deltaspike-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Werner Gaulke" <wer...@gaulke.net>
Subject AW: Security - Obtaining initially requested page for further redirect
Date Thu, 17 Jul 2014 13:27:04 GMT
Hi Gerhard,

I created and issue and provided an example application along to it. This application shows
in a minimal JSF/DS/PL application on Wildfly the exact problem.

So far I had no time to test some possible solutions but I will update the ticket if I find
something useful (I am not that fluent in the inner workings of DS yet).

https://issues.apache.org/jira/browse/DELTASPIKE-675 


Best
Werner

-----Urspr√ľngliche Nachricht-----
Von: Gerhard Petracek [mailto:gerhard.petracek@gmail.com] 
Gesendet: Donnerstag, 17. Juli 2014 14:41
An: users@deltaspike.apache.org
Betreff: Re: Security - Obtaining initially requested page for further redirect

hi werner,

you are very welcome to create a jira ticket (see [1]) for such an improvement.
(if you also attach a simple demo-app, we could test a possible approach
easily.)

regards,
gerhard

[1] https://issues.apache.org/jira/browse/DELTASPIKE

http://www.irian.at

Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German

Professional Support for Apache MyFaces



2014-07-17 14:32 GMT+02:00 Werner Gaulke <werner@gaulke.net>:

> Hi Herhard,
>
> thanks for your feedback and your suggestion. Theoretically PicketLink 
> has its own filter for authentication checks - but enabling this 
> filter would duplicate the functionality provided by DS. Security 
> configuration with help of the ViewConfig is much more convenient.
> While debugging I saw, that SecurityUtils is basically the point where 
> the initially requested view is available and could be put into the 
> AccessDecisionVoterContext.
>
> In the AccessDecisionVoter I have no way to obtain the initially 
> requested view - at least without some sort of helper.
>
> I thought this would be a very convenient add-on for the security module.
> :)
>
> Best
> Werner
>
>
>
> -----Urspr√ľngliche Nachricht-----
> Von: Gerhard Petracek [mailto:gerhard.petracek@gmail.com]
> Gesendet: Donnerstag, 17. Juli 2014 13:10
> An: users@deltaspike.apache.org
> Betreff: Re: Security - Obtaining initially requested page for further 
> redirect
>
> hi werner,
>
> thx for the feedback!
> that sounds more like a feature for picketlink or your own 
> AccessDecisionVoter (you can cast AccessDecisionVoterContext to 
> EditableAccessDecisionVoterContext and use #addMetaData)
>
> regards,
> gerhard
>
> http://www.irian.at
>
> Your JSF/JavaEE powerhouse -
> JavaEE Consulting, Development and
> Courses in English and German
>
> Professional Support for Apache MyFaces
>
>
>
> 2014-07-17 12:55 GMT+02:00 Werner Gaulke <werner@gaulke.net>:
>
> > Hi,
> >
> > I have a question regarding the DS-Security Module. I have 
> > successfully integrated DS with PicketLink. I am using a custom 
> > AccessDecisionVoter to integrate the PicketLink IDM to check for 
> > roles /
> access.
> > Redirect to Login and Logging-in works fine with that method. The 
> > use of @Secured in the ViewConfig is a very elegant solution in my opinion.
> >
> > But I am struggling to redirect the user after the login to the 
> > initially requested page. PicketLink generated a LoggedInEvent which 
> > can be catched after login an redirect if the initially requested 
> > view was somehow available.
> >
> > In my option the AccessDecisionVoterContext could store the initial 
> > requested view root in it's meta-data set by the SecurityUtils.
> >
> >
> > What do you guys think? Has anyone a solution for this (in my 
> > opinion very
> > common) problem?
> >
> > Best
> > Werner
> >
> >
> >
> >
>
>


Mime
View raw message