You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by gp...@apache.org on 2014/06/12 11:02:06 UTC
[1/3] git commit: DELTASPIKE-636 revert first approach
Repository: deltaspike
Updated Branches:
refs/heads/master 241484f54 -> 2af2ccf25
DELTASPIKE-636 revert first approach
This reverts commit 241484f54ced11b26f269bfb5f3bc1eca6cf3d93.
Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/7d8ce23f
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/7d8ce23f
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/7d8ce23f
Branch: refs/heads/master
Commit: 7d8ce23fb0921a4fa4ac54d4674f2207595edd39
Parents: 241484f
Author: gpetracek <gp...@apache.org>
Authored: Thu Jun 12 10:41:03 2014 +0200
Committer: gpetracek <gp...@apache.org>
Committed: Thu Jun 12 10:41:03 2014 +0200
----------------------------------------------------------------------
.../deltaspike/security/impl/extension/Authorizer.java | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/7d8ce23f/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/Authorizer.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/Authorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/Authorizer.java
index b60e88d..bf90867 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/Authorizer.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/Authorizer.java
@@ -36,7 +36,6 @@ import javax.enterprise.inject.spi.BeanManager;
import javax.enterprise.util.Nonbinding;
import javax.interceptor.InvocationContext;
-import org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent;
import org.apache.deltaspike.core.util.metadata.builder.InjectableMethod;
import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
import org.apache.deltaspike.security.api.authorization.SecurityBindingType;
@@ -197,15 +196,7 @@ class Authorizer
}
});
- AccessDeniedException accessDeniedException = new AccessDeniedException(violations);
- ExceptionToCatchEvent exceptionToCatchEvent = new ExceptionToCatchEvent(accessDeniedException);
- exceptionToCatchEvent.setOptional(true);
- beanManager.fireEvent(exceptionToCatchEvent);
-
- if (!exceptionToCatchEvent.isHandled())
- {
- throw accessDeniedException;
- }
+ throw new AccessDeniedException(violations);
}
}
[3/3] git commit: DELTASPIKE-636 restrict duplicated execution of
exception-control in case of @Secured + cleanup
Posted by gp...@apache.org.
DELTASPIKE-636 restrict duplicated execution of exception-control in case of @Secured + cleanup
Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/2af2ccf2
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/2af2ccf2
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/2af2ccf2
Branch: refs/heads/master
Commit: 2af2ccf250b65c65606b12dd152154b13f1bd6e7
Parents: 1242cec
Author: gpetracek <gp...@apache.org>
Authored: Thu Jun 12 10:24:59 2014 +0200
Committer: gpetracek <gp...@apache.org>
Committed: Thu Jun 12 10:46:11 2014 +0200
----------------------------------------------------------------------
.../BeforeAccessDeniedExceptionHandler.java | 51 +++++++++++++++
.../SecuredAnnotationAuthorizer.java | 12 ++--
.../SkipInternalProcessingException.java | 38 +++++++++++
.../impl/extension/DefaultSecurityStrategy.java | 69 ++++++++++----------
4 files changed, 132 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/2af2ccf2/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java
new file mode 100644
index 0000000..e2fc84d
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/BeforeAccessDeniedExceptionHandler.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.impl.authorization;
+
+import org.apache.deltaspike.core.api.exception.control.BeforeHandles;
+import org.apache.deltaspike.core.api.exception.control.ExceptionHandler;
+import org.apache.deltaspike.core.api.exception.control.event.ExceptionEvent;
+import org.apache.deltaspike.core.spi.activation.Deactivatable;
+import org.apache.deltaspike.core.util.ClassDeactivationUtils;
+import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
+
+import javax.annotation.PostConstruct;
+import javax.enterprise.context.ApplicationScoped;
+
+@ApplicationScoped
+@ExceptionHandler
+public class BeforeAccessDeniedExceptionHandler implements Deactivatable
+{
+ protected boolean isActive;
+
+ @PostConstruct
+ protected void init()
+ {
+ this.isActive = ClassDeactivationUtils.isActivated(getClass());
+ }
+
+ public void onBeforeAccessDeniedException(@BeforeHandles ExceptionEvent<AccessDeniedException> event)
+ {
+ if (!this.isActive)
+ {
+ return;
+ }
+ event.throwOriginal();
+ }
+}
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/2af2ccf2/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
index b192d5b..59746bf 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.java
@@ -144,12 +144,14 @@ public class SecuredAnnotationAuthorizer
}
AccessDeniedException accessDeniedException = new AccessDeniedException(violations);
ExceptionToCatchEvent exceptionToCatchEvent = new ExceptionToCatchEvent(accessDeniedException);
- exceptionToCatchEvent.setOptional(true);
- this.beanManager.fireEvent(exceptionToCatchEvent);
- if (!exceptionToCatchEvent.isHandled())
+ try
{
- throw accessDeniedException;
+ this.beanManager.fireEvent(exceptionToCatchEvent);
+ }
+ catch (AccessDeniedException e)
+ {
+ throw new SkipInternalProcessingException(accessDeniedException);
}
}
}
@@ -167,4 +169,4 @@ public class SecuredAnnotationAuthorizer
}
}
}
-}
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/2af2ccf2/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java
new file mode 100644
index 0000000..e540c68
--- /dev/null
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/authorization/SkipInternalProcessingException.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.deltaspike.security.impl.authorization;
+
+import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
+
+//just to avoid a 2nd call of the handlers
+//the first one can't be removed, because we need an active AccessDecisionVoterContext
+public class SkipInternalProcessingException extends RuntimeException
+{
+ private final AccessDeniedException accessDeniedException;
+
+ public SkipInternalProcessingException(AccessDeniedException accessDeniedException)
+ {
+ this.accessDeniedException = accessDeniedException;
+ }
+
+ public AccessDeniedException getAccessDeniedException()
+ {
+ return accessDeniedException;
+ }
+}
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/2af2ccf2/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java
index fac5930..0ef1316 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java
@@ -21,6 +21,7 @@ package org.apache.deltaspike.security.impl.extension;
import org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent;
import org.apache.deltaspike.core.util.ProxyUtils;
import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
+import org.apache.deltaspike.security.impl.authorization.SkipInternalProcessingException;
import org.apache.deltaspike.security.spi.authorization.SecurityStrategy;
import javax.enterprise.context.Dependent;
@@ -58,20 +59,17 @@ public class DefaultSecurityStrategy implements SecurityStrategy
Set<Authorizer> authorizers = metaDataStorage.getAuthorizers(targetClass, method);
- Object result = null;
+ invokeBeforeMethodInvocationAuthorizers(invocationContext, authorizers);
- if (invokeBeforeMethodInvocationAuthorizers(invocationContext, authorizers))
- {
- result = invocationContext.proceed();
+ Object result = invocationContext.proceed();
- invokeAfterMethodInvocationAuthorizers(invocationContext, authorizers, result);
- }
+ invokeAfterMethodInvocationAuthorizers(invocationContext, authorizers, result);
return result;
}
- private boolean invokeBeforeMethodInvocationAuthorizers(InvocationContext invocationContext,
- Set<Authorizer> authorizers) throws IllegalAccessException
+ protected void invokeBeforeMethodInvocationAuthorizers(
+ InvocationContext invocationContext, Set<Authorizer> authorizers) throws IllegalAccessException
{
try
{
@@ -83,15 +81,21 @@ public class DefaultSecurityStrategy implements SecurityStrategy
}
}
}
- catch (AccessDeniedException ade)
+ catch (SkipInternalProcessingException e)
{
- return handleAccessDeniedException(ade);
+ throw e.getAccessDeniedException();
+ }
+ catch (AccessDeniedException e)
+ {
+ RuntimeException exceptionToThrow = handleAccessDeniedException(e);
+ if (exceptionToThrow != null)
+ {
+ throw exceptionToThrow;
+ }
}
-
- return true;
}
- private boolean invokeAfterMethodInvocationAuthorizers(InvocationContext invocationContext,
+ protected void invokeAfterMethodInvocationAuthorizers(InvocationContext invocationContext,
Set<Authorizer> authorizers, Object result) throws IllegalAccessException
{
try
@@ -104,38 +108,37 @@ public class DefaultSecurityStrategy implements SecurityStrategy
}
}
}
- catch (AccessDeniedException ade)
+ catch (AccessDeniedException e)
{
- return handleAccessDeniedException(ade);
+ RuntimeException exceptionToThrow = handleAccessDeniedException(e);
+ if (exceptionToThrow != null)
+ {
+ throw exceptionToThrow;
+ }
}
-
- return true;
}
/**
* <p>Fires a {@link org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent} for the given
* {@link org.apache.deltaspike.security.api.authorization.AccessDeniedException}.</p>
*
- * @param ade The previously thrown exception representing a authorization check failure.
- *
- * @return False if the processing should be aborted.
- *
- * @throws org.apache.deltaspike.security.api.authorization.AccessDeniedException
- * If the exception was not handled by the application.
+ * @param originalException exception thrown by an authorizer
+ * @return the original exception if the default behavior was changed and the exception is unhandled
*/
- private boolean handleAccessDeniedException(AccessDeniedException ade) throws AccessDeniedException
+ protected RuntimeException handleAccessDeniedException(AccessDeniedException originalException)
{
- ExceptionToCatchEvent exceptionToCatchEvent = new ExceptionToCatchEvent(ade);
-
- exceptionToCatchEvent.setOptional(true);
-
- beanManager.fireEvent(exceptionToCatchEvent);
-
+ ExceptionToCatchEvent exceptionToCatchEvent = new ExceptionToCatchEvent(originalException);
+ this.beanManager.fireEvent(exceptionToCatchEvent);
+ //the next step won't happen per default since ExceptionHandlerBroadcaster will throw the exception,
+ //because BeforeAccessDeniedExceptionHandler calls #throwOriginal
+ //but allows to suppress it via deactivating BeforeAccessDeniedExceptionHandler
+ //(or a 2nd @BeforeHandles method which overrules the default behavior
+ //(if needed)
if (!exceptionToCatchEvent.isHandled())
{
- throw ade;
+ throw originalException;
}
- return false;
+ return null;
}
-}
+}
\ No newline at end of file
[2/3] git commit: DELTASPIKE-636 skip InvocationContext#proceed even
with a handled exception
Posted by gp...@apache.org.
DELTASPIKE-636 skip InvocationContext#proceed even with a handled exception
Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/1242cec7
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/1242cec7
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/1242cec7
Branch: refs/heads/master
Commit: 1242cec7ecd1df68cc184f33c2fda7d2069cbb23
Parents: 7d8ce23
Author: pedroigor <pi...@gmail.com>
Authored: Thu Jun 12 10:16:31 2014 +0200
Committer: gpetracek <gp...@apache.org>
Committed: Thu Jun 12 10:42:18 2014 +0200
----------------------------------------------------------------------
.../impl/extension/DefaultSecurityStrategy.java | 83 +++++++++++++++++---
1 file changed, 74 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/deltaspike/blob/1242cec7/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java
----------------------------------------------------------------------
diff --git a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java
index 2bd9d98..fac5930 100644
--- a/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java
+++ b/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/DefaultSecurityStrategy.java
@@ -18,7 +18,9 @@
*/
package org.apache.deltaspike.security.impl.extension;
+import org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent;
import org.apache.deltaspike.core.util.ProxyUtils;
+import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
import org.apache.deltaspike.security.spi.authorization.SecurityStrategy;
import javax.enterprise.context.Dependent;
@@ -26,6 +28,7 @@ import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.interceptor.InvocationContext;
import java.lang.reflect.Method;
+import java.util.Set;
/**
* {@inheritDoc}
@@ -53,24 +56,86 @@ public class DefaultSecurityStrategy implements SecurityStrategy
Class targetClass = ProxyUtils.getUnproxiedClass(invocationContext.getTarget().getClass()); //see DELTASPIKE-517
- for (Authorizer authorizer : metaDataStorage.getAuthorizers(targetClass, method))
+ Set<Authorizer> authorizers = metaDataStorage.getAuthorizers(targetClass, method);
+
+ Object result = null;
+
+ if (invokeBeforeMethodInvocationAuthorizers(invocationContext, authorizers))
{
- if (authorizer.isBeforeMethodInvocationAuthorizer())
+ result = invocationContext.proceed();
+
+ invokeAfterMethodInvocationAuthorizers(invocationContext, authorizers, result);
+ }
+
+ return result;
+ }
+
+ private boolean invokeBeforeMethodInvocationAuthorizers(InvocationContext invocationContext,
+ Set<Authorizer> authorizers) throws IllegalAccessException
+ {
+ try
+ {
+ for (Authorizer authorizer : authorizers)
{
- authorizer.authorize(invocationContext, null, this.beanManager);
+ if (authorizer.isBeforeMethodInvocationAuthorizer())
+ {
+ authorizer.authorize(invocationContext, null, this.beanManager);
+ }
}
}
+ catch (AccessDeniedException ade)
+ {
+ return handleAccessDeniedException(ade);
+ }
- Object result = invocationContext.proceed();
+ return true;
+ }
- for (Authorizer authorizer : metaDataStorage.getAuthorizers(targetClass, method))
+ private boolean invokeAfterMethodInvocationAuthorizers(InvocationContext invocationContext,
+ Set<Authorizer> authorizers, Object result) throws IllegalAccessException
+ {
+ try
{
- if (authorizer.isAfterMethodInvocationAuthorizer())
+ for (Authorizer authorizer : authorizers)
{
- authorizer.authorize(invocationContext, result, this.beanManager);
+ if (authorizer.isAfterMethodInvocationAuthorizer())
+ {
+ authorizer.authorize(invocationContext, result, this.beanManager);
+ }
}
}
-
- return result;
+ catch (AccessDeniedException ade)
+ {
+ return handleAccessDeniedException(ade);
+ }
+
+ return true;
+ }
+
+ /**
+ * <p>Fires a {@link org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent} for the given
+ * {@link org.apache.deltaspike.security.api.authorization.AccessDeniedException}.</p>
+ *
+ * @param ade The previously thrown exception representing a authorization check failure.
+ *
+ * @return False if the processing should be aborted.
+ *
+ * @throws org.apache.deltaspike.security.api.authorization.AccessDeniedException
+ * If the exception was not handled by the application.
+ */
+ private boolean handleAccessDeniedException(AccessDeniedException ade) throws AccessDeniedException
+ {
+ ExceptionToCatchEvent exceptionToCatchEvent = new ExceptionToCatchEvent(ade);
+
+ exceptionToCatchEvent.setOptional(true);
+
+ beanManager.fireEvent(exceptionToCatchEvent);
+
+ if (!exceptionToCatchEvent.isHandled())
+ {
+ throw ade;
+ }
+
+ return false;
}
}