Return-Path: X-Original-To: apmail-deltaspike-commits-archive@www.apache.org Delivered-To: apmail-deltaspike-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 617991157A for ; Mon, 4 Aug 2014 16:39:24 +0000 (UTC) Received: (qmail 30809 invoked by uid 500); 4 Aug 2014 16:39:24 -0000 Delivered-To: apmail-deltaspike-commits-archive@deltaspike.apache.org Received: (qmail 30773 invoked by uid 500); 4 Aug 2014 16:39:24 -0000 Mailing-List: contact commits-help@deltaspike.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@deltaspike.apache.org Delivered-To: mailing list commits@deltaspike.apache.org Received: (qmail 30764 invoked by uid 99); 4 Aug 2014 16:39:24 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Aug 2014 16:39:24 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Aug 2014 16:39:24 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 78AF22388F11 for ; Mon, 4 Aug 2014 16:38:58 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r918381 - in /websites/staging/deltaspike/trunk/content: ./ security.html Date: Mon, 04 Aug 2014 16:38:58 -0000 To: commits@deltaspike.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140804163858.78AF22388F11@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: buildbot Date: Mon Aug 4 16:38:58 2014 New Revision: 918381 Log: Staging update by buildbot for deltaspike Modified: websites/staging/deltaspike/trunk/content/ (props changed) websites/staging/deltaspike/trunk/content/security.html Propchange: websites/staging/deltaspike/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Mon Aug 4 16:38:58 2014 @@ -1 +1 @@ -1614776 +1615659 Modified: websites/staging/deltaspike/trunk/content/security.html ============================================================================== --- websites/staging/deltaspike/trunk/content/security.html (original) +++ websites/staging/deltaspike/trunk/content/security.html Mon Aug 4 16:38:58 2014 @@ -106,6 +106,11 @@ Notice: Licensed to the Apache Softwa
  • @Secured and Stereotypes with custom Meta-data
    • +
  • Making intitially requested and secured page available for redirect after login +
  • AccessDecisionVoterContext @@ -365,6 +370,135 @@ It's a basic hook to integrate a custom +

    Making intitially requested and secured page available for redirect after login

    +

    DeltaSpike can be combined with pure CDI or with any other security frameworks (like PicketLink) to track the denied page and make it available after user logs in.

    +

    CDI Implementation to redirect the login to the first denied page

    +
      +
    1. +

      Your LoginService will fire a custom UserLoggedInEvent

      +

      :::java +public class LoginService implements Serializable {

      +
      @Inject
+private Event<UserLoggedInEvent> userLoggedInEvent;
+
+public Usuario login(String username, char[] password) {
+    //do the loggin process
+    userLoggedInEvent.fire(new UserLoggedInEvent());
+}
+
      + + +

      }

      +
      2. +
    2. +

      Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.

      +

      :::java +@SessionScoped //or @WindowScoped +public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {

      +
      @Inject
+private ViewConfigResolver viewConfigResolver;
+
+private Class<? extends ViewConfig> deniedPage = Pages.Home.class;
+
+@Override
+protected void checkPermission(AccessDecisionVoterContext context, Set<SecurityViolation> violations) {
+    if(loggedIn) {
+        //...
+    } else {
+        violations.add(/*...*/);
+        deniedPage = viewConfigResolver.getViewConfigDescriptor(FacesContext.getCurrentInstance().getViewRoot().getViewId()).getConfigClass();
+    }
+}
+
+public Class<? extends ViewConfig> getDeniedPage() {
+    try {
+        return deniedPage;
+    } finally {
+        deniedPage = Pages.Home.class;
+    }
+}
+
      + + +

      }

      +
      3. +
    3. +

      And in AuthenticationListener you inject AdminAccessDecisionVoter

      +

      :::java +public class AuthenticationListener {

      +
      @Inject
+private ViewNavigationHandler viewNavigationHandler;
+
+@Inject
+private AdminAccessDecisionVoter adminAccessDecisionVoter;
+
+public void handleLoggedIn(@Observes UserLoggedInEvent event) {
+    this.viewNavigationHandler.navigateTo(adminAccessDecisionVoter.getDeniedPage());
+}
+
      + + +

      }

      +
      4. +
    +

    PicketLink Implementation to redirect the login to the first denied page

    +

    Once that PicketLink handles the authentication for you, you only need to store the denied page and observe PicketLink LoggedInEvent to redirect you back to the denied page.

    +
      +
    1. +

      Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.

      +

      :::java +@SessionScoped //or @WindowScoped +public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {

      +
      @Inject
+private ViewConfigResolver viewConfigResolver;
+
+private Class<? extends ViewConfig> deniedPage = Pages.Home.class;
+
+@Override
+protected void checkPermission(AccessDecisionVoterContext context, Set<SecurityViolation> violations) {
+
+    AuthorizationChecker authorizationChecker = BeanProvider.getContextualReference(AuthorizationChecker.class);
+    boolean loggedIn = authorizationChecker.isLoggedIn();
+
+    if(loggedIn) {
+        //...
+    } else {
+        violations.add(/*...*/);
+        deniedPage = viewConfigResolver.getViewConfigDescriptor(FacesContext.getCurrentInstance().getViewRoot().getViewId()).getConfigClass();
+    }
+}
+
+public Class<? extends ViewConfig> getDeniedPage() {
+    try {
+        return deniedPage;
+    } finally {
+        deniedPage = Pages.Home.class;
+    }
+}
+
      + + +

      }

      +
      2. +
    2. +

      And in AuthenticationListener you inject AdminAccessDecisionVoter

      +

      :::java +public class AuthenticationListener {

      +
      @Inject
+private ViewNavigationHandler viewNavigationHandler;
+
+@Inject
+private AdminAccessDecisionVoter adminAccessDecisionVoter;
+
+public void handleLoggedIn(@Observes LoggedInEvent event) {
+    this.viewNavigationHandler.navigateTo(adminAccessDecisionVoter.getDeniedPage());
+}
+
      + + +

      }

      +
      3. +

    AccessDecisionVoterContext

    Because the AccessDecisionVoter can be chained, AccessDecisionVoterContext allows to get the current state as well as the results of the security check.

    There are several methods that can be useful