You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltaspike.apache.org by "Gerhard Petracek (JIRA)" <ji...@apache.org> on 2014/07/22 21:40:39 UTC
[jira] [Resolved] (DELTASPIKE-675) Make intitially requested and
secured page available for redirect after login
[ https://issues.apache.org/jira/browse/DELTASPIKE-675?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gerhard Petracek resolved DELTASPIKE-675.
-----------------------------------------
Resolution: Not a Problem
it works already, if you use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.
changed code:
{code}
@SessionScoped //or @WindowScoped
public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {
@Inject
private ViewConfigResolver viewConfigResolver;
private Class<? extends ViewConfig> deniedPage = Pages.Home.class;
@Override
protected void checkPermission(AccessDecisionVoterContext context, Set<SecurityViolation> violations) {
AuthorizationChecker authorizationChecker = BeanProvider.getContextualReference(AuthorizationChecker.class);
boolean loggedIn = authorizationChecker.isLoggedIn();
if(loggedIn){
//...
} else {
violations.add(/*...*/);
deniedPage = viewConfigResolver.getViewConfigDescriptor(FacesContext.getCurrentInstance().getViewRoot().getViewId()).getConfigClass();
}
}
public Class<? extends ViewConfig> getDeniedPage() {
try {
return deniedPage;
} finally {
deniedPage = Pages.Home.class;
}
}
}
{code}
and in AuthenticationListener you inject AdminAccessDecisionVoter
->
{code}
public void handleLoggedIn(@Observes LoggedInEvent event) {
this.viewNavigationHandler.navigateTo(adminAccessDecisionVoter.getDeniedPage());
}
{code}
adding the information to AccessDecisionVoterContext wouldn't help a lot imo.
however, it's a nice use-case and we should add it to the documentation.
> Make intitially requested and secured page available for redirect after login
> -----------------------------------------------------------------------------
>
> Key: DELTASPIKE-675
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-675
> Project: DeltaSpike
> Issue Type: Improvement
> Components: Security-Module
> Affects Versions: 1.0.1
> Reporter: Werner Gaulke
> Assignee: Gerhard Petracek
> Priority: Minor
>
> h2. Situation
> DeltaSpike combined with PicketLink for security handling (users and roles). Custom AccessdecisionVoter to check, whether the user is allowed to access a page (by Secured Annotation in ViewConfig).
> DS-Security intercept access to this page and redirects to the login. After the login it would be nice to redirect the user to the initially requested page.
> Generally this problem is independend of the used security framework, in this case though PicketLink is used.
> Reference to mailing list: http://mail-archives.apache.org/mod_mbox/deltaspike-users/201407.mbox/%3C006601cfa1ad$8fa14a00$aee3de00$@gaulke.net%3E
> h2. Idea for the solution
> Make requested page avaiable in AccessDecisionVoterContext and let the app handle the redirect after login. I think this could be done in SecurityUtils.
> h2. Example
> Attached you will find a minimal JSF/DS/PL application which uses a in memory database. Start the application in JBOSS Wildfly and access it.
> You can now click on "Admin Area" in the main-menu and DS will redirect you to the login form. After login a LoggedIn Event by PL is fired.
> A redirect to the requested page is desired.
> https://www.dropbox.com/s/7k59jp1ka4xeez2/ds-pl-minimal.zip
--
This message was sent by Atlassian JIRA
(v6.2#6252)