svn commit: r918381 - in /websites/staging/deltaspike/trunk/content: ./ security.html

[bu...@apache.org]

Author: buildbot
Date: Mon Aug  4 16:38:58 2014
New Revision: 918381

Log:
Staging update by buildbot for deltaspike

Modified:
    websites/staging/deltaspike/trunk/content/   (props changed)
    websites/staging/deltaspike/trunk/content/security.html

Propchange: websites/staging/deltaspike/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Aug  4 16:38:58 2014
@@ -1 +1 @@
-1614776
+1615659

Modified: websites/staging/deltaspike/trunk/content/security.html
==============================================================================
--- websites/staging/deltaspike/trunk/content/security.html (original)
+++ websites/staging/deltaspike/trunk/content/security.html Mon Aug  4 16:38:58 2014
@@ -106,6 +106,11 @@ Notice:    Licensed to the Apache Softwa
 <li><a href="#secured-and-stereotypes-with-custom-meta-data">@Secured and Stereotypes with custom Meta-data</a></li>
 </ul>
 </li>
+<li><a href="#making-intitially-requested-and-secured-page-available-for-redirect-after-login">Making intitially requested and secured page available for redirect after login</a><ul>
+<li><a href="#cdi-implementation-to-redirect-the-login-to-the-first-denied-page">CDI Implementation to redirect the login to the first denied page</a></li>
+<li><a href="#picketlink-implementation-to-redirect-the-login-to-the-first-denied-page">PicketLink Implementation to redirect the login to the first denied page</a></li>
+</ul>
+</li>
 <li><a href="#accessdecisionvotercontext">AccessDecisionVoterContext</a><ul>
 <li><a href="#securitystrategy-spi">SecurityStrategy SPI</a></li>
 </ul>
@@ -365,6 +370,135 @@ It's a basic hook to integrate a custom 
 </pre></div>
 
 
+<h1 id="making-intitially-requested-and-secured-page-available-for-redirect-after-login">Making intitially requested and secured page available for redirect after login</h1>
+<p>DeltaSpike can be combined with pure CDI or with any other security frameworks (like PicketLink) to track the denied page and make it available after user logs in.</p>
+<h2 id="cdi-implementation-to-redirect-the-login-to-the-first-denied-page">CDI Implementation to redirect the login to the first denied page</h2>
+<ol>
+<li>
+<p>Your LoginService will fire a custom <code>UserLoggedInEvent</code></p>
+<p>:::java
+public class LoginService implements Serializable {</p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span>
+<span class="n">private</span> <span class="n">Event</span><span class="o">&lt;</span><span class="n">UserLoggedInEvent</span><span class="o">&gt;</span> <span class="n">userLoggedInEvent</span><span class="p">;</span>
+
+<span class="n">public</span> <span class="n">Usuario</span> <span class="n">login</span><span class="p">(</span><span class="n">String</span> <span class="n">username</span><span class="p">,</span> <span class="n">char</span><span class="p">[]</span> <span class="n">password</span><span class="p">)</span> <span class="p">{</span>
+    <span class="o">//</span><span class="n">do</span> <span class="n">the</span> <span class="n">loggin</span> <span class="n">process</span>
+    <span class="n">userLoggedInEvent</span><span class="p">.</span><span class="n">fire</span><span class="p">(</span><span class="n">new</span> <span class="n">UserLoggedInEvent</span><span class="p">());</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<p>}</p>
+</li>
+<li>
+<p>Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.</p>
+<p>:::java
+@SessionScoped //or @WindowScoped
+public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {</p>
+<div class="codehilite"><pre><span class="err">@</span><span class="nx">Inject</span>
+<span class="kr">private</span> <span class="nx">ViewConfigResolver</span> <span class="nx">viewConfigResolver</span><span class="p">;</span>
+
+<span class="kr">private</span> <span class="nx">Class</span><span class="cp">&lt;?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span class="o">&gt;</span> <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">Pages</span><span class="o">.</span><span class="nx">Home</span><span class="o">.</span><span class="nx">class</span><span class="p">;</span>
+
+<span class="o">@</span><span class="nx">Override</span>
+<span class="k">protected</span> <span class="nx">void</span> <span class="nx">checkPermission</span><span class="p">(</span><span class="nx">AccessDecisionVoterContext</span> <span class="nx">context</span><span class="p">,</span> <span class="nx">Set</span><span class="o">&lt;</span><span class="nx">SecurityViolation</span><span class="o">&gt;</span> <span class="nx">violations</span><span class="p">)</span> <span class="p">{</span>
+    <span class="k">if</span><span class="p">(</span><span class="nx">loggedIn</span><span class="p">)</span> <span class="p">{</span>
+        <span class="c1">//...</span>
+    <span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
+        <span class="nx">violations</span><span class="o">.</span><span class="nx">add</span><span class="p">(</span><span class="cm">/*...*/</span><span class="p">);</span>
+        <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">viewConfigResolver</span><span class="o">.</span><span class="nx">getViewConfigDescriptor</span><span class="p">(</span><span class="nx">FacesContext</span><span class="o">.</span><span class="nx">getCurrentInstance</span><span class="p">()</span><span class="o">.</span><span class="nx">getViewRoot</span><span class="p">()</span><span class="o">.</span><span class="nx">getViewId</span><span class="p">())</span><span class="o">.</span><span class="nx">getConfigClass</span><span class="p">();</span>
+    <span class="p">}</span>
+<span class="p">}</span>
+
+<span class="k">public</span> <span class="nx">Class</span><span class="o">&lt;?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span class="o">&gt;</span> <span class="nx">getDeniedPage</span><span class="p">()</span> <span class="p">{</span>
+    <span class="k">try</span> <span class="p">{</span>
+        <span class="k">return</span> <span class="nx">deniedPage</span><span class="p">;</span>
+    <span class="p">}</span> <span class="nx">finally</span> <span class="p">{</span>
+        <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">Pages</span><span class="o">.</span><span class="nx">Home</span><span class="o">.</span><span class="nx">class</span><span class="p">;</span>
+    <span class="p">}</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<p>}</p>
+</li>
+<li>
+<p>And in AuthenticationListener you inject AdminAccessDecisionVoter    </p>
+<p>:::java
+public class AuthenticationListener {</p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span>
+<span class="n">private</span> <span class="n">ViewNavigationHandler</span> <span class="n">viewNavigationHandler</span><span class="p">;</span>
+
+<span class="p">@</span><span class="n">Inject</span>
+<span class="n">private</span> <span class="n">AdminAccessDecisionVoter</span> <span class="n">adminAccessDecisionVoter</span><span class="p">;</span>
+
+<span class="n">public</span> <span class="n">void</span> <span class="n">handleLoggedIn</span><span class="p">(@</span><span class="n">Observes</span> <span class="n">UserLoggedInEvent</span> <span class="n">event</span><span class="p">)</span> <span class="p">{</span>
+    <span class="n">this</span><span class="p">.</span><span class="n">viewNavigationHandler</span><span class="p">.</span><span class="n">navigateTo</span><span class="p">(</span><span class="n">adminAccessDecisionVoter</span><span class="p">.</span><span class="n">getDeniedPage</span><span class="p">());</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<p>}</p>
+</li>
+</ol>
+<h2 id="picketlink-implementation-to-redirect-the-login-to-the-first-denied-page">PicketLink Implementation to redirect the login to the first denied page</h2>
+<p>Once that PicketLink handles the authentication for you, you only need to store the denied page and observe PicketLink <code>LoggedInEvent</code> to redirect you back to the denied page.</p>
+<ol>
+<li>
+<p>Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.</p>
+<p>:::java
+@SessionScoped //or @WindowScoped
+public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {</p>
+<div class="codehilite"><pre><span class="err">@</span><span class="nx">Inject</span>
+<span class="kr">private</span> <span class="nx">ViewConfigResolver</span> <span class="nx">viewConfigResolver</span><span class="p">;</span>
+
+<span class="kr">private</span> <span class="nx">Class</span><span class="cp">&lt;?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span class="o">&gt;</span> <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">Pages</span><span class="o">.</span><span class="nx">Home</span><span class="o">.</span><span class="nx">class</span><span class="p">;</span>
+
+<span class="o">@</span><span class="nx">Override</span>
+<span class="k">protected</span> <span class="nx">void</span> <span class="nx">checkPermission</span><span class="p">(</span><span class="nx">AccessDecisionVoterContext</span> <span class="nx">context</span><span class="p">,</span> <span class="nx">Set</span><span class="o">&lt;</span><span class="nx">SecurityViolation</span><span class="o">&gt;</span> <span class="nx">violations</span><span class="p">)</span> <span class="p">{</span>
+
+    <span class="nx">AuthorizationChecker</span> <span class="nx">authorizationChecker</span> <span class="o">=</span> <span class="nx">BeanProvider</span><span class="o">.</span><span class="nx">getContextualReference</span><span class="p">(</span><span class="nx">AuthorizationChecker</span><span class="o">.</span><span class="nx">class</span><span class="p">);</span>
+    <span class="nx">boolean</span> <span class="nx">loggedIn</span> <span class="o">=</span> <span class="nx">authorizationChecker</span><span class="o">.</span><span class="nx">isLoggedIn</span><span class="p">();</span>
+
+    <span class="k">if</span><span class="p">(</span><span class="nx">loggedIn</span><span class="p">)</span> <span class="p">{</span>
+        <span class="c1">//...</span>
+    <span class="p">}</span> <span class="k">else</span> <span class="p">{</span>
+        <span class="nx">violations</span><span class="o">.</span><span class="nx">add</span><span class="p">(</span><span class="cm">/*...*/</span><span class="p">);</span>
+        <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">viewConfigResolver</span><span class="o">.</span><span class="nx">getViewConfigDescriptor</span><span class="p">(</span><span class="nx">FacesContext</span><span class="o">.</span><span class="nx">getCurrentInstance</span><span class="p">()</span><span class="o">.</span><span class="nx">getViewRoot</span><span class="p">()</span><span class="o">.</span><span class="nx">getViewId</span><span class="p">())</span><span class="o">.</span><span class="nx">getConfigClass</span><span class="p">();</span>
+    <span class="p">}</span>
+<span class="p">}</span>
+
+<span class="k">public</span> <span class="nx">Class</span><span class="o">&lt;?</span> <span class="k">extends</span> <span class="nx">ViewConfig</span><span class="o">&gt;</span> <span class="nx">getDeniedPage</span><span class="p">()</span> <span class="p">{</span>
+    <span class="k">try</span> <span class="p">{</span>
+        <span class="k">return</span> <span class="nx">deniedPage</span><span class="p">;</span>
+    <span class="p">}</span> <span class="nx">finally</span> <span class="p">{</span>
+        <span class="nx">deniedPage</span> <span class="o">=</span> <span class="nx">Pages</span><span class="o">.</span><span class="nx">Home</span><span class="o">.</span><span class="nx">class</span><span class="p">;</span>
+    <span class="p">}</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<p>}</p>
+</li>
+<li>
+<p>And in AuthenticationListener you inject AdminAccessDecisionVoter    </p>
+<p>:::java
+public class AuthenticationListener {</p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span>
+<span class="n">private</span> <span class="n">ViewNavigationHandler</span> <span class="n">viewNavigationHandler</span><span class="p">;</span>
+
+<span class="p">@</span><span class="n">Inject</span>
+<span class="n">private</span> <span class="n">AdminAccessDecisionVoter</span> <span class="n">adminAccessDecisionVoter</span><span class="p">;</span>
+
+<span class="n">public</span> <span class="n">void</span> <span class="n">handleLoggedIn</span><span class="p">(@</span><span class="n">Observes</span> <span class="n">LoggedInEvent</span> <span class="n">event</span><span class="p">)</span> <span class="p">{</span>
+    <span class="n">this</span><span class="p">.</span><span class="n">viewNavigationHandler</span><span class="p">.</span><span class="n">navigateTo</span><span class="p">(</span><span class="n">adminAccessDecisionVoter</span><span class="p">.</span><span class="n">getDeniedPage</span><span class="p">());</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<p>}    </p>
+</li>
+</ol>
 <h1 id="accessdecisionvotercontext">AccessDecisionVoterContext</h1>
 <p>Because the <code>AccessDecisionVoter</code> can be chained, <code>AccessDecisionVoterContext</code> allows to get the current state as well as the results of the security check.</p>
 <p>There are several methods that can be useful</p>