You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by ra...@apache.org on 2014/08/04 18:38:49 UTC

svn commit: r1615659 - /deltaspike/site/trunk/content/security.mdtext

Author: rafabene
Date: Mon Aug  4 16:38:48 2014
New Revision: 1615659

URL: http://svn.apache.org/r1615659
Log:
DELTASPIKE-677 - document ds-security to Make intitially requested and secured page available for redirect after login

Modified:
    deltaspike/site/trunk/content/security.mdtext

Modified: deltaspike/site/trunk/content/security.mdtext
URL: http://svn.apache.org/viewvc/deltaspike/site/trunk/content/security.mdtext?rev=1615659&r1=1615658&r2=1615659&view=diff
==============================================================================
--- deltaspike/site/trunk/content/security.mdtext (original)
+++ deltaspike/site/trunk/content/security.mdtext Mon Aug  4 16:38:48 2014
@@ -315,6 +315,129 @@ Stereotype of @Secured with custom meta-
         }
     }
 
+# Making intitially requested and secured page available for redirect after login
+
+DeltaSpike can be combined with pure CDI or with any other security frameworks (like PicketLink) to track the denied page and make it available after user logs in.
+
+## CDI Implementation to redirect the login to the first denied page
+
+1. Your LoginService will fire a custom `UserLoggedInEvent`
+
+    :::java
+    public class LoginService implements Serializable {
+
+        @Inject
+        private Event<UserLoggedInEvent> userLoggedInEvent; 
+
+        public Usuario login(String username, char[] password) {
+            //do the loggin process
+            userLoggedInEvent.fire(new UserLoggedInEvent());
+        }
+
+    }
+    
+2. Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.
+
+    :::java
+    @SessionScoped //or @WindowScoped
+    public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {
+
+        @Inject
+        private ViewConfigResolver viewConfigResolver;
+        
+        private Class<? extends ViewConfig> deniedPage = Pages.Home.class;
+
+        @Override
+        protected void checkPermission(AccessDecisionVoterContext context, Set<SecurityViolation> violations) {
+            if(loggedIn) {
+                //...
+            } else {
+                violations.add(/*...*/);
+                deniedPage = viewConfigResolver.getViewConfigDescriptor(FacesContext.getCurrentInstance().getViewRoot().getViewId()).getConfigClass();
+            }
+        }
+
+        public Class<? extends ViewConfig> getDeniedPage() {
+            try {
+                return deniedPage;
+            } finally {
+                deniedPage = Pages.Home.class;
+            }
+        }
+    }
+    
+3. And in AuthenticationListener you inject AdminAccessDecisionVoter    
+
+    :::java
+    public class AuthenticationListener {
+    
+        @Inject
+        private ViewNavigationHandler viewNavigationHandler;
+    
+        @Inject
+        private AdminAccessDecisionVoter adminAccessDecisionVoter;
+    
+        public void handleLoggedIn(@Observes UserLoggedInEvent event) {
+            this.viewNavigationHandler.navigateTo(adminAccessDecisionVoter.getDeniedPage());
+        }
+
+    }
+    
+## PicketLink Implementation to redirect the login to the first denied page
+
+Once that PicketLink handles the authentication for you, you only need to store the denied page and observe PicketLink `LoggedInEvent` to redirect you back to the denied page.
+
+1. Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.
+
+    :::java
+    @SessionScoped //or @WindowScoped
+    public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {
+
+        @Inject
+        private ViewConfigResolver viewConfigResolver;
+
+        private Class<? extends ViewConfig> deniedPage = Pages.Home.class;
+
+        @Override
+        protected void checkPermission(AccessDecisionVoterContext context, Set<SecurityViolation> violations) {
+
+            AuthorizationChecker authorizationChecker = BeanProvider.getContextualReference(AuthorizationChecker.class);
+            boolean loggedIn = authorizationChecker.isLoggedIn();
+
+            if(loggedIn) {
+                //...
+            } else {
+                violations.add(/*...*/);
+                deniedPage = viewConfigResolver.getViewConfigDescriptor(FacesContext.getCurrentInstance().getViewRoot().getViewId()).getConfigClass();
+            }
+        }
+
+        public Class<? extends ViewConfig> getDeniedPage() {
+            try {
+                return deniedPage;
+            } finally {
+                deniedPage = Pages.Home.class;
+            }
+        }
+    }
+    
+2. And in AuthenticationListener you inject AdminAccessDecisionVoter    
+
+    :::java
+    public class AuthenticationListener {
+    
+        @Inject
+        private ViewNavigationHandler viewNavigationHandler;
+    
+        @Inject
+        private AdminAccessDecisionVoter adminAccessDecisionVoter;
+    
+        public void handleLoggedIn(@Observes LoggedInEvent event) {
+            this.viewNavigationHandler.navigateTo(adminAccessDecisionVoter.getDeniedPage());
+        }
+
+    }    
+    
 # AccessDecisionVoterContext
 
 Because the `AccessDecisionVoter` can be chained, `AccessDecisionVoterContext` allows to get the current state as well as the results of the security check.