Search in sources :

Example 1 with EditableAccessDecisionVoterContext

use of org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext in project deltaspike by apache.

the class SecuredAnnotationAuthorizer method doSecuredCheck.

@Secures
@Secured({})
@SuppressWarnings("UnusedDeclaration")
public boolean doSecuredCheck(InvocationContext invocationContext) throws Exception {
    List<Class<? extends AccessDecisionVoter>> voterClasses = new ArrayList<Class<? extends AccessDecisionVoter>>();
    List<Annotation> annotatedTypeMetadata = extractMetadata(invocationContext);
    for (Annotation annotation : annotatedTypeMetadata) {
        if (Secured.class.isAssignableFrom(annotation.annotationType())) {
            voterClasses.addAll(Arrays.asList(((Secured) annotation).value()));
        } else if (voterContext instanceof EditableAccessDecisionVoterContext) {
            ((EditableAccessDecisionVoterContext) voterContext).addMetaData(annotation.annotationType().getName(), annotation);
        }
    }
    invokeVoters(invocationContext, voterClasses);
    // X TODO check the use-cases for it
    return true;
}
Also used : Secured(org.apache.deltaspike.security.api.authorization.Secured) AccessDecisionVoter(org.apache.deltaspike.security.api.authorization.AccessDecisionVoter) Annotation(java.lang.annotation.Annotation) EditableAccessDecisionVoterContext(org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext) Secures(org.apache.deltaspike.security.api.authorization.Secures) Secured(org.apache.deltaspike.security.api.authorization.Secured)

Example 2 with EditableAccessDecisionVoterContext

use of org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext in project deltaspike by apache.

the class SecuredAnnotationAuthorizer method invokeVoters.

/**
 * Helper for invoking the given {@link AccessDecisionVoter}s
 *
 * @param invocationContext    current invocation-context (might be null in case of secured views)
 * @param accessDecisionVoters current access-decision-voters
 */
private void invokeVoters(InvocationContext invocationContext, List<Class<? extends AccessDecisionVoter>> accessDecisionVoters) {
    if (accessDecisionVoters.isEmpty()) {
        return;
    }
    AccessDecisionState voterState = AccessDecisionState.VOTE_IN_PROGRESS;
    try {
        if (voterContext instanceof EditableAccessDecisionVoterContext) {
            ((EditableAccessDecisionVoterContext) voterContext).setState(voterState);
            ((EditableAccessDecisionVoterContext) voterContext).setSource(invocationContext);
        }
        Set<SecurityViolation> violations;
        AccessDecisionVoter voter;
        for (Class<? extends AccessDecisionVoter> voterClass : accessDecisionVoters) {
            voter = BeanProvider.getContextualReference(voterClass, false);
            violations = voter.checkPermission(voterContext);
            if (violations != null && !violations.isEmpty()) {
                if (voterContext instanceof EditableAccessDecisionVoterContext) {
                    voterState = AccessDecisionState.VIOLATION_FOUND;
                    for (SecurityViolation securityViolation : violations) {
                        ((EditableAccessDecisionVoterContext) voterContext).addViolation(securityViolation);
                    }
                }
                this.exceptionBroadcaster.broadcastAccessDeniedException(new AccessDeniedException(violations));
            }
        }
    } finally {
        if (voterContext instanceof EditableAccessDecisionVoterContext) {
            if (AccessDecisionState.VOTE_IN_PROGRESS.equals(voterState)) {
                voterState = AccessDecisionState.NO_VIOLATION_FOUND;
            }
            ((EditableAccessDecisionVoterContext) voterContext).setState(voterState);
        }
    }
}
Also used : AccessDeniedException(org.apache.deltaspike.security.api.authorization.AccessDeniedException) AccessDecisionState(org.apache.deltaspike.security.api.authorization.AccessDecisionState) AccessDecisionVoter(org.apache.deltaspike.security.api.authorization.AccessDecisionVoter) SecurityViolation(org.apache.deltaspike.security.api.authorization.SecurityViolation) EditableAccessDecisionVoterContext(org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext)

Example 3 with EditableAccessDecisionVoterContext

use of org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext in project deltaspike by apache.

the class ViewRootAccessHandler method checkAccessTo.

public void checkAccessTo(UIViewRoot uiViewRoot) {
    if (uiViewRoot == null) {
        return;
    }
    String viewId = uiViewRoot.getViewId();
    if (!checkView(viewId)) {
        return;
    }
    this.checkedViewIds.add(viewId);
    ConfigDescriptor configDescriptor = this.viewConfigResolver.getViewConfigDescriptor(viewId);
    // topmost nodes get checked first
    Stack<ConfigDescriptor> configDescriptorStack = new Stack<ConfigDescriptor>();
    if (configDescriptor != null) {
        configDescriptorStack.push(configDescriptor);
    }
    List<String> parentPathList = new ArrayList<String>();
    createPathList(viewId, parentPathList);
    ConfigDescriptor pathDescriptor;
    for (String path : parentPathList) {
        pathDescriptor = this.viewConfigResolver.getConfigDescriptor(path);
        if (pathDescriptor != null) {
            configDescriptorStack.push(pathDescriptor);
        }
    }
    EditableAccessDecisionVoterContext accessDecisionVoterContext = BeanProvider.getContextualReference(EditableAccessDecisionVoterContext.class, false);
    for (ConfigDescriptor currentConfigDescriptor : configDescriptorStack) {
        SecurityUtils.invokeVoters(accessDecisionVoterContext, currentConfigDescriptor);
    }
}
Also used : ArrayList(java.util.ArrayList) ConfigDescriptor(org.apache.deltaspike.core.api.config.view.metadata.ConfigDescriptor) Stack(java.util.Stack) EditableAccessDecisionVoterContext(org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext)

Aggregations

EditableAccessDecisionVoterContext (org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext)3 AccessDecisionVoter (org.apache.deltaspike.security.api.authorization.AccessDecisionVoter)2 Annotation (java.lang.annotation.Annotation)1 ArrayList (java.util.ArrayList)1 Stack (java.util.Stack)1 ConfigDescriptor (org.apache.deltaspike.core.api.config.view.metadata.ConfigDescriptor)1 AccessDecisionState (org.apache.deltaspike.security.api.authorization.AccessDecisionState)1 AccessDeniedException (org.apache.deltaspike.security.api.authorization.AccessDeniedException)1 Secured (org.apache.deltaspike.security.api.authorization.Secured)1 Secures (org.apache.deltaspike.security.api.authorization.Secures)1 SecurityViolation (org.apache.deltaspike.security.api.authorization.SecurityViolation)1