You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by ra...@apache.org on 2014/08/04 18:38:49 UTC
svn commit: r1615659 - /deltaspike/site/trunk/content/security.mdtext
Author: rafabene
Date: Mon Aug 4 16:38:48 2014
New Revision: 1615659
URL: http://svn.apache.org/r1615659
Log:
DELTASPIKE-677 - document ds-security to Make intitially requested and secured page available for redirect after login
Modified:
deltaspike/site/trunk/content/security.mdtext
Modified: deltaspike/site/trunk/content/security.mdtext
URL: http://svn.apache.org/viewvc/deltaspike/site/trunk/content/security.mdtext?rev=1615659&r1=1615658&r2=1615659&view=diff
==============================================================================
--- deltaspike/site/trunk/content/security.mdtext (original)
+++ deltaspike/site/trunk/content/security.mdtext Mon Aug 4 16:38:48 2014
@@ -315,6 +315,129 @@ Stereotype of @Secured with custom meta-
}
}
+# Making intitially requested and secured page available for redirect after login
+
+DeltaSpike can be combined with pure CDI or with any other security frameworks (like PicketLink) to track the denied page and make it available after user logs in.
+
+## CDI Implementation to redirect the login to the first denied page
+
+1. Your LoginService will fire a custom `UserLoggedInEvent`
+
+ :::java
+ public class LoginService implements Serializable {
+
+ @Inject
+ private Event<UserLoggedInEvent> userLoggedInEvent;
+
+ public Usuario login(String username, char[] password) {
+ //do the loggin process
+ userLoggedInEvent.fire(new UserLoggedInEvent());
+ }
+
+ }
+
+2. Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.
+
+ :::java
+ @SessionScoped //or @WindowScoped
+ public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {
+
+ @Inject
+ private ViewConfigResolver viewConfigResolver;
+
+ private Class<? extends ViewConfig> deniedPage = Pages.Home.class;
+
+ @Override
+ protected void checkPermission(AccessDecisionVoterContext context, Set<SecurityViolation> violations) {
+ if(loggedIn) {
+ //...
+ } else {
+ violations.add(/*...*/);
+ deniedPage = viewConfigResolver.getViewConfigDescriptor(FacesContext.getCurrentInstance().getViewRoot().getViewId()).getConfigClass();
+ }
+ }
+
+ public Class<? extends ViewConfig> getDeniedPage() {
+ try {
+ return deniedPage;
+ } finally {
+ deniedPage = Pages.Home.class;
+ }
+ }
+ }
+
+3. And in AuthenticationListener you inject AdminAccessDecisionVoter
+
+ :::java
+ public class AuthenticationListener {
+
+ @Inject
+ private ViewNavigationHandler viewNavigationHandler;
+
+ @Inject
+ private AdminAccessDecisionVoter adminAccessDecisionVoter;
+
+ public void handleLoggedIn(@Observes UserLoggedInEvent event) {
+ this.viewNavigationHandler.navigateTo(adminAccessDecisionVoter.getDeniedPage());
+ }
+
+ }
+
+## PicketLink Implementation to redirect the login to the first denied page
+
+Once that PicketLink handles the authentication for you, you only need to store the denied page and observe PicketLink `LoggedInEvent` to redirect you back to the denied page.
+
+1. Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.
+
+ :::java
+ @SessionScoped //or @WindowScoped
+ public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {
+
+ @Inject
+ private ViewConfigResolver viewConfigResolver;
+
+ private Class<? extends ViewConfig> deniedPage = Pages.Home.class;
+
+ @Override
+ protected void checkPermission(AccessDecisionVoterContext context, Set<SecurityViolation> violations) {
+
+ AuthorizationChecker authorizationChecker = BeanProvider.getContextualReference(AuthorizationChecker.class);
+ boolean loggedIn = authorizationChecker.isLoggedIn();
+
+ if(loggedIn) {
+ //...
+ } else {
+ violations.add(/*...*/);
+ deniedPage = viewConfigResolver.getViewConfigDescriptor(FacesContext.getCurrentInstance().getViewRoot().getViewId()).getConfigClass();
+ }
+ }
+
+ public Class<? extends ViewConfig> getDeniedPage() {
+ try {
+ return deniedPage;
+ } finally {
+ deniedPage = Pages.Home.class;
+ }
+ }
+ }
+
+2. And in AuthenticationListener you inject AdminAccessDecisionVoter
+
+ :::java
+ public class AuthenticationListener {
+
+ @Inject
+ private ViewNavigationHandler viewNavigationHandler;
+
+ @Inject
+ private AdminAccessDecisionVoter adminAccessDecisionVoter;
+
+ public void handleLoggedIn(@Observes LoggedInEvent event) {
+ this.viewNavigationHandler.navigateTo(adminAccessDecisionVoter.getDeniedPage());
+ }
+
+ }
+
# AccessDecisionVoterContext
Because the `AccessDecisionVoter` can be chained, `AccessDecisionVoterContext` allows to get the current state as well as the results of the security check.