You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by bu...@apache.org on 2014/08/04 18:43:39 UTC
svn commit: r918387 - in /websites/staging/deltaspike/trunk/content: ./
security.html
Author: buildbot
Date: Mon Aug 4 16:43:39 2014
New Revision: 918387
Log:
Staging update by buildbot for deltaspike
Modified:
websites/staging/deltaspike/trunk/content/ (props changed)
websites/staging/deltaspike/trunk/content/security.html
Propchange: websites/staging/deltaspike/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Aug 4 16:43:39 2014
@@ -1 +1 @@
-1615662
+1615663
Modified: websites/staging/deltaspike/trunk/content/security.html
==============================================================================
--- websites/staging/deltaspike/trunk/content/security.html (original)
+++ websites/staging/deltaspike/trunk/content/security.html Mon Aug 4 16:43:39 2014
@@ -373,132 +373,121 @@ It's a basic hook to integrate a custom
<h1 id="making-intitially-requested-and-secured-page-available-for-redirect-after-login">Making intitially requested and secured page available for redirect after login</h1>
<p>DeltaSpike can be combined with pure CDI or with any other security frameworks (like PicketLink) to track the denied page and make it available after user logs in.</p>
<h2 id="cdi-implementation-to-redirect-the-login-to-the-first-denied-page">CDI Implementation to redirect the login to the first denied page</h2>
-<ul>
-<li>
<p>Your LoginService will fire a custom <code>UserLoggedInEvent</code></p>
-<p>:::java
-public class LoginService implements Serializable {</p>
-<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span>
-<span class="n">private</span> <span class="n">Event</span><span class="o"><</span><span class="n">UserLoggedInEvent</span><span class="o">></span> <span class="n">userLoggedInEvent</span><span class="p">;</span>
-
-<span class="n">public</span> <span class="n">Usuario</span> <span class="n">login</span><span class="p">(</span><span class="n">String</span> <span class="n">username</span><span class="p">,</span> <span class="n">char</span><span class="p">[]</span> <span class="n">password</span><span class="p">)</span> <span class="p">{</span>
- <span class="o">//</span><span class="n">do</span> <span class="n">the</span> <span class="n">loggin</span> <span class="n">process</span>
- <span class="n">userLoggedInEvent</span><span class="p">.</span><span class="n">fire</span><span class="p">(</span><span class="n">new</span> <span class="n">UserLoggedInEvent</span><span class="p">());</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="kd">public</span> <span class="kd">class</span> <span class="nc">LoginService</span> <span class="kd">implements</span> <span class="n">Serializable</span> <span class="o">{</span>
+
+ <span class="nd">@Inject</span>
+ <span class="kd">private</span> <span class="n">Event</span><span class="o"><</span><span class="n">UserLoggedInEvent</span><span class="o">></span> <span class="n">userLoggedInEvent</span><span class="o">;</span>
+
+ <span class="kd">public</span> <span class="n">Usuario</span> <span class="nf">login</span><span class="o">(</span><span class="n">String</span> <span class="n">username</span><span class="o">,</span> <span class="kt">char</span><span class="o">[]</span> <span class="n">password</span><span class="o">)</span> <span class="o">{</span>
+ <span class="c1">//do the loggin process</span>
+ <span class="n">userLoggedInEvent</span><span class="o">.</span><span class="na">fire</span><span class="o">(</span><span class="k">new</span> <span class="n">UserLoggedInEvent</span><span class="o">());</span>
+ <span class="o">}</span>
+
+<span class="o">}</span>
</pre></div>
-<p>}</p>
-</li>
-<li>
<p>Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.</p>
-<p>:::java
-@SessionScoped //or @WindowScoped
-public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {</p>
-<div class="codehilite"><pre><span class="err">@</span><span class="nx">Inject</span>
-<span class="kr">private</span> <span class="nx">ViewConfigResolver</span> <span class="nx">viewConfigResolver</span><span class="p">;</span>
-
-<span class="kr">private</span> <span class="nx">Class</span><span class="cp"><?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span class="o">></span> <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">Pages</span><span class="o">.</span><span class="nx">Home</span><span class="o">.</span><span class="nx">class</span><span class="p">;</span>
-
-<span class="o">@</span><span class="nx">Override</span>
-<span class="k">protected</span> <span class="nx">void</span> <span class="nx">checkPermission</span><span class="p">(</span><span class="nx">AccessDecisionVoterContext</span> <span class="nx">context</span><span class="p">,</span> <span class="nx">Set</span><span class="o"><</span><span class="nx">SecurityViolation</span><span class="o">></span> <span class="nx">violations</span><span class="p">)</span> <span class="p">{</span>
- <span class="k">if</span><span class="p">(</span><span class="nx">loggedIn</span><span class="p">)</span> <span class="p">{</span>
- <span class="c1">//...</span>
- <span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
- <span class="nx">violations</span><span class="o">.</span><span class="nx">add</span><span class="p">(</span><span class="cm">/*...*/</span><span class="p">);</span>
- <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">viewConfigResolver</span><span class="o">.</span><span class="nx">getViewConfigDescriptor</span><span class="p">(</span><span class="nx">FacesContext</span><span class="o">.</span><span class="nx">getCurrentInstance</span><span class="p">()</span><span class="o">.</span><span class="nx">getViewRoot</span><span class="p">()</span><span class="o">.</span><span class="nx">getViewId</span><span class="p">())</span><span class="o">.</span><span class="nx">getConfigClass</span><span class="p">();</span>
- <span class="p">}</span>
-<span class="p">}</span>
-
-<span class="k">public</span> <span class="nx">Class</span><span class="o"><?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span class="o">></span> <span class="nx">getDeniedPage</span><span class="p">()</span> <span class="p">{</span>
- <span class="k">try</span> <span class="p">{</span>
- <span class="k">return</span> <span class="nx">deniedPage</span><span class="p">;</span>
- <span class="p">}</span> <span class="nx">finally</span> <span class="p">{</span>
- <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">Pages</span><span class="o">.</span><span class="nx">Home</span><span class="o">.</span><span class="nx">class</span><span class="p">;</span>
- <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@SessionScoped</span> <span class="c1">//or @WindowScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">AdminAccessDecisionVoter</span> <span class="kd">extends</span> <span class="n">AbstractAccessDecisionVoter</span> <span class="o">{</span>
+
+ <span class="nd">@Inject</span>
+ <span class="kd">private</span> <span class="n">ViewConfigResolver</span> <span class="n">viewConfigResolver</span><span class="o">;</span>
+
+ <span class="kd">private</span> <span class="n">Class</span><span class="o"><?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span class="o">></span> <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">Pages</span><span class="o">.</span><span class="na">Home</span><span class="o">.</span><span class="na">class</span><span class="o">;</span>
+
+ <span class="nd">@Override</span>
+ <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">checkPermission</span><span class="o">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">context</span><span class="o">,</span> <span class="n">Set</span><span class="o"><</span><span class="n">SecurityViolation</span><span class="o">></span> <span class="n">violations</span><span class="o">)</span> <span class="o">{</span>
+ <span class="k">if</span><span class="o">(</span><span class="n">loggedIn</span><span class="o">)</span> <span class="o">{</span>
+ <span class="c1">//...</span>
+ <span class="o">}</span> <span class="k">else</span> <span class="o">{</span>
+ <span class="n">violations</span><span class="o">.</span><span class="na">add</span><span class="o">(</span><span class="cm">/*...*/</span><span class="o">);</span>
+ <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">viewConfigResolver</span><span class="o">.</span><span class="na">getViewConfigDescriptor</span><span class="o">(</span><span class="n">FacesContext</span><span class="o">.</span><span class="na">getCurrentInstance</span><span class="o">().</span><span class="na">getViewRoot</span><span class="o">().</span><span class="na">getViewId</span><span class="o">()).</span><span class="na">getConfigClass</span><span class="o">();</span>
+ <span class="o">}</span>
+ <span class="o">}</span>
+
+ <span class="kd">public</span> <span class="n">Class</span><span class="o"><?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span class="o">></span> <span class="n">getDeniedPage</span><span class="o">()</span> <span class="o">{</span>
+ <span class="k">try</span> <span class="o">{</span>
+ <span class="k">return</span> <span class="n">deniedPage</span><span class="o">;</span>
+ <span class="o">}</span> <span class="k">finally</span> <span class="o">{</span>
+ <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">Pages</span><span class="o">.</span><span class="na">Home</span><span class="o">.</span><span class="na">class</span><span class="o">;</span>
+ <span class="o">}</span>
+ <span class="o">}</span>
+<span class="o">}</span>
</pre></div>
-<p>}</p>
-</li>
-<li>
<p>And in AuthenticationListener you inject AdminAccessDecisionVoter</p>
-<p>:::java
-public class AuthenticationListener {</p>
-<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span>
-<span class="n">private</span> <span class="n">ViewNavigationHandler</span> <span class="n">viewNavigationHandler</span><span class="p">;</span>
-
-<span class="p">@</span><span class="n">Inject</span>
-<span class="n">private</span> <span class="n">AdminAccessDecisionVoter</span> <span class="n">adminAccessDecisionVoter</span><span class="p">;</span>
-
-<span class="n">public</span> <span class="n">void</span> <span class="n">handleLoggedIn</span><span class="p">(@</span><span class="n">Observes</span> <span class="n">UserLoggedInEvent</span> <span class="n">event</span><span class="p">)</span> <span class="p">{</span>
- <span class="n">this</span><span class="p">.</span><span class="n">viewNavigationHandler</span><span class="p">.</span><span class="n">navigateTo</span><span class="p">(</span><span class="n">adminAccessDecisionVoter</span><span class="p">.</span><span class="n">getDeniedPage</span><span class="p">());</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="kd">public</span> <span class="kd">class</span> <span class="nc">AuthenticationListener</span> <span class="o">{</span>
+
+ <span class="nd">@Inject</span>
+ <span class="kd">private</span> <span class="n">ViewNavigationHandler</span> <span class="n">viewNavigationHandler</span><span class="o">;</span>
+
+ <span class="nd">@Inject</span>
+ <span class="kd">private</span> <span class="n">AdminAccessDecisionVoter</span> <span class="n">adminAccessDecisionVoter</span><span class="o">;</span>
+
+ <span class="kd">public</span> <span class="kt">void</span> <span class="nf">handleLoggedIn</span><span class="o">(</span><span class="nd">@Observes</span> <span class="n">UserLoggedInEvent</span> <span class="n">event</span><span class="o">)</span> <span class="o">{</span>
+ <span class="k">this</span><span class="o">.</span><span class="na">viewNavigationHandler</span><span class="o">.</span><span class="na">navigateTo</span><span class="o">(</span><span class="n">adminAccessDecisionVoter</span><span class="o">.</span><span class="na">getDeniedPage</span><span class="o">());</span>
+ <span class="o">}</span>
+
+<span class="o">}</span>
</pre></div>
-<p>}</p>
-</li>
-</ul>
<h2 id="picketlink-implementation-to-redirect-the-login-to-the-first-denied-page">PicketLink Implementation to redirect the login to the first denied page</h2>
<p>Once that PicketLink handles the authentication for you, you only need to store the denied page and observe PicketLink <code>LoggedInEvent</code> to redirect you back to the denied page.</p>
-<ul>
-<li>
<p>Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.</p>
-<p>:::java
-@SessionScoped //or @WindowScoped
-public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {</p>
-<div class="codehilite"><pre><span class="err">@</span><span class="nx">Inject</span>
-<span class="kr">private</span> <span class="nx">ViewConfigResolver</span> <span class="nx">viewConfigResolver</span><span class="p">;</span>
-
-<span class="kr">private</span> <span class="nx">Class</span><span class="cp"><?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span class="o">></span> <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">Pages</span><span class="o">.</span><span class="nx">Home</span><span class="o">.</span><span class="nx">class</span><span class="p">;</span>
-
-<span class="o">@</span><span class="nx">Override</span>
-<span class="k">protected</span> <span class="nx">void</span> <span class="nx">checkPermission</span><span class="p">(</span><span class="nx">AccessDecisionVoterContext</span> <span class="nx">context</span><span class="p">,</span> <span class="nx">Set</span><span class="o"><</span><span class="nx">SecurityViolation</span><span class="o">></span> <span class="nx">violations</span><span class="p">)</span> <span class="p">{</span>
-
- <span class="nx">AuthorizationChecker</span> <span class="nx">authorizationChecker</span> <span class="o">=</span> <span class="nx">BeanProvider</span><span class="o">.</span><span class="nx">getContextualReference</span><span class="p">(</span><span class="nx">AuthorizationChecker</span><span class="o">.</span><span class="nx">class</span><span class="p">);</span>
- <span class="nx">boolean</span> <span class="nx">loggedIn</span> <span class="o">=</span> <span class="nx">authorizationChecker</span><span class="o">.</span><span class="nx">isLoggedIn</span><span class="p">();</span>
-
- <span class="k">if</span><span class="p">(</span><span class="nx">loggedIn</span><span class="p">)</span> <span class="p">{</span>
- <span class="c1">//...</span>
- <span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
- <span class="nx">violations</span><span class="o">.</span><span class="nx">add</span><span class="p">(</span><span class="cm">/*...*/</span><span class="p">);</span>
- <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">viewConfigResolver</span><span class="o">.</span><span class="nx">getViewConfigDescriptor</span><span class="p">(</span><span class="nx">FacesContext</span><span class="o">.</span><span class="nx">getCurrentInstance</span><span class="p">()</span><span class="o">.</span><span class="nx">getViewRoot</span><span class="p">()</span><span class="o">.</span><span class="nx">getViewId</span><span class="p">())</span><span class="o">.</span><span class="nx">getConfigClass</span><span class="p">();</span>
- <span class="p">}</span>
-<span class="p">}</span>
-
-<span class="k">public</span> <span class="nx">Class</span><span class="o"><?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span class="o">></span> <span class="nx">getDeniedPage</span><span class="p">()</span> <span class="p">{</span>
- <span class="k">try</span> <span class="p">{</span>
- <span class="k">return</span> <span class="nx">deniedPage</span><span class="p">;</span>
- <span class="p">}</span> <span class="nx">finally</span> <span class="p">{</span>
- <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">Pages</span><span class="o">.</span><span class="nx">Home</span><span class="o">.</span><span class="nx">class</span><span class="p">;</span>
- <span class="p">}</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="nd">@SessionScoped</span> <span class="c1">//or @WindowScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">AdminAccessDecisionVoter</span> <span class="kd">extends</span> <span class="n">AbstractAccessDecisionVoter</span> <span class="o">{</span>
+
+ <span class="nd">@Inject</span>
+ <span class="kd">private</span> <span class="n">ViewConfigResolver</span> <span class="n">viewConfigResolver</span><span class="o">;</span>
+
+ <span class="kd">private</span> <span class="n">Class</span><span class="o"><?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span class="o">></span> <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">Pages</span><span class="o">.</span><span class="na">Home</span><span class="o">.</span><span class="na">class</span><span class="o">;</span>
+
+ <span class="nd">@Override</span>
+ <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">checkPermission</span><span class="o">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">context</span><span class="o">,</span> <span class="n">Set</span><span class="o"><</span><span class="n">SecurityViolation</span><span class="o">></span> <span class="n">violations</span><span class="o">)</span> <span class="o">{</span>
+
+ <span class="n">AuthorizationChecker</span> <span class="n">authorizationChecker</span> <span class="o">=</span> <span class="n">BeanProvider</span><span class="o">.</span><span class="na">getContextualReference</span><span class="o">(</span><span class="n">AuthorizationChecker</span><span class="o">.</span><span class="na">class</span><span class="o">);</span>
+ <span class="kt">boolean</span> <span class="n">loggedIn</span> <span class="o">=</span> <span class="n">authorizationChecker</span><span class="o">.</span><span class="na">isLoggedIn</span><span class="o">();</span>
+
+ <span class="k">if</span><span class="o">(</span><span class="n">loggedIn</span><span class="o">)</span> <span class="o">{</span>
+ <span class="c1">//...</span>
+ <span class="o">}</span> <span class="k">else</span> <span class="o">{</span>
+ <span class="n">violations</span><span class="o">.</span><span class="na">add</span><span class="o">(</span><span class="cm">/*...*/</span><span class="o">);</span>
+ <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">viewConfigResolver</span><span class="o">.</span><span class="na">getViewConfigDescriptor</span><span class="o">(</span><span class="n">FacesContext</span><span class="o">.</span><span class="na">getCurrentInstance</span><span class="o">().</span><span class="na">getViewRoot</span><span class="o">().</span><span class="na">getViewId</span><span class="o">()).</span><span class="na">getConfigClass</span><span class="o">();</span>
+ <span class="o">}</span>
+ <span class="o">}</span>
+
+ <span class="kd">public</span> <span class="n">Class</span><span class="o"><?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span class="o">></span> <span class="n">getDeniedPage</span><span class="o">()</span> <span class="o">{</span>
+ <span class="k">try</span> <span class="o">{</span>
+ <span class="k">return</span> <span class="n">deniedPage</span><span class="o">;</span>
+ <span class="o">}</span> <span class="k">finally</span> <span class="o">{</span>
+ <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">Pages</span><span class="o">.</span><span class="na">Home</span><span class="o">.</span><span class="na">class</span><span class="o">;</span>
+ <span class="o">}</span>
+ <span class="o">}</span>
+<span class="o">}</span>
</pre></div>
-<p>}</p>
-</li>
-<li>
<p>And in AuthenticationListener you inject AdminAccessDecisionVoter</p>
-<p>:::java
-public class AuthenticationListener {</p>
-<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span>
-<span class="n">private</span> <span class="n">ViewNavigationHandler</span> <span class="n">viewNavigationHandler</span><span class="p">;</span>
-
-<span class="p">@</span><span class="n">Inject</span>
-<span class="n">private</span> <span class="n">AdminAccessDecisionVoter</span> <span class="n">adminAccessDecisionVoter</span><span class="p">;</span>
-
-<span class="n">public</span> <span class="n">void</span> <span class="n">handleLoggedIn</span><span class="p">(@</span><span class="n">Observes</span> <span class="n">LoggedInEvent</span> <span class="n">event</span><span class="p">)</span> <span class="p">{</span>
- <span class="n">this</span><span class="p">.</span><span class="n">viewNavigationHandler</span><span class="p">.</span><span class="n">navigateTo</span><span class="p">(</span><span class="n">adminAccessDecisionVoter</span><span class="p">.</span><span class="n">getDeniedPage</span><span class="p">());</span>
-<span class="p">}</span>
+<div class="codehilite"><pre><span class="kd">public</span> <span class="kd">class</span> <span class="nc">AuthenticationListener</span> <span class="o">{</span>
+
+ <span class="nd">@Inject</span>
+ <span class="kd">private</span> <span class="n">ViewNavigationHandler</span> <span class="n">viewNavigationHandler</span><span class="o">;</span>
+
+ <span class="nd">@Inject</span>
+ <span class="kd">private</span> <span class="n">AdminAccessDecisionVoter</span> <span class="n">adminAccessDecisionVoter</span><span class="o">;</span>
+
+ <span class="kd">public</span> <span class="kt">void</span> <span class="nf">handleLoggedIn</span><span class="o">(</span><span class="nd">@Observes</span> <span class="n">LoggedInEvent</span> <span class="n">event</span><span class="o">)</span> <span class="o">{</span>
+ <span class="k">this</span><span class="o">.</span><span class="na">viewNavigationHandler</span><span class="o">.</span><span class="na">navigateTo</span><span class="o">(</span><span class="n">adminAccessDecisionVoter</span><span class="o">.</span><span class="na">getDeniedPage</span><span class="o">());</span>
+ <span class="o">}</span>
+
+<span class="o">}</span>
</pre></div>
-<p>}</p>
-</li>
-</ul>
<h1 id="accessdecisionvotercontext">AccessDecisionVoterContext</h1>
<p>Because the <code>AccessDecisionVoter</code> can be chained, <code>AccessDecisionVoterContext</code> allows to get the current state as well as the results of the security check.</p>
<p>There are several methods that can be useful</p>