Return-Path: X-Original-To: apmail-deltaspike-commits-archive@www.apache.org Delivered-To: apmail-deltaspike-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9016411128 for ; Thu, 10 Jul 2014 19:06:35 +0000 (UTC) Received: (qmail 64120 invoked by uid 500); 10 Jul 2014 19:06:35 -0000 Delivered-To: apmail-deltaspike-commits-archive@deltaspike.apache.org Received: (qmail 64083 invoked by uid 500); 10 Jul 2014 19:06:35 -0000 Mailing-List: contact commits-help@deltaspike.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@deltaspike.apache.org Delivered-To: mailing list commits@deltaspike.apache.org Received: (qmail 64074 invoked by uid 99); 10 Jul 2014 19:06:35 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jul 2014 19:06:35 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 37C329ABB59; Thu, 10 Jul 2014 19:06:35 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: gpetracek@apache.org To: commits@deltaspike.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: git commit: DELTASPIKE-663 force AccessDeniedException per default Date: Thu, 10 Jul 2014 19:06:35 +0000 (UTC) Repository: deltaspike Updated Branches: refs/heads/master 9275e695d -> e7c189c0a DELTASPIKE-663 force AccessDeniedException per default Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/e7c189c0 Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/e7c189c0 Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/e7c189c0 Branch: refs/heads/master Commit: e7c189c0a90526ac24511eb383807fbdba1ecf32 Parents: 9275e69 Author: gpetracek Authored: Thu Jul 10 20:56:46 2014 +0200 Committer: gpetracek Committed: Thu Jul 10 20:59:36 2014 +0200 ---------------------------------------------------------------------- .../AccessDeniedExceptionBroadcaster.java | 53 ++++++++++++++++++++ .../BeforeAccessDeniedExceptionHandler.java | 51 ------------------- .../SecuredAnnotationAuthorizer.java | 16 +----- .../SkipInternalProcessingException.java | 2 + 4 files changed, 57 insertions(+), 65 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/deltaspike/blob/e7c189c0/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/AccessDeniedExceptionBroadcaster.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/AccessDeniedExceptionBroadcaster.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/AccessDeniedExceptionBroadcaster.java new file mode 100644 index 0000000..bcce1f8 --- /dev/null +++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/AccessDeniedExceptionBroadcaster.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.deltaspike.security.impl.authorization; + +import org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent; +import org.apache.deltaspike.security.api.authorization.AccessDeniedException; + +import javax.enterprise.context.Dependent; +import javax.enterprise.inject.spi.BeanManager; +import javax.inject.Inject; + +//this broadcaster just allows to change the default behavior (if needed) +//needed because it needs to be possible to 'consume' exceptions of type AccessDeniedException. +//instead of ignoring the result of exception-control and throwing them in any case (like we have to do it per default). +@Dependent +public class AccessDeniedExceptionBroadcaster +{ + @Inject + private BeanManager beanManager; + + public void broadcastAccessDeniedException(AccessDeniedException accessDeniedException) + { + ExceptionToCatchEvent exceptionToCatchEvent = new ExceptionToCatchEvent(accessDeniedException); + + try + { + this.beanManager.fireEvent(exceptionToCatchEvent); + } + catch (AccessDeniedException e) + { + throw new SkipInternalProcessingException(accessDeniedException); + } + //we have to throw it in any case to support "observers" for AccessDeniedException (see DELTASPIKE-636) + //however, currently we can't do it based on the exception-control api (see DELTASPIKE-638) + throw new SkipInternalProcessingException(accessDeniedException); + } +} http://git-wip-us.apache.org/repos/asf/deltaspike/blob/e7c189c0/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java deleted file mode 100644 index e2fc84d..0000000 --- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.deltaspike.security.impl.authorization; - -import org.apache.deltaspike.core.api.exception.control.BeforeHandles; -import org.apache.deltaspike.core.api.exception.control.ExceptionHandler; -import org.apache.deltaspike.core.api.exception.control.event.ExceptionEvent; -import org.apache.deltaspike.core.spi.activation.Deactivatable; -import org.apache.deltaspike.core.util.ClassDeactivationUtils; -import org.apache.deltaspike.security.api.authorization.AccessDeniedException; - -import javax.annotation.PostConstruct; -import javax.enterprise.context.ApplicationScoped; - -@ApplicationScoped -@ExceptionHandler -public class BeforeAccessDeniedExceptionHandler implements Deactivatable -{ - protected boolean isActive; - - @PostConstruct - protected void init() - { - this.isActive = ClassDeactivationUtils.isActivated(getClass()); - } - - public void onBeforeAccessDeniedException(@BeforeHandles ExceptionEvent event) - { - if (!this.isActive) - { - return; - } - event.throwOriginal(); - } -} http://git-wip-us.apache.org/repos/asf/deltaspike/blob/e7c189c0/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java index 59746bf..07a4f1c 100644 --- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java +++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java @@ -18,7 +18,6 @@ */ package org.apache.deltaspike.security.impl.authorization; -import org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent; import org.apache.deltaspike.core.api.provider.BeanProvider; import org.apache.deltaspike.security.api.authorization.AccessDecisionState; import org.apache.deltaspike.security.api.authorization.AccessDecisionVoter; @@ -31,7 +30,6 @@ import org.apache.deltaspike.security.impl.util.SecurityUtils; import org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext; import javax.enterprise.context.Dependent; -import javax.enterprise.inject.spi.BeanManager; import javax.inject.Inject; import javax.interceptor.InvocationContext; import java.lang.annotation.Annotation; @@ -52,7 +50,7 @@ public class SecuredAnnotationAuthorizer private AccessDecisionVoterContext voterContext; @Inject - private BeanManager beanManager; + private AccessDeniedExceptionBroadcaster exceptionBroadcaster; @Secures @Secured({ }) @@ -142,17 +140,7 @@ public class SecuredAnnotationAuthorizer ((EditableAccessDecisionVoterContext) voterContext).addViolation(securityViolation); } } - AccessDeniedException accessDeniedException = new AccessDeniedException(violations); - ExceptionToCatchEvent exceptionToCatchEvent = new ExceptionToCatchEvent(accessDeniedException); - - try - { - this.beanManager.fireEvent(exceptionToCatchEvent); - } - catch (AccessDeniedException e) - { - throw new SkipInternalProcessingException(accessDeniedException); - } + this.exceptionBroadcaster.broadcastAccessDeniedException(new AccessDeniedException(violations)); } } } http://git-wip-us.apache.org/repos/asf/deltaspike/blob/e7c189c0/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java ---------------------------------------------------------------------- diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java index e540c68..6b9034f 100644 --- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java +++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java @@ -24,6 +24,8 @@ import org.apache.deltaspike.security.api.authorization.AccessDeniedException; //the first one can't be removed, because we need an active AccessDecisionVoterContext public class SkipInternalProcessingException extends RuntimeException { + private static final long serialVersionUID = 3585306529694592791L; + private final AccessDeniedException accessDeniedException; public SkipInternalProcessingException(AccessDeniedException accessDeniedException)