You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by gp...@apache.org on 2011/09/27 15:11:53 UTC

svn commit: r1176374 - in /myfaces/extensions/cdi/trunk: core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/ jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/

Author: gpetracek
Date: Tue Sep 27 13:11:53 2011
New Revision: 1176374

URL: http://svn.apache.org/viewvc?rev=1176374&view=rev
Log:
EXTCDI-229 optional SecurityViolationHandler

Added:
    myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/SecurityViolationHandler.java
Modified:
    myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java

Added: myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/SecurityViolationHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/SecurityViolationHandler.java?rev=1176374&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/SecurityViolationHandler.java (added)
+++ myfaces/extensions/cdi/trunk/core/api/src/main/java/org/apache/myfaces/extensions/cdi/core/api/security/SecurityViolationHandler.java Tue Sep 27 13:11:53 2011
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.core.api.security;
+
+import java.util.Set;
+
+/**
+ * Allows to handle custom implementations of {@link SecurityViolation}
+ *
+ * @author Gerhard Petracek
+ */
+public interface SecurityViolationHandler
+{
+    /**
+     * Instead of adding the violations as message for the user, it's possible to implement a custom behaviour
+     * (e.g. something like an InternalViolation which won't get added)
+     * @param securityViolations current violations
+     */
+    void processSecurityViolations(Set<SecurityViolation> securityViolations);
+}

Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java?rev=1176374&r1=1176373&r2=1176374&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java Tue Sep 27 13:11:53 2011
@@ -22,9 +22,11 @@ import org.apache.myfaces.extensions.cdi
 import org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException;
 import org.apache.myfaces.extensions.cdi.core.api.security.SecurityViolation;
 import org.apache.myfaces.extensions.cdi.core.api.config.view.ViewConfig;
+import org.apache.myfaces.extensions.cdi.core.api.security.SecurityViolationHandler;
 import org.apache.myfaces.extensions.cdi.core.api.tools.DefaultAnnotation;
 import static org.apache.myfaces.extensions.cdi.core.impl.util.CodiUtils.getContextualReferenceByClass;
 
+import org.apache.myfaces.extensions.cdi.core.impl.util.CodiUtils;
 import org.apache.myfaces.extensions.cdi.jsf.api.config.view.ViewConfigDescriptor;
 import org.apache.myfaces.extensions.cdi.message.api.MessageContext;
 import org.apache.myfaces.extensions.cdi.message.api.payload.MessageSeverity;
@@ -130,7 +132,18 @@ public abstract class SecurityUtils
     {
         FacesContext facesContext = FacesContext.getCurrentInstance();
 
-        addViolationsAsMessage(exception.getViolations());
+        SecurityViolationHandler securityViolationHandler =
+                CodiUtils.getContextualReferenceByClass(SecurityViolationHandler.class, true);
+
+        if(securityViolationHandler != null)
+        {
+            //optional (custom handler) - allows to handle custom implementations of SecurityViolation
+            securityViolationHandler.processSecurityViolations(exception.getViolations());
+        }
+        else
+        {
+            addViolationsAsMessage(exception.getViolations());
+        }
 
         if(allowNavigation)
         {