You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by gp...@apache.org on 2015/05/01 16:32:32 UTC
deltaspike git commit: DELTASPIKE-873 improved handling of @Secured
without DefaultErrorView
Repository: deltaspike
Updated Branches:
refs/heads/master 32a67c766 -> 077eadb0c
DELTASPIKE-873 improved handling of @Secured without DefaultErrorView
Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/077eadb0
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/077eadb0
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/077eadb0
Branch: refs/heads/master
Commit: 077eadb0c03da7c0e90c3a43c804ad75716fd972
Parents: 32a67c7
Author: gpetracek <gp...@apache.org>
Authored: Fri May 1 16:22:52 2015 +0200
Committer: gpetracek <gp...@apache.org>
Committed: Fri May 1 16:22:52 2015 +0200
----------------------------------------------------------------------
.../impl/security/SecurityAwareViewHandler.java | 20 ++++++++++-
.../deltaspike/jsf/impl/util/SecurityUtils.java | 36 ++++++++++++++++++--
2 files changed, 52 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/077eadb0/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/security/SecurityAwareViewHandler.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/security/SecurityAwareViewHandler.java b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/security/SecurityAwareViewHandler.java
index 1f29e09..e6bc657 100644
--- a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/security/SecurityAwareViewHandler.java
+++ b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/security/SecurityAwareViewHandler.java
@@ -142,7 +142,25 @@ public class SecurityAwareViewHandler extends ViewHandlerWrapper implements Deac
broadcastAccessDeniedException(accessDeniedException);
}
- return this.wrapped.createView(context, viewConfigResolver.getViewConfigDescriptor(errorView).getViewId());
+ if (errorViewDescriptor == null && errorView != null)
+ {
+ errorViewDescriptor = viewConfigResolver.getViewConfigDescriptor(errorView);
+ }
+
+ if (errorViewDescriptor != null)
+ {
+ return this.wrapped.createView(context, errorViewDescriptor.getViewId());
+ }
+ else
+ {
+ //only in case of GET requests, because an exception during POST requests leads to re-rendering
+ //the previous page (including the error message)
+ if (!context.isPostback() && context.getViewRoot() != null)
+ {
+ context.getViewRoot().setViewId(null);
+ }
+ }
+ throw accessDeniedException; //security exception without error-view
}
finally
{
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/077eadb0/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/SecurityUtils.java b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/SecurityUtils.java
index 76df3e3..7eeb24d 100644
--- a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/SecurityUtils.java
+++ b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/SecurityUtils.java
@@ -170,7 +170,7 @@ public abstract class SecurityUtils
}
}
- if (errorView == null)
+ if (errorView == null && allowNavigation)
{
throw exception;
}
@@ -224,8 +224,38 @@ public abstract class SecurityUtils
{
//TODO discuss it (with CODI handling such messages was easier)
message = violation.getReason();
- FacesMessage facesMessage = new FacesMessage(FacesMessage.SEVERITY_ERROR, message, message);
- FacesContext.getCurrentInstance().addMessage(null, facesMessage);
+
+ if (!isMessageAddedAlready(message))
+ {
+ FacesMessage facesMessage = new FacesMessage(FacesMessage.SEVERITY_ERROR, message, message);
+ FacesContext.getCurrentInstance().addMessage(null, facesMessage);
+ }
+ }
+ }
+
+ private static boolean isMessageAddedAlready(String message)
+ {
+ FacesContext facesContext = FacesContext.getCurrentInstance();
+
+ if (facesContext == null || message == null)
+ {
+ return false;
+ }
+
+ List<FacesMessage> existingMessages = facesContext.getMessageList();
+
+ if (existingMessages == null)
+ {
+ return false;
+ }
+
+ for (FacesMessage facesMessage : existingMessages)
+ {
+ if (message.equals(facesMessage.getSummary()))
+ {
+ return true;
+ }
}
+ return false;
}
}