getContextualReference(ViewConfigResolver.class);
ViewConfigDescriptor errorPageDescriptor = viewConfigResolver.getDefaultErrorViewConfigDescriptor();
if (errorPageDescriptor != null) {
errorView = errorPageDescriptor.getConfigClass();
}
}
if (errorView == null && allowNavigation) {
throw exception;
}
processApplicationSecurityException(exception, errorView, allowNavigation);
}
Aggregations