Example 1 with SecurityViolation
use of org.apache.deltaspike.security.api.authorization.SecurityViolation in project deltaspike by apache.
the class SecuredAnnotationAuthorizer method invokeVoters.
/**
* Helper for invoking the given {@link AccessDecisionVoter}s
*
* @param invocationContext current invocation-context (might be null in case of secured views)
* @param accessDecisionVoters current access-decision-voters
*/
private void invokeVoters(InvocationContext invocationContext, List<Class<? extends AccessDecisionVoter>> accessDecisionVoters) {
if (accessDecisionVoters.isEmpty()) {
return;
}
AccessDecisionState voterState = AccessDecisionState.VOTE_IN_PROGRESS;
try {
if (voterContext instanceof EditableAccessDecisionVoterContext) {
((EditableAccessDecisionVoterContext) voterContext).setState(voterState);
((EditableAccessDecisionVoterContext) voterContext).setSource(invocationContext);
}
Set<SecurityViolation> violations;
AccessDecisionVoter voter;
for (Class<? extends AccessDecisionVoter> voterClass : accessDecisionVoters) {
voter = BeanProvider.getContextualReference(voterClass, false);
violations = voter.checkPermission(voterContext);
if (violations != null && !violations.isEmpty()) {
if (voterContext instanceof EditableAccessDecisionVoterContext) {
voterState = AccessDecisionState.VIOLATION_FOUND;
for (SecurityViolation securityViolation : violations) {
((EditableAccessDecisionVoterContext) voterContext).addViolation(securityViolation);
}
}
this.exceptionBroadcaster.broadcastAccessDeniedException(new AccessDeniedException(violations));
}
}
} finally {
if (voterContext instanceof EditableAccessDecisionVoterContext) {
if (AccessDecisionState.VOTE_IN_PROGRESS.equals(voterState)) {
voterState = AccessDecisionState.NO_VIOLATION_FOUND;
}
((EditableAccessDecisionVoterContext) voterContext).setState(voterState);
}
}
}
Also used :
AccessDeniedException(org.apache.deltaspike.security.api.authorization.AccessDeniedException)
AccessDecisionState(org.apache.deltaspike.security.api.authorization.AccessDecisionState)
AccessDecisionVoter(org.apache.deltaspike.security.api.authorization.AccessDecisionVoter)
SecurityViolation(org.apache.deltaspike.security.api.authorization.SecurityViolation)
EditableAccessDecisionVoterContext(org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext)
Example 2 with SecurityViolation
use of org.apache.deltaspike.security.api.authorization.SecurityViolation in project deltaspike by apache.
the class Authorizer method authorize.
void authorize(final InvocationContext ic, final Object returnValue, BeanManager beanManager) throws IllegalAccessException, IllegalArgumentException {
if (boundAuthorizerBean == null) {
lazyInitTargetBean(beanManager);
}
final CreationalContext<?> creationalContext = beanManager.createCreationalContext(boundAuthorizerBean);
Object reference = beanManager.getReference(boundAuthorizerBean, boundAuthorizerMethod.getJavaMember().getDeclaringClass(), creationalContext);
Object result = boundAuthorizerMethodProxy.invoke(reference, creationalContext, new SecurityParameterValueRedefiner(creationalContext, ic, returnValue));
if (Boolean.FALSE.equals(result)) {
Set<SecurityViolation> violations = new HashSet<SecurityViolation>();
violations.add(new SecurityViolation() {
private static final long serialVersionUID = 2358753444038521129L;
@Override
public String getReason() {
return "Authorization check failed";
}
});
throw new AccessDeniedException(violations);
}
}
Also used :
AccessDeniedException(org.apache.deltaspike.security.api.authorization.AccessDeniedException)
SecurityViolation(org.apache.deltaspike.security.api.authorization.SecurityViolation)
SecurityParameterValueRedefiner(org.apache.deltaspike.security.impl.authorization.SecurityParameterValueRedefiner)
HashSet(java.util.HashSet)
Example 3 with SecurityViolation
use of org.apache.deltaspike.security.api.authorization.SecurityViolation in project deltaspike by apache.
the class SecurityUtils method invokeVoters.
public static void invokeVoters(EditableAccessDecisionVoterContext accessDecisionVoterContext, ConfigDescriptor<?> viewConfigDescriptor) {
if (viewConfigDescriptor == null) {
return;
}
List<Secured> securedMetaData = viewConfigDescriptor.getMetaData(Secured.class);
if (securedMetaData.isEmpty()) {
return;
}
accessDecisionVoterContext.addMetaData(ViewConfig.class.getName(), viewConfigDescriptor.getConfigClass());
for (Annotation viewMetaData : viewConfigDescriptor.getMetaData()) {
if (!viewMetaData.annotationType().equals(Secured.class)) {
accessDecisionVoterContext.addMetaData(viewMetaData.annotationType().getName(), viewMetaData);
}
}
Secured.Descriptor securedDescriptor = viewConfigDescriptor.getExecutableCallbackDescriptor(Secured.class, Secured.Descriptor.class);
AccessDecisionState voterState = AccessDecisionState.VOTE_IN_PROGRESS;
try {
accessDecisionVoterContext.setState(voterState);
List<Set<SecurityViolation>> violations = securedDescriptor.execute(accessDecisionVoterContext);
Set<SecurityViolation> allViolations = createViolationResult(violations);
if (!allViolations.isEmpty()) {
voterState = AccessDecisionState.VIOLATION_FOUND;
for (SecurityViolation violation : allViolations) {
accessDecisionVoterContext.addViolation(violation);
}
Class<? extends ViewConfig> errorView = securedMetaData.iterator().next().errorView();
throw new ErrorViewAwareAccessDeniedException(allViolations, errorView);
}
} finally {
if (AccessDecisionState.VOTE_IN_PROGRESS.equals(voterState)) {
voterState = AccessDecisionState.NO_VIOLATION_FOUND;
}
accessDecisionVoterContext.setState(voterState);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Secured(org.apache.deltaspike.security.api.authorization.Secured)
ErrorViewAwareAccessDeniedException(org.apache.deltaspike.security.api.authorization.ErrorViewAwareAccessDeniedException)
ViewConfig(org.apache.deltaspike.core.api.config.view.ViewConfig)
AccessDecisionState(org.apache.deltaspike.security.api.authorization.AccessDecisionState)
SecurityViolation(org.apache.deltaspike.security.api.authorization.SecurityViolation)
Annotation(java.lang.annotation.Annotation)
Example 4 with SecurityViolation
use of org.apache.deltaspike.security.api.authorization.SecurityViolation in project deltaspike by apache.
the class DenyAllAccessDecisionVoter method checkPermission.
@Override
public Set<SecurityViolation> checkPermission(AccessDecisionVoterContext accessDecisionVoterContext) {
Set<SecurityViolation> violations = new HashSet<SecurityViolation>();
violations.add(new SecurityViolation() {
@Override
public String getReason() {
return "This is a deny all AccessDecisionVoter";
}
});
return violations;
}
Also used :
SecurityViolation(org.apache.deltaspike.security.api.authorization.SecurityViolation)
HashSet(java.util.HashSet)
Example 5 with SecurityViolation
use of org.apache.deltaspike.security.api.authorization.SecurityViolation in project deltaspike by apache.
the class LoggedInAccessDecisionVoter method checkPermission.
@Override
protected void checkPermission(AccessDecisionVoterContext context, Set<SecurityViolation> violations) {
if (loginController.isLoggedIn()) {
// no violations, pass
} else {
violations.add(new SecurityViolation() {
@Override
public String getReason() {
return "User must be logged in to access this resource";
}
});
// remember the requested page
deniedPage = viewConfigResolver.getViewConfigDescriptor(FacesContext.getCurrentInstance().getViewRoot().getViewId()).getConfigClass();
}
}
Also used :
SecurityViolation(org.apache.deltaspike.security.api.authorization.SecurityViolation)
Aggregations
SecurityViolation (org.apache.deltaspike.security.api.authorization.SecurityViolation)7
HashSet (java.util.HashSet)3
AccessDecisionState (org.apache.deltaspike.security.api.authorization.AccessDecisionState)2
AccessDeniedException (org.apache.deltaspike.security.api.authorization.AccessDeniedException)2
Annotation (java.lang.annotation.Annotation)1
Set (java.util.Set)1
FacesMessage (javax.faces.application.FacesMessage)1
ViewConfig (org.apache.deltaspike.core.api.config.view.ViewConfig)1
AccessDecisionVoter (org.apache.deltaspike.security.api.authorization.AccessDecisionVoter)1
ErrorViewAwareAccessDeniedException (org.apache.deltaspike.security.api.authorization.ErrorViewAwareAccessDeniedException)1
Secured (org.apache.deltaspike.security.api.authorization.Secured)1
SecurityParameterValueRedefiner (org.apache.deltaspike.security.impl.authorization.SecurityParameterValueRedefiner)1
EditableAccessDecisionVoterContext (org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext)1
