use of org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext in project deltaspike by apache.
the class SecuredAnnotationAuthorizer method doSecuredCheck.
@Secures
@Secured({})
@SuppressWarnings("UnusedDeclaration")
public boolean doSecuredCheck(InvocationContext invocationContext) throws Exception {
List<Class<? extends AccessDecisionVoter>> voterClasses = new ArrayList<Class<? extends AccessDecisionVoter>>();
List<Annotation> annotatedTypeMetadata = extractMetadata(invocationContext);
for (Annotation annotation : annotatedTypeMetadata) {
if (Secured.class.isAssignableFrom(annotation.annotationType())) {
voterClasses.addAll(Arrays.asList(((Secured) annotation).value()));
} else if (voterContext instanceof EditableAccessDecisionVoterContext) {
((EditableAccessDecisionVoterContext) voterContext).addMetaData(annotation.annotationType().getName(), annotation);
}
}
invokeVoters(invocationContext, voterClasses);
// X TODO check the use-cases for it
return true;
}
use of org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext in project deltaspike by apache.
the class SecuredAnnotationAuthorizer method invokeVoters.
/**
* Helper for invoking the given {@link AccessDecisionVoter}s
*
* @param invocationContext current invocation-context (might be null in case of secured views)
* @param accessDecisionVoters current access-decision-voters
*/
private void invokeVoters(InvocationContext invocationContext, List<Class<? extends AccessDecisionVoter>> accessDecisionVoters) {
if (accessDecisionVoters.isEmpty()) {
return;
}
AccessDecisionState voterState = AccessDecisionState.VOTE_IN_PROGRESS;
try {
if (voterContext instanceof EditableAccessDecisionVoterContext) {
((EditableAccessDecisionVoterContext) voterContext).setState(voterState);
((EditableAccessDecisionVoterContext) voterContext).setSource(invocationContext);
}
Set<SecurityViolation> violations;
AccessDecisionVoter voter;
for (Class<? extends AccessDecisionVoter> voterClass : accessDecisionVoters) {
voter = BeanProvider.getContextualReference(voterClass, false);
violations = voter.checkPermission(voterContext);
if (violations != null && !violations.isEmpty()) {
if (voterContext instanceof EditableAccessDecisionVoterContext) {
voterState = AccessDecisionState.VIOLATION_FOUND;
for (SecurityViolation securityViolation : violations) {
((EditableAccessDecisionVoterContext) voterContext).addViolation(securityViolation);
}
}
this.exceptionBroadcaster.broadcastAccessDeniedException(new AccessDeniedException(violations));
}
}
} finally {
if (voterContext instanceof EditableAccessDecisionVoterContext) {
if (AccessDecisionState.VOTE_IN_PROGRESS.equals(voterState)) {
voterState = AccessDecisionState.NO_VIOLATION_FOUND;
}
((EditableAccessDecisionVoterContext) voterContext).setState(voterState);
}
}
}
use of org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext in project deltaspike by apache.
the class ViewRootAccessHandler method checkAccessTo.
public void checkAccessTo(UIViewRoot uiViewRoot) {
if (uiViewRoot == null) {
return;
}
String viewId = uiViewRoot.getViewId();
if (!checkView(viewId)) {
return;
}
this.checkedViewIds.add(viewId);
ConfigDescriptor configDescriptor = this.viewConfigResolver.getViewConfigDescriptor(viewId);
// topmost nodes get checked first
Stack<ConfigDescriptor> configDescriptorStack = new Stack<ConfigDescriptor>();
if (configDescriptor != null) {
configDescriptorStack.push(configDescriptor);
}
List<String> parentPathList = new ArrayList<String>();
createPathList(viewId, parentPathList);
ConfigDescriptor pathDescriptor;
for (String path : parentPathList) {
pathDescriptor = this.viewConfigResolver.getConfigDescriptor(path);
if (pathDescriptor != null) {
configDescriptorStack.push(pathDescriptor);
}
}
EditableAccessDecisionVoterContext accessDecisionVoterContext = BeanProvider.getContextualReference(EditableAccessDecisionVoterContext.class, false);
for (ConfigDescriptor currentConfigDescriptor : configDescriptorStack) {
SecurityUtils.invokeVoters(accessDecisionVoterContext, currentConfigDescriptor);
}
}
Aggregations