You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by gp...@apache.org on 2015/05/01 16:32:32 UTC

deltaspike git commit: DELTASPIKE-873 improved handling of @Secured without DefaultErrorView

Repository: deltaspike
Updated Branches:
  refs/heads/master 32a67c766 -> 077eadb0c


DELTASPIKE-873 improved handling of @Secured without DefaultErrorView


Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/077eadb0
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/077eadb0
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/077eadb0

Branch: refs/heads/master
Commit: 077eadb0c03da7c0e90c3a43c804ad75716fd972
Parents: 32a67c7
Author: gpetracek <gp...@apache.org>
Authored: Fri May 1 16:22:52 2015 +0200
Committer: gpetracek <gp...@apache.org>
Committed: Fri May 1 16:22:52 2015 +0200

----------------------------------------------------------------------
 .../impl/security/SecurityAwareViewHandler.java | 20 ++++++++++-
 .../deltaspike/jsf/impl/util/SecurityUtils.java | 36 ++++++++++++++++++--
 2 files changed, 52 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/deltaspike/blob/077eadb0/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/security/SecurityAwareViewHandler.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/security/SecurityAwareViewHandler.java b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/security/SecurityAwareViewHandler.java
index 1f29e09..e6bc657 100644
--- a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/security/SecurityAwareViewHandler.java
+++ b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/security/SecurityAwareViewHandler.java
@@ -142,7 +142,25 @@ public class SecurityAwareViewHandler extends ViewHandlerWrapper implements Deac
                 broadcastAccessDeniedException(accessDeniedException);
             }
 
-            return this.wrapped.createView(context, viewConfigResolver.getViewConfigDescriptor(errorView).getViewId());
+            if (errorViewDescriptor == null && errorView != null)
+            {
+                errorViewDescriptor = viewConfigResolver.getViewConfigDescriptor(errorView);
+            }
+
+            if (errorViewDescriptor != null)
+            {
+                return this.wrapped.createView(context, errorViewDescriptor.getViewId());
+            }
+            else
+            {
+                //only in case of GET requests, because an exception during POST requests leads to re-rendering
+                //the previous page (including the error message)
+                if (!context.isPostback() && context.getViewRoot() != null)
+                {
+                    context.getViewRoot().setViewId(null);
+                }
+            }
+            throw accessDeniedException; //security exception without error-view
         }
         finally
         {

http://git-wip-us.apache.org/repos/asf/deltaspike/blob/077eadb0/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/SecurityUtils.java b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/SecurityUtils.java
index 76df3e3..7eeb24d 100644
--- a/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/SecurityUtils.java
+++ b/deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/util/SecurityUtils.java
@@ -170,7 +170,7 @@ public abstract class SecurityUtils
             }
         }
 
-        if (errorView == null)
+        if (errorView == null && allowNavigation)
         {
             throw exception;
         }
@@ -224,8 +224,38 @@ public abstract class SecurityUtils
         {
             //TODO discuss it (with CODI handling such messages was easier)
             message = violation.getReason();
-            FacesMessage facesMessage = new FacesMessage(FacesMessage.SEVERITY_ERROR, message, message);
-            FacesContext.getCurrentInstance().addMessage(null, facesMessage);
+
+            if (!isMessageAddedAlready(message))
+            {
+                FacesMessage facesMessage = new FacesMessage(FacesMessage.SEVERITY_ERROR, message, message);
+                FacesContext.getCurrentInstance().addMessage(null, facesMessage);
+            }
+        }
+    }
+
+    private static boolean isMessageAddedAlready(String message)
+    {
+        FacesContext facesContext = FacesContext.getCurrentInstance();
+
+        if (facesContext == null || message == null)
+        {
+            return false;
+        }
+
+        List<FacesMessage> existingMessages = facesContext.getMessageList();
+
+        if (existingMessages == null)
+        {
+            return false;
+        }
+
+        for (FacesMessage facesMessage : existingMessages)
+        {
+            if (message.equals(facesMessage.getSummary()))
+            {
+                return true;
+            }
         }
+        return false;
     }
 }