deltaspike-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r918387 - in /websites/staging/deltaspike/trunk/content: ./ security.html
Date Mon, 04 Aug 2014 16:43:39 GMT
Author: buildbot
Date: Mon Aug  4 16:43:39 2014
New Revision: 918387

Log:
Staging update by buildbot for deltaspike

Modified:
    websites/staging/deltaspike/trunk/content/   (props changed)
    websites/staging/deltaspike/trunk/content/security.html

Propchange: websites/staging/deltaspike/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Aug  4 16:43:39 2014
@@ -1 +1 @@
-1615662
+1615663

Modified: websites/staging/deltaspike/trunk/content/security.html
==============================================================================
--- websites/staging/deltaspike/trunk/content/security.html (original)
+++ websites/staging/deltaspike/trunk/content/security.html Mon Aug  4 16:43:39 2014
@@ -373,132 +373,121 @@ It's a basic hook to integrate a custom 
 <h1 id="making-intitially-requested-and-secured-page-available-for-redirect-after-login">Making
intitially requested and secured page available for redirect after login</h1>
 <p>DeltaSpike can be combined with pure CDI or with any other security frameworks (like
PicketLink) to track the denied page and make it available after user logs in.</p>
 <h2 id="cdi-implementation-to-redirect-the-login-to-the-first-denied-page">CDI Implementation
to redirect the login to the first denied page</h2>
-<ul>
-<li>
 <p>Your LoginService will fire a custom <code>UserLoggedInEvent</code></p>
-<p>:::java
-public class LoginService implements Serializable {</p>
-<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span>
-<span class="n">private</span> <span class="n">Event</span><span
class="o">&lt;</span><span class="n">UserLoggedInEvent</span><span
class="o">&gt;</span> <span class="n">userLoggedInEvent</span><span
class="p">;</span>
-
-<span class="n">public</span> <span class="n">Usuario</span> <span
class="n">login</span><span class="p">(</span><span class="n">String</span>
<span class="n">username</span><span class="p">,</span> <span class="n">char</span><span
class="p">[]</span> <span class="n">password</span><span class="p">)</span>
<span class="p">{</span>
-    <span class="o">//</span><span class="n">do</span> <span class="n">the</span>
<span class="n">loggin</span> <span class="n">process</span>
-    <span class="n">userLoggedInEvent</span><span class="p">.</span><span
class="n">fire</span><span class="p">(</span><span class="n">new</span>
<span class="n">UserLoggedInEvent</span><span class="p">());</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="kd">public</span> <span
class="kd">class</span> <span class="nc">LoginService</span> <span
class="kd">implements</span> <span class="n">Serializable</span> <span
class="o">{</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">Event</span><span
class="o">&lt;</span><span class="n">UserLoggedInEvent</span><span
class="o">&gt;</span> <span class="n">userLoggedInEvent</span><span
class="o">;</span>
+
+    <span class="kd">public</span> <span class="n">Usuario</span>
<span class="nf">login</span><span class="o">(</span><span class="n">String</span>
<span class="n">username</span><span class="o">,</span> <span class="kt">char</span><span
class="o">[]</span> <span class="n">password</span><span class="o">)</span>
<span class="o">{</span>
+        <span class="c1">//do the loggin process</span>
+        <span class="n">userLoggedInEvent</span><span class="o">.</span><span
class="na">fire</span><span class="o">(</span><span class="k">new</span>
<span class="n">UserLoggedInEvent</span><span class="o">());</span>
+    <span class="o">}</span>
+
+<span class="o">}</span>
 </pre></div>
 
 
-<p>}</p>
-</li>
-<li>
 <p>Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied
page on your own.</p>
-<p>:::java
-@SessionScoped //or @WindowScoped
-public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {</p>
-<div class="codehilite"><pre><span class="err">@</span><span class="nx">Inject</span>
-<span class="kr">private</span> <span class="nx">ViewConfigResolver</span>
<span class="nx">viewConfigResolver</span><span class="p">;</span>
-
-<span class="kr">private</span> <span class="nx">Class</span><span
class="cp">&lt;?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span
class="o">&gt;</span> <span class="nx">deniedPage</span> <span
class="o">=</span> <span class="nx">Pages</span><span class="o">.</span><span
class="nx">Home</span><span class="o">.</span><span class="nx">class</span><span
class="p">;</span>
-
-<span class="o">@</span><span class="nx">Override</span>
-<span class="k">protected</span> <span class="nx">void</span> <span
class="nx">checkPermission</span><span class="p">(</span><span class="nx">AccessDecisionVoterContext</span>
<span class="nx">context</span><span class="p">,</span> <span class="nx">Set</span><span
class="o">&lt;</span><span class="nx">SecurityViolation</span><span
class="o">&gt;</span> <span class="nx">violations</span><span
class="p">)</span> <span class="p">{</span>
-    <span class="k">if</span><span class="p">(</span><span class="nx">loggedIn</span><span
class="p">)</span> <span class="p">{</span>
-        <span class="c1">//...</span>
-    <span class="p">}</span> <span class="k">else</span> <span
class="p">{</span>
-        <span class="nx">violations</span><span class="o">.</span><span
class="nx">add</span><span class="p">(</span><span class="cm">/*...*/</span><span
class="p">);</span>
-        <span class="nx">deniedPage</span> <span class="o">=</span>
<span class="nx">viewConfigResolver</span><span class="o">.</span><span
class="nx">getViewConfigDescriptor</span><span class="p">(</span><span
class="nx">FacesContext</span><span class="o">.</span><span class="nx">getCurrentInstance</span><span
class="p">()</span><span class="o">.</span><span class="nx">getViewRoot</span><span
class="p">()</span><span class="o">.</span><span class="nx">getViewId</span><span
class="p">())</span><span class="o">.</span><span class="nx">getConfigClass</span><span
class="p">();</span>
-    <span class="p">}</span>
-<span class="p">}</span>
-
-<span class="k">public</span> <span class="nx">Class</span><span
class="o">&lt;?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span
class="o">&gt;</span> <span class="nx">getDeniedPage</span><span
class="p">()</span> <span class="p">{</span>
-    <span class="k">try</span> <span class="p">{</span>
-        <span class="k">return</span> <span class="nx">deniedPage</span><span
class="p">;</span>
-    <span class="p">}</span> <span class="nx">finally</span> <span
class="p">{</span>
-        <span class="nx">deniedPage</span> <span class="o">=</span>
<span class="nx">Pages</span><span class="o">.</span><span class="nx">Home</span><span
class="o">.</span><span class="nx">class</span><span class="p">;</span>
-    <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@SessionScoped</span>
<span class="c1">//or @WindowScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span
class="nc">AdminAccessDecisionVoter</span> <span class="kd">extends</span>
<span class="n">AbstractAccessDecisionVoter</span> <span class="o">{</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">ViewConfigResolver</span>
<span class="n">viewConfigResolver</span><span class="o">;</span>
+
+    <span class="kd">private</span> <span class="n">Class</span><span
class="o">&lt;?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span
class="o">&gt;</span> <span class="n">deniedPage</span> <span
class="o">=</span> <span class="n">Pages</span><span class="o">.</span><span
class="na">Home</span><span class="o">.</span><span class="na">class</span><span
class="o">;</span>
+
+    <span class="nd">@Override</span>
+    <span class="kd">protected</span> <span class="kt">void</span>
<span class="nf">checkPermission</span><span class="o">(</span><span
class="n">AccessDecisionVoterContext</span> <span class="n">context</span><span
class="o">,</span> <span class="n">Set</span><span class="o">&lt;</span><span
class="n">SecurityViolation</span><span class="o">&gt;</span> <span
class="n">violations</span><span class="o">)</span> <span class="o">{</span>
+        <span class="k">if</span><span class="o">(</span><span
class="n">loggedIn</span><span class="o">)</span> <span class="o">{</span>
+            <span class="c1">//...</span>
+        <span class="o">}</span> <span class="k">else</span> <span
class="o">{</span>
+            <span class="n">violations</span><span class="o">.</span><span
class="na">add</span><span class="o">(</span><span class="cm">/*...*/</span><span
class="o">);</span>
+            <span class="n">deniedPage</span> <span class="o">=</span>
<span class="n">viewConfigResolver</span><span class="o">.</span><span
class="na">getViewConfigDescriptor</span><span class="o">(</span><span
class="n">FacesContext</span><span class="o">.</span><span class="na">getCurrentInstance</span><span
class="o">().</span><span class="na">getViewRoot</span><span class="o">().</span><span
class="na">getViewId</span><span class="o">()).</span><span class="na">getConfigClass</span><span
class="o">();</span>
+        <span class="o">}</span>
+    <span class="o">}</span>
+
+    <span class="kd">public</span> <span class="n">Class</span><span
class="o">&lt;?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span
class="o">&gt;</span> <span class="n">getDeniedPage</span><span
class="o">()</span> <span class="o">{</span>
+        <span class="k">try</span> <span class="o">{</span>
+            <span class="k">return</span> <span class="n">deniedPage</span><span
class="o">;</span>
+        <span class="o">}</span> <span class="k">finally</span> <span
class="o">{</span>
+            <span class="n">deniedPage</span> <span class="o">=</span>
<span class="n">Pages</span><span class="o">.</span><span class="na">Home</span><span
class="o">.</span><span class="na">class</span><span class="o">;</span>
+        <span class="o">}</span>
+    <span class="o">}</span>
+<span class="o">}</span>
 </pre></div>
 
 
-<p>}</p>
-</li>
-<li>
 <p>And in AuthenticationListener you inject AdminAccessDecisionVoter</p>
-<p>:::java
-public class AuthenticationListener {</p>
-<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span>
-<span class="n">private</span> <span class="n">ViewNavigationHandler</span>
<span class="n">viewNavigationHandler</span><span class="p">;</span>
-
-<span class="p">@</span><span class="n">Inject</span>
-<span class="n">private</span> <span class="n">AdminAccessDecisionVoter</span>
<span class="n">adminAccessDecisionVoter</span><span class="p">;</span>
-
-<span class="n">public</span> <span class="n">void</span> <span
class="n">handleLoggedIn</span><span class="p">(@</span><span class="n">Observes</span>
<span class="n">UserLoggedInEvent</span> <span class="n">event</span><span
class="p">)</span> <span class="p">{</span>
-    <span class="n">this</span><span class="p">.</span><span class="n">viewNavigationHandler</span><span
class="p">.</span><span class="n">navigateTo</span><span class="p">(</span><span
class="n">adminAccessDecisionVoter</span><span class="p">.</span><span
class="n">getDeniedPage</span><span class="p">());</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="kd">public</span> <span
class="kd">class</span> <span class="nc">AuthenticationListener</span>
<span class="o">{</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">ViewNavigationHandler</span>
<span class="n">viewNavigationHandler</span><span class="o">;</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">AdminAccessDecisionVoter</span>
<span class="n">adminAccessDecisionVoter</span><span class="o">;</span>
+
+    <span class="kd">public</span> <span class="kt">void</span> <span
class="nf">handleLoggedIn</span><span class="o">(</span><span class="nd">@Observes</span>
<span class="n">UserLoggedInEvent</span> <span class="n">event</span><span
class="o">)</span> <span class="o">{</span>
+        <span class="k">this</span><span class="o">.</span><span
class="na">viewNavigationHandler</span><span class="o">.</span><span
class="na">navigateTo</span><span class="o">(</span><span class="n">adminAccessDecisionVoter</span><span
class="o">.</span><span class="na">getDeniedPage</span><span class="o">());</span>
+    <span class="o">}</span>
+
+<span class="o">}</span>
 </pre></div>
 
 
-<p>}</p>
-</li>
-</ul>
 <h2 id="picketlink-implementation-to-redirect-the-login-to-the-first-denied-page">PicketLink
Implementation to redirect the login to the first denied page</h2>
 <p>Once that PicketLink handles the authentication for you, you only need to store
the denied page and observe PicketLink <code>LoggedInEvent</code> to redirect
you back to the denied page.</p>
-<ul>
-<li>
 <p>Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied
page on your own.</p>
-<p>:::java
-@SessionScoped //or @WindowScoped
-public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {</p>
-<div class="codehilite"><pre><span class="err">@</span><span class="nx">Inject</span>
-<span class="kr">private</span> <span class="nx">ViewConfigResolver</span>
<span class="nx">viewConfigResolver</span><span class="p">;</span>
-
-<span class="kr">private</span> <span class="nx">Class</span><span
class="cp">&lt;?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span
class="o">&gt;</span> <span class="nx">deniedPage</span> <span
class="o">=</span> <span class="nx">Pages</span><span class="o">.</span><span
class="nx">Home</span><span class="o">.</span><span class="nx">class</span><span
class="p">;</span>
-
-<span class="o">@</span><span class="nx">Override</span>
-<span class="k">protected</span> <span class="nx">void</span> <span
class="nx">checkPermission</span><span class="p">(</span><span class="nx">AccessDecisionVoterContext</span>
<span class="nx">context</span><span class="p">,</span> <span class="nx">Set</span><span
class="o">&lt;</span><span class="nx">SecurityViolation</span><span
class="o">&gt;</span> <span class="nx">violations</span><span
class="p">)</span> <span class="p">{</span>
-
-    <span class="nx">AuthorizationChecker</span> <span class="nx">authorizationChecker</span>
<span class="o">=</span> <span class="nx">BeanProvider</span><span
class="o">.</span><span class="nx">getContextualReference</span><span
class="p">(</span><span class="nx">AuthorizationChecker</span><span
class="o">.</span><span class="nx">class</span><span class="p">);</span>
-    <span class="nx">boolean</span> <span class="nx">loggedIn</span>
<span class="o">=</span> <span class="nx">authorizationChecker</span><span
class="o">.</span><span class="nx">isLoggedIn</span><span class="p">();</span>
-
-    <span class="k">if</span><span class="p">(</span><span class="nx">loggedIn</span><span
class="p">)</span> <span class="p">{</span>
-        <span class="c1">//...</span>
-    <span class="p">}</span> <span class="k">else</span> <span
class="p">{</span>
-        <span class="nx">violations</span><span class="o">.</span><span
class="nx">add</span><span class="p">(</span><span class="cm">/*...*/</span><span
class="p">);</span>
-        <span class="nx">deniedPage</span> <span class="o">=</span>
<span class="nx">viewConfigResolver</span><span class="o">.</span><span
class="nx">getViewConfigDescriptor</span><span class="p">(</span><span
class="nx">FacesContext</span><span class="o">.</span><span class="nx">getCurrentInstance</span><span
class="p">()</span><span class="o">.</span><span class="nx">getViewRoot</span><span
class="p">()</span><span class="o">.</span><span class="nx">getViewId</span><span
class="p">())</span><span class="o">.</span><span class="nx">getConfigClass</span><span
class="p">();</span>
-    <span class="p">}</span>
-<span class="p">}</span>
-
-<span class="k">public</span> <span class="nx">Class</span><span
class="o">&lt;?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span
class="o">&gt;</span> <span class="nx">getDeniedPage</span><span
class="p">()</span> <span class="p">{</span>
-    <span class="k">try</span> <span class="p">{</span>
-        <span class="k">return</span> <span class="nx">deniedPage</span><span
class="p">;</span>
-    <span class="p">}</span> <span class="nx">finally</span> <span
class="p">{</span>
-        <span class="nx">deniedPage</span> <span class="o">=</span>
<span class="nx">Pages</span><span class="o">.</span><span class="nx">Home</span><span
class="o">.</span><span class="nx">class</span><span class="p">;</span>
-    <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@SessionScoped</span>
<span class="c1">//or @WindowScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span
class="nc">AdminAccessDecisionVoter</span> <span class="kd">extends</span>
<span class="n">AbstractAccessDecisionVoter</span> <span class="o">{</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">ViewConfigResolver</span>
<span class="n">viewConfigResolver</span><span class="o">;</span>
+
+    <span class="kd">private</span> <span class="n">Class</span><span
class="o">&lt;?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span
class="o">&gt;</span> <span class="n">deniedPage</span> <span
class="o">=</span> <span class="n">Pages</span><span class="o">.</span><span
class="na">Home</span><span class="o">.</span><span class="na">class</span><span
class="o">;</span>
+
+    <span class="nd">@Override</span>
+    <span class="kd">protected</span> <span class="kt">void</span>
<span class="nf">checkPermission</span><span class="o">(</span><span
class="n">AccessDecisionVoterContext</span> <span class="n">context</span><span
class="o">,</span> <span class="n">Set</span><span class="o">&lt;</span><span
class="n">SecurityViolation</span><span class="o">&gt;</span> <span
class="n">violations</span><span class="o">)</span> <span class="o">{</span>
+
+        <span class="n">AuthorizationChecker</span> <span class="n">authorizationChecker</span>
<span class="o">=</span> <span class="n">BeanProvider</span><span
class="o">.</span><span class="na">getContextualReference</span><span
class="o">(</span><span class="n">AuthorizationChecker</span><span
class="o">.</span><span class="na">class</span><span class="o">);</span>
+        <span class="kt">boolean</span> <span class="n">loggedIn</span>
<span class="o">=</span> <span class="n">authorizationChecker</span><span
class="o">.</span><span class="na">isLoggedIn</span><span class="o">();</span>
+
+        <span class="k">if</span><span class="o">(</span><span
class="n">loggedIn</span><span class="o">)</span> <span class="o">{</span>
+            <span class="c1">//...</span>
+        <span class="o">}</span> <span class="k">else</span> <span
class="o">{</span>
+            <span class="n">violations</span><span class="o">.</span><span
class="na">add</span><span class="o">(</span><span class="cm">/*...*/</span><span
class="o">);</span>
+            <span class="n">deniedPage</span> <span class="o">=</span>
<span class="n">viewConfigResolver</span><span class="o">.</span><span
class="na">getViewConfigDescriptor</span><span class="o">(</span><span
class="n">FacesContext</span><span class="o">.</span><span class="na">getCurrentInstance</span><span
class="o">().</span><span class="na">getViewRoot</span><span class="o">().</span><span
class="na">getViewId</span><span class="o">()).</span><span class="na">getConfigClass</span><span
class="o">();</span>
+        <span class="o">}</span>
+    <span class="o">}</span>
+
+    <span class="kd">public</span> <span class="n">Class</span><span
class="o">&lt;?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span
class="o">&gt;</span> <span class="n">getDeniedPage</span><span
class="o">()</span> <span class="o">{</span>
+        <span class="k">try</span> <span class="o">{</span>
+            <span class="k">return</span> <span class="n">deniedPage</span><span
class="o">;</span>
+        <span class="o">}</span> <span class="k">finally</span> <span
class="o">{</span>
+            <span class="n">deniedPage</span> <span class="o">=</span>
<span class="n">Pages</span><span class="o">.</span><span class="na">Home</span><span
class="o">.</span><span class="na">class</span><span class="o">;</span>
+        <span class="o">}</span>
+    <span class="o">}</span>
+<span class="o">}</span>
 </pre></div>
 
 
-<p>}</p>
-</li>
-<li>
 <p>And in AuthenticationListener you inject AdminAccessDecisionVoter</p>
-<p>:::java
-public class AuthenticationListener {</p>
-<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span>
-<span class="n">private</span> <span class="n">ViewNavigationHandler</span>
<span class="n">viewNavigationHandler</span><span class="p">;</span>
-
-<span class="p">@</span><span class="n">Inject</span>
-<span class="n">private</span> <span class="n">AdminAccessDecisionVoter</span>
<span class="n">adminAccessDecisionVoter</span><span class="p">;</span>
-
-<span class="n">public</span> <span class="n">void</span> <span
class="n">handleLoggedIn</span><span class="p">(@</span><span class="n">Observes</span>
<span class="n">LoggedInEvent</span> <span class="n">event</span><span
class="p">)</span> <span class="p">{</span>
-    <span class="n">this</span><span class="p">.</span><span class="n">viewNavigationHandler</span><span
class="p">.</span><span class="n">navigateTo</span><span class="p">(</span><span
class="n">adminAccessDecisionVoter</span><span class="p">.</span><span
class="n">getDeniedPage</span><span class="p">());</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="kd">public</span> <span
class="kd">class</span> <span class="nc">AuthenticationListener</span>
<span class="o">{</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">ViewNavigationHandler</span>
<span class="n">viewNavigationHandler</span><span class="o">;</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">AdminAccessDecisionVoter</span>
<span class="n">adminAccessDecisionVoter</span><span class="o">;</span>
+
+    <span class="kd">public</span> <span class="kt">void</span> <span
class="nf">handleLoggedIn</span><span class="o">(</span><span class="nd">@Observes</span>
<span class="n">LoggedInEvent</span> <span class="n">event</span><span
class="o">)</span> <span class="o">{</span>
+        <span class="k">this</span><span class="o">.</span><span
class="na">viewNavigationHandler</span><span class="o">.</span><span
class="na">navigateTo</span><span class="o">(</span><span class="n">adminAccessDecisionVoter</span><span
class="o">.</span><span class="na">getDeniedPage</span><span class="o">());</span>
+    <span class="o">}</span>
+
+<span class="o">}</span>
 </pre></div>
 
 
-<p>}</p>
-</li>
-</ul>
 <h1 id="accessdecisionvotercontext">AccessDecisionVoterContext</h1>
 <p>Because the <code>AccessDecisionVoter</code> can be chained, <code>AccessDecisionVoterContext</code>
allows to get the current state as well as the results of the security check.</p>
 <p>There are several methods that can be useful</p>



Mime
View raw message