deltaspike-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gpetra...@apache.org
Subject git commit: DELTASPIKE-663 force AccessDeniedException per default
Date Thu, 10 Jul 2014 19:06:35 GMT
Repository: deltaspike
Updated Branches:
  refs/heads/master 9275e695d -> e7c189c0a


DELTASPIKE-663 force AccessDeniedException per default


Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/e7c189c0
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/e7c189c0
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/e7c189c0

Branch: refs/heads/master
Commit: e7c189c0a90526ac24511eb383807fbdba1ecf32
Parents: 9275e69
Author: gpetracek <gpetracek@apache.org>
Authored: Thu Jul 10 20:56:46 2014 +0200
Committer: gpetracek <gpetracek@apache.org>
Committed: Thu Jul 10 20:59:36 2014 +0200

----------------------------------------------------------------------
 .../AccessDeniedExceptionBroadcaster.java       | 53 ++++++++++++++++++++
 .../BeforeAccessDeniedExceptionHandler.java     | 51 -------------------
 .../SecuredAnnotationAuthorizer.java            | 16 +-----
 .../SkipInternalProcessingException.java        |  2 +
 4 files changed, 57 insertions(+), 65 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/deltaspike/blob/e7c189c0/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/AccessDeniedExceptionBroadcaster.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/AccessDeniedExceptionBroadcaster.java
b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/AccessDeniedExceptionBroadcaster.java
new file mode 100644
index 0000000..bcce1f8
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/AccessDeniedExceptionBroadcaster.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.impl.authorization;
+
+import org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent;
+import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
+
+import javax.enterprise.context.Dependent;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
+
+//this broadcaster just allows to change the default behavior (if needed)
+//needed because it needs to be possible to 'consume' exceptions of type AccessDeniedException.
+//instead of ignoring the result of exception-control and throwing them in any case (like
we have to do it per default).
+@Dependent
+public class AccessDeniedExceptionBroadcaster
+{
+    @Inject
+    private BeanManager beanManager;
+
+    public void broadcastAccessDeniedException(AccessDeniedException accessDeniedException)
+    {
+        ExceptionToCatchEvent exceptionToCatchEvent = new ExceptionToCatchEvent(accessDeniedException);
+
+        try
+        {
+            this.beanManager.fireEvent(exceptionToCatchEvent);
+        }
+        catch (AccessDeniedException e)
+        {
+            throw new SkipInternalProcessingException(accessDeniedException);
+        }
+        //we have to throw it in any case to support "observers" for AccessDeniedException
(see DELTASPIKE-636)
+        //however, currently we can't do it based on the exception-control api (see DELTASPIKE-638)
+        throw new SkipInternalProcessingException(accessDeniedException);
+    }
+}

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/e7c189c0/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java
b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java
deleted file mode 100644
index e2fc84d..0000000
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.deltaspike.security.impl.authorization;
-
-import org.apache.deltaspike.core.api.exception.control.BeforeHandles;
-import org.apache.deltaspike.core.api.exception.control.ExceptionHandler;
-import org.apache.deltaspike.core.api.exception.control.event.ExceptionEvent;
-import org.apache.deltaspike.core.spi.activation.Deactivatable;
-import org.apache.deltaspike.core.util.ClassDeactivationUtils;
-import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
-
-import javax.annotation.PostConstruct;
-import javax.enterprise.context.ApplicationScoped;
-
-@ApplicationScoped
-@ExceptionHandler
-public class BeforeAccessDeniedExceptionHandler implements Deactivatable
-{
-    protected boolean isActive;
-
-    @PostConstruct
-    protected void init()
-    {
-        this.isActive = ClassDeactivationUtils.isActivated(getClass());
-    }
-
-    public void onBeforeAccessDeniedException(@BeforeHandles ExceptionEvent<AccessDeniedException>
event)
-    {
-        if (!this.isActive)
-        {
-            return;
-        }
-        event.throwOriginal();
-    }
-}

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/e7c189c0/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
index 59746bf..07a4f1c 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
@@ -18,7 +18,6 @@
  */
 package org.apache.deltaspike.security.impl.authorization;
 
-import org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent;
 import org.apache.deltaspike.core.api.provider.BeanProvider;
 import org.apache.deltaspike.security.api.authorization.AccessDecisionState;
 import org.apache.deltaspike.security.api.authorization.AccessDecisionVoter;
@@ -31,7 +30,6 @@ import org.apache.deltaspike.security.impl.util.SecurityUtils;
 import org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext;
 
 import javax.enterprise.context.Dependent;
-import javax.enterprise.inject.spi.BeanManager;
 import javax.inject.Inject;
 import javax.interceptor.InvocationContext;
 import java.lang.annotation.Annotation;
@@ -52,7 +50,7 @@ public class SecuredAnnotationAuthorizer
     private AccessDecisionVoterContext voterContext;
 
     @Inject
-    private BeanManager beanManager;
+    private AccessDeniedExceptionBroadcaster exceptionBroadcaster;
 
     @Secures
     @Secured({ })
@@ -142,17 +140,7 @@ public class SecuredAnnotationAuthorizer
                             ((EditableAccessDecisionVoterContext) voterContext).addViolation(securityViolation);
                         }
                     }
-                    AccessDeniedException accessDeniedException = new AccessDeniedException(violations);
-                    ExceptionToCatchEvent exceptionToCatchEvent = new ExceptionToCatchEvent(accessDeniedException);
-
-                    try
-                    {
-                        this.beanManager.fireEvent(exceptionToCatchEvent);
-                    }
-                    catch (AccessDeniedException e)
-                    {
-                        throw new SkipInternalProcessingException(accessDeniedException);
-                    }
+                    this.exceptionBroadcaster.broadcastAccessDeniedException(new AccessDeniedException(violations));
                 }
             }
         }

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/e7c189c0/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java
b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java
index e540c68..6b9034f 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java
@@ -24,6 +24,8 @@ import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
 //the first one can't be removed, because we need an active AccessDecisionVoterContext
 public class SkipInternalProcessingException extends RuntimeException
 {
+    private static final long serialVersionUID = 3585306529694592791L;
+
     private final AccessDeniedException  accessDeniedException;
 
     public SkipInternalProcessingException(AccessDeniedException accessDeniedException)


Mime
View raw message