You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by gp...@apache.org on 2011/03/06 06:00:40 UTC
svn commit: r1078402 - in /myfaces/extensions/cdi/trunk/jee-modules:
jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/
jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/
jsf-module/impl/src/main...
Author: gpetracek
Date: Sun Mar 6 05:00:40 2011
New Revision: 1078402
URL: http://svn.apache.org/viewvc?rev=1078402&view=rev
Log:
EXTCDI-149 first draft
Added:
myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/CodiViewHandler.java
myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityAwareViewHandler.java
Modified:
myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/ViewConfigAwareNavigationHandler.java
myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/WindowContextAwareViewHandler.java
myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java
myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/META-INF/faces-config.xml
myfaces/extensions/cdi/trunk/jee-modules/jsf20-module/impl/src/main/resources/META-INF/faces-config.xml
Added: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/CodiViewHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/CodiViewHandler.java?rev=1078402&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/CodiViewHandler.java (added)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/CodiViewHandler.java Sun Mar 6 05:00:40 2011
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.jsf.impl;
+
+import org.apache.myfaces.extensions.cdi.core.api.Deactivatable;
+import org.apache.myfaces.extensions.cdi.core.impl.util.ClassDeactivation;
+import org.apache.myfaces.extensions.cdi.jsf.impl.scope.conversation.WindowContextAwareViewHandler;
+import org.apache.myfaces.extensions.cdi.jsf.impl.security.SecurityAwareViewHandler;
+
+import javax.faces.application.ViewHandler;
+import javax.faces.application.ViewHandlerWrapper;
+import javax.faces.component.UIViewRoot;
+import javax.faces.context.FacesContext;
+
+/**
+ * Allows a better performance and a fine-grained deactivation of the sub-view handlers
+ * btw. extending them or a stand-alone usage.
+ *
+ * @author Gerhard Petracek
+ */
+public class CodiViewHandler extends ViewHandlerWrapper implements Deactivatable
+{
+ private ViewHandler wrapped;
+
+ private ViewHandler windowContextAwareViewHandler;
+
+ private ViewHandler securityAwareViewHandler;
+
+ public CodiViewHandler(ViewHandler wrapped)
+ {
+ this.wrapped = wrapped;
+ if(isActivated())
+ {
+ this.windowContextAwareViewHandler = new WindowContextAwareViewHandler(this.wrapped);
+ this.securityAwareViewHandler = new SecurityAwareViewHandler(this.wrapped);
+ }
+ }
+
+ @Override
+ public UIViewRoot createView(FacesContext facesContext, String viewId)
+ {
+ if(this.securityAwareViewHandler == null)
+ {
+ return this.wrapped.createView(facesContext, viewId);
+ }
+ return this.securityAwareViewHandler.createView(facesContext, viewId);
+ }
+
+ @Override
+ public String getActionURL(FacesContext facesContext, String viewId)
+ {
+ if(this.windowContextAwareViewHandler == null)
+ {
+ return this.wrapped.getActionURL(facesContext, viewId);
+ }
+ //TODO add security check (deactivated per default)
+ return this.windowContextAwareViewHandler.getActionURL(facesContext, viewId);
+ }
+
+ @Override
+ public UIViewRoot restoreView(FacesContext facesContext, String viewId)
+ {
+ if(this.windowContextAwareViewHandler == null)
+ {
+ return this.wrapped.restoreView(facesContext, viewId);
+ }
+ return this.windowContextAwareViewHandler.restoreView(facesContext, viewId);
+ }
+
+ public ViewHandler getWrapped()
+ {
+ return this.wrapped;
+ }
+
+ public boolean isActivated()
+ {
+ return ClassDeactivation.isClassActivated(getClass());
+ }
+}
Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/ViewConfigAwareNavigationHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/ViewConfigAwareNavigationHandler.java?rev=1078402&r1=1078401&r2=1078402&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/ViewConfigAwareNavigationHandler.java (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/ViewConfigAwareNavigationHandler.java Sun Mar 6 05:00:40 2011
@@ -22,15 +22,12 @@ import static org.apache.myfaces.extensi
import org.apache.myfaces.extensions.cdi.core.api.config.view.DefaultErrorView;
import org.apache.myfaces.extensions.cdi.core.api.config.view.ViewConfig;
-import org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException;
import org.apache.myfaces.extensions.cdi.core.api.provider.BeanManagerProvider;
-import static org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters;
import org.apache.myfaces.extensions.cdi.jsf.api.config.view.Page.NavigationMode;
import org.apache.myfaces.extensions.cdi.core.api.navigation.PreViewConfigNavigateEvent;
import org.apache.myfaces.extensions.cdi.jsf.api.config.view.Page;
import org.apache.myfaces.extensions.cdi.jsf.impl.config.view.ViewConfigCache;
import org.apache.myfaces.extensions.cdi.jsf.impl.config.view.spi.ViewConfigEntry;
-import static org.apache.myfaces.extensions.cdi.jsf.impl.util.SecurityUtils.tryToHandleSecurityViolation;
import org.apache.myfaces.extensions.cdi.jsf.impl.util.JsfUtils;
@@ -66,6 +63,7 @@ public class ViewConfigAwareNavigationHa
this.delegateCall = delegateCall;
}
+ //Security checks will be performed by the view-handler provided by codi
@Override
public void handleNavigation(FacesContext facesContext, String fromAction, String outcome)
{
@@ -109,17 +107,6 @@ public class ViewConfigAwareNavigationHa
if(entry != null)
{
- //security
- try
- {
- invokeVoters(null, this.beanManager, entry.getAccessDecisionVoters(), entry.getErrorView());
- }
- catch (AccessDeniedException accessDeniedException)
- {
- tryToHandleSecurityViolation(accessDeniedException);
- return;
- }
-
this.viewConfigs.put(outcome, entry);
PreViewConfigNavigateEvent navigateEvent = firePreViewConfigNavigateEvent(oldViewId, entry);
@@ -142,27 +129,6 @@ public class ViewConfigAwareNavigationHa
}
}
- handleStandardNavigation(facesContext, fromAction, outcome);
- }
-
- private void handleStandardNavigation(FacesContext facesContext, String fromAction, String outcome)
- {
- //security
- try
- {
- ViewConfigEntry entry = ViewConfigCache.getViewDefinition(facesContext.getViewRoot().getViewId());
-
- if(entry != null)
- {
- invokeVoters(null, this.beanManager, entry.getAccessDecisionVoters(), entry.getErrorView());
- }
- }
- catch (AccessDeniedException accessDeniedException)
- {
- tryToHandleSecurityViolation(accessDeniedException);
- return;
- }
-
this.navigationHandler.handleNavigation(facesContext, fromAction, outcome);
}
Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/WindowContextAwareViewHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/WindowContextAwareViewHandler.java?rev=1078402&r1=1078401&r2=1078402&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/WindowContextAwareViewHandler.java (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/WindowContextAwareViewHandler.java Sun Mar 6 05:00:40 2011
@@ -32,6 +32,9 @@ import javax.faces.context.FacesContext;
import javax.faces.component.UIViewRoot;
/**
+ * ATTENTION:
+ * add all new methods to {@link org.apache.myfaces.extensions.cdi.jsf.impl.CodiViewHandler}
+ *
* @author Gerhard Petracek
*/
public class WindowContextAwareViewHandler extends ViewHandlerWrapper implements Deactivatable
@@ -56,8 +59,6 @@ public class WindowContextAwareViewHandl
@Override
public String getActionURL(FacesContext context, String viewId)
{
- lazyInit();
-
String url = this.wrapped.getActionURL(context, viewId);
if(this.deactivated)
@@ -65,6 +66,8 @@ public class WindowContextAwareViewHandl
return url;
}
+ lazyInit();
+
url = this.windowHandler.encodeURL(url);
return url;
}
@@ -86,11 +89,6 @@ public class WindowContextAwareViewHandl
}
}
- public boolean isActivated()
- {
- return ClassDeactivation.isClassActivated(getClass());
- }
-
@Override
public UIViewRoot restoreView(FacesContext facesContext, String viewId)
{
@@ -113,6 +111,11 @@ public class WindowContextAwareViewHandl
return super.restoreView(facesContext, viewId);
}
+ public boolean isActivated()
+ {
+ return ClassDeactivation.isClassActivated(getClass());
+ }
+
//see EXTCDI-148 required if the mapped url is different from the final view-id
private String calculateViewId(FacesContext facesContext, String viewId)
{
Added: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityAwareViewHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityAwareViewHandler.java?rev=1078402&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityAwareViewHandler.java (added)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityAwareViewHandler.java Sun Mar 6 05:00:40 2011
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.jsf.impl.security;
+
+import org.apache.myfaces.extensions.cdi.core.api.Deactivatable;
+import org.apache.myfaces.extensions.cdi.core.api.config.view.ViewConfig;
+import org.apache.myfaces.extensions.cdi.core.api.provider.BeanManagerProvider;
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException;
+import org.apache.myfaces.extensions.cdi.core.impl.util.ClassDeactivation;
+import org.apache.myfaces.extensions.cdi.jsf.impl.config.view.ViewConfigCache;
+import org.apache.myfaces.extensions.cdi.jsf.impl.config.view.spi.ViewConfigEntry;
+import org.apache.myfaces.extensions.cdi.jsf.impl.util.SecurityUtils;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.faces.application.ViewHandler;
+import javax.faces.application.ViewHandlerWrapper;
+import javax.faces.component.UIViewRoot;
+import javax.faces.context.FacesContext;
+
+import static org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters;
+
+/**
+ * ATTENTION:
+ * add all new methods to {@link org.apache.myfaces.extensions.cdi.jsf.impl.CodiViewHandler}
+ *
+ * @author Gerhard Petracek
+ */
+public class SecurityAwareViewHandler extends ViewHandlerWrapper implements Deactivatable
+{
+ private ViewHandler wrapped;
+
+ private volatile BeanManager beanManager;
+
+ private final boolean deactivated;
+
+ public SecurityAwareViewHandler(ViewHandler wrapped)
+ {
+ this.wrapped = wrapped;
+ this.deactivated = !isActivated();
+ }
+
+ public ViewHandler getWrapped()
+ {
+ return this.wrapped;
+ }
+
+ @Override
+ public UIViewRoot createView(FacesContext context, String viewId)
+ {
+ UIViewRoot result = this.wrapped.createView(context, viewId);
+
+ if(this.deactivated)
+ {
+ return result;
+ }
+
+ try
+ {
+ ViewConfigEntry entry = ViewConfigCache.getViewDefinition(result.getViewId());
+
+ if(entry != null)
+ {
+ lazyInit();
+ invokeVoters(null, this.beanManager, entry.getAccessDecisionVoters(), entry.getErrorView());
+ }
+ }
+ catch (AccessDeniedException accessDeniedException)
+ {
+ Class<? extends ViewConfig> errorView = SecurityUtils.getErrorView(accessDeniedException);
+ return this.wrapped.createView(context, ViewConfigCache.getViewDefinition(errorView).getViewId());
+ }
+
+ return result;
+ }
+
+ private void lazyInit()
+ {
+ if(this.beanManager == null)
+ {
+ init();
+ }
+ }
+
+ private synchronized void init()
+ {
+ // switch into paranoia mode
+ if(this.beanManager == null)
+ {
+ this.beanManager = BeanManagerProvider.getInstance().getBeanManager();
+ }
+ }
+
+ public boolean isActivated()
+ {
+ return ClassDeactivation.isClassActivated(getClass());
+ }
+}
Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java?rev=1078402&r1=1078401&r2=1078402&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java Sun Mar 6 05:00:40 2011
@@ -47,8 +47,19 @@ public abstract class SecurityUtils
// prevent instantiation
}
+ public static Class<? extends ViewConfig> getErrorView(RuntimeException runtimeException)
+ {
+ return tryToHandleSecurityViolation(runtimeException, false);
+ }
+
public static void tryToHandleSecurityViolation(RuntimeException runtimeException)
{
+ tryToHandleSecurityViolation(runtimeException, true);
+ }
+
+ private static Class<? extends ViewConfig> tryToHandleSecurityViolation(RuntimeException runtimeException,
+ boolean allowNavigation)
+ {
AccessDeniedException exception = extractException(runtimeException);
if(exception == null)
@@ -80,7 +91,11 @@ public abstract class SecurityUtils
throw exception;
}
- processApplicationSecurityException(exception, errorView);
+ if(allowNavigation)
+ {
+ processApplicationSecurityException(exception, errorView);
+ }
+ return errorView;
}
private static AccessDeniedException extractException(Throwable exception)
Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/META-INF/faces-config.xml
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/META-INF/faces-config.xml?rev=1078402&r1=1078401&r2=1078402&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/META-INF/faces-config.xml (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/META-INF/faces-config.xml Sun Mar 6 05:00:40 2011
@@ -27,7 +27,7 @@
<action-listener>org.apache.myfaces.extensions.cdi.jsf.impl.listener.action.CodiActionListener</action-listener>
<navigation-handler>org.apache.myfaces.extensions.cdi.jsf.impl.navigation.CodiNavigationHandler</navigation-handler>
- <view-handler>org.apache.myfaces.extensions.cdi.jsf.impl.scope.conversation.WindowContextAwareViewHandler</view-handler>
+ <view-handler>org.apache.myfaces.extensions.cdi.jsf.impl.CodiViewHandler</view-handler>
</application>
<factory>
Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf20-module/impl/src/main/resources/META-INF/faces-config.xml
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf20-module/impl/src/main/resources/META-INF/faces-config.xml?rev=1078402&r1=1078401&r2=1078402&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf20-module/impl/src/main/resources/META-INF/faces-config.xml (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf20-module/impl/src/main/resources/META-INF/faces-config.xml Sun Mar 6 05:00:40 2011
@@ -28,7 +28,7 @@
<action-listener>org.apache.myfaces.extensions.cdi.jsf.impl.listener.action.CodiActionListener</action-listener>
<navigation-handler>org.apache.myfaces.extensions.cdi.jsf2.impl.navigation.CodiNavigationHandler</navigation-handler>
- <view-handler>org.apache.myfaces.extensions.cdi.jsf.impl.scope.conversation.WindowContextAwareViewHandler</view-handler>
+ <view-handler>org.apache.myfaces.extensions.cdi.jsf.impl.CodiViewHandler</view-handler>
<!-- currently not activated by default due to issues with specific jsf version -->
<!--system-event-listener>