myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gpetra...@apache.org
Subject svn commit: r1078402 - in /myfaces/extensions/cdi/trunk/jee-modules: jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/ jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/ jsf-module/impl/src/main...
Date Sun, 06 Mar 2011 05:00:40 GMT
Author: gpetracek
Date: Sun Mar  6 05:00:40 2011
New Revision: 1078402

URL: http://svn.apache.org/viewvc?rev=1078402&view=rev
Log:
EXTCDI-149 first draft

Added:
    myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/CodiViewHandler.java
    myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityAwareViewHandler.java
Modified:
    myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/ViewConfigAwareNavigationHandler.java
    myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/WindowContextAwareViewHandler.java
    myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java
    myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/META-INF/faces-config.xml
    myfaces/extensions/cdi/trunk/jee-modules/jsf20-module/impl/src/main/resources/META-INF/faces-config.xml

Added: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/CodiViewHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/CodiViewHandler.java?rev=1078402&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/CodiViewHandler.java
(added)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/CodiViewHandler.java
Sun Mar  6 05:00:40 2011
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.jsf.impl;
+
+import org.apache.myfaces.extensions.cdi.core.api.Deactivatable;
+import org.apache.myfaces.extensions.cdi.core.impl.util.ClassDeactivation;
+import org.apache.myfaces.extensions.cdi.jsf.impl.scope.conversation.WindowContextAwareViewHandler;
+import org.apache.myfaces.extensions.cdi.jsf.impl.security.SecurityAwareViewHandler;
+
+import javax.faces.application.ViewHandler;
+import javax.faces.application.ViewHandlerWrapper;
+import javax.faces.component.UIViewRoot;
+import javax.faces.context.FacesContext;
+
+/**
+ * Allows a better performance and a fine-grained deactivation of the sub-view handlers
+ * btw. extending them or a stand-alone usage.
+ *
+ * @author Gerhard Petracek
+ */
+public class CodiViewHandler extends ViewHandlerWrapper implements Deactivatable
+{
+    private ViewHandler wrapped;
+
+    private ViewHandler windowContextAwareViewHandler;
+
+    private ViewHandler securityAwareViewHandler;
+
+    public CodiViewHandler(ViewHandler wrapped)
+    {
+        this.wrapped = wrapped;
+        if(isActivated())
+        {
+            this.windowContextAwareViewHandler = new WindowContextAwareViewHandler(this.wrapped);
+            this.securityAwareViewHandler = new SecurityAwareViewHandler(this.wrapped);
+        }
+    }
+
+    @Override
+    public UIViewRoot createView(FacesContext facesContext, String viewId)
+    {
+        if(this.securityAwareViewHandler == null)
+        {
+            return this.wrapped.createView(facesContext, viewId);
+        }
+        return this.securityAwareViewHandler.createView(facesContext, viewId);
+    }
+
+    @Override
+    public String getActionURL(FacesContext facesContext, String viewId)
+    {
+        if(this.windowContextAwareViewHandler == null)
+        {
+            return this.wrapped.getActionURL(facesContext, viewId);
+        }
+        //TODO add security check (deactivated per default)
+        return this.windowContextAwareViewHandler.getActionURL(facesContext, viewId);
+    }
+
+    @Override
+    public UIViewRoot restoreView(FacesContext facesContext, String viewId)
+    {
+        if(this.windowContextAwareViewHandler == null)
+        {
+            return this.wrapped.restoreView(facesContext, viewId);
+        }
+        return this.windowContextAwareViewHandler.restoreView(facesContext, viewId);
+    }
+
+    public ViewHandler getWrapped()
+    {
+        return this.wrapped;
+    }
+
+    public boolean isActivated()
+    {
+        return ClassDeactivation.isClassActivated(getClass());
+    }
+}

Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/ViewConfigAwareNavigationHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/ViewConfigAwareNavigationHandler.java?rev=1078402&r1=1078401&r2=1078402&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/ViewConfigAwareNavigationHandler.java
(original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/navigation/ViewConfigAwareNavigationHandler.java
Sun Mar  6 05:00:40 2011
@@ -22,15 +22,12 @@ import static org.apache.myfaces.extensi
 
 import org.apache.myfaces.extensions.cdi.core.api.config.view.DefaultErrorView;
 import org.apache.myfaces.extensions.cdi.core.api.config.view.ViewConfig;
-import org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException;
 import org.apache.myfaces.extensions.cdi.core.api.provider.BeanManagerProvider;
-import static org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters;
 import org.apache.myfaces.extensions.cdi.jsf.api.config.view.Page.NavigationMode;
 import org.apache.myfaces.extensions.cdi.core.api.navigation.PreViewConfigNavigateEvent;
 import org.apache.myfaces.extensions.cdi.jsf.api.config.view.Page;
 import org.apache.myfaces.extensions.cdi.jsf.impl.config.view.ViewConfigCache;
 import org.apache.myfaces.extensions.cdi.jsf.impl.config.view.spi.ViewConfigEntry;
-import static org.apache.myfaces.extensions.cdi.jsf.impl.util.SecurityUtils.tryToHandleSecurityViolation;
 
 import org.apache.myfaces.extensions.cdi.jsf.impl.util.JsfUtils;
 
@@ -66,6 +63,7 @@ public class ViewConfigAwareNavigationHa
         this.delegateCall = delegateCall;
     }
 
+    //Security checks will be performed by the view-handler provided by codi
     @Override
     public void handleNavigation(FacesContext facesContext, String fromAction, String outcome)
     {
@@ -109,17 +107,6 @@ public class ViewConfigAwareNavigationHa
 
                 if(entry != null)
                 {
-                    //security
-                    try
-                    {
-                        invokeVoters(null, this.beanManager, entry.getAccessDecisionVoters(),
entry.getErrorView());
-                    }
-                    catch (AccessDeniedException accessDeniedException)
-                    {
-                        tryToHandleSecurityViolation(accessDeniedException);
-                        return;
-                    }
-
                     this.viewConfigs.put(outcome, entry);
 
                     PreViewConfigNavigateEvent navigateEvent = firePreViewConfigNavigateEvent(oldViewId,
entry);
@@ -142,27 +129,6 @@ public class ViewConfigAwareNavigationHa
             }
         }
 
-        handleStandardNavigation(facesContext, fromAction, outcome);
-    }
-
-    private void handleStandardNavigation(FacesContext facesContext, String fromAction, String
outcome)
-    {
-        //security
-        try
-        {
-            ViewConfigEntry entry = ViewConfigCache.getViewDefinition(facesContext.getViewRoot().getViewId());
-
-            if(entry != null)
-            {
-                invokeVoters(null, this.beanManager, entry.getAccessDecisionVoters(), entry.getErrorView());
-            }
-        }
-        catch (AccessDeniedException accessDeniedException)
-        {
-            tryToHandleSecurityViolation(accessDeniedException);
-            return;
-        }
-
         this.navigationHandler.handleNavigation(facesContext, fromAction, outcome);
     }
 

Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/WindowContextAwareViewHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/WindowContextAwareViewHandler.java?rev=1078402&r1=1078401&r2=1078402&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/WindowContextAwareViewHandler.java
(original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/WindowContextAwareViewHandler.java
Sun Mar  6 05:00:40 2011
@@ -32,6 +32,9 @@ import javax.faces.context.FacesContext;
 import javax.faces.component.UIViewRoot;
 
 /**
+ * ATTENTION:
+ * add all new methods to {@link org.apache.myfaces.extensions.cdi.jsf.impl.CodiViewHandler}
+ *
  * @author Gerhard Petracek
  */
 public class WindowContextAwareViewHandler extends ViewHandlerWrapper implements Deactivatable
@@ -56,8 +59,6 @@ public class WindowContextAwareViewHandl
     @Override
     public String getActionURL(FacesContext context, String viewId)
     {
-        lazyInit();
-
         String url = this.wrapped.getActionURL(context, viewId);
 
         if(this.deactivated)
@@ -65,6 +66,8 @@ public class WindowContextAwareViewHandl
             return url;
         }
 
+        lazyInit();
+
         url = this.windowHandler.encodeURL(url);
         return url;
     }
@@ -86,11 +89,6 @@ public class WindowContextAwareViewHandl
         }
     }
 
-    public boolean isActivated()
-    {
-        return ClassDeactivation.isClassActivated(getClass());
-    }
-
     @Override
     public UIViewRoot restoreView(FacesContext facesContext, String viewId)
     {
@@ -113,6 +111,11 @@ public class WindowContextAwareViewHandl
         return super.restoreView(facesContext, viewId);
     }
 
+    public boolean isActivated()
+    {
+        return ClassDeactivation.isClassActivated(getClass());
+    }
+
     //see EXTCDI-148 required if the mapped url is different from the final view-id
     private String calculateViewId(FacesContext facesContext, String viewId)
     {

Added: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityAwareViewHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityAwareViewHandler.java?rev=1078402&view=auto
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityAwareViewHandler.java
(added)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityAwareViewHandler.java
Sun Mar  6 05:00:40 2011
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.extensions.cdi.jsf.impl.security;
+
+import org.apache.myfaces.extensions.cdi.core.api.Deactivatable;
+import org.apache.myfaces.extensions.cdi.core.api.config.view.ViewConfig;
+import org.apache.myfaces.extensions.cdi.core.api.provider.BeanManagerProvider;
+import org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException;
+import org.apache.myfaces.extensions.cdi.core.impl.util.ClassDeactivation;
+import org.apache.myfaces.extensions.cdi.jsf.impl.config.view.ViewConfigCache;
+import org.apache.myfaces.extensions.cdi.jsf.impl.config.view.spi.ViewConfigEntry;
+import org.apache.myfaces.extensions.cdi.jsf.impl.util.SecurityUtils;
+
+import javax.enterprise.inject.spi.BeanManager;
+import javax.faces.application.ViewHandler;
+import javax.faces.application.ViewHandlerWrapper;
+import javax.faces.component.UIViewRoot;
+import javax.faces.context.FacesContext;
+
+import static org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters;
+
+/**
+ * ATTENTION:
+ * add all new methods to {@link org.apache.myfaces.extensions.cdi.jsf.impl.CodiViewHandler}
+ *
+ * @author Gerhard Petracek
+ */
+public class SecurityAwareViewHandler extends ViewHandlerWrapper implements Deactivatable
+{
+    private ViewHandler wrapped;
+
+    private volatile BeanManager beanManager;
+
+    private final boolean deactivated;
+
+    public SecurityAwareViewHandler(ViewHandler wrapped)
+    {
+        this.wrapped = wrapped;
+        this.deactivated = !isActivated();
+    }
+
+    public ViewHandler getWrapped()
+    {
+        return this.wrapped;
+    }
+
+    @Override
+    public UIViewRoot createView(FacesContext context, String viewId)
+    {
+        UIViewRoot result = this.wrapped.createView(context, viewId);
+
+        if(this.deactivated)
+        {
+            return result;
+        }
+
+        try
+        {
+            ViewConfigEntry entry = ViewConfigCache.getViewDefinition(result.getViewId());
+
+            if(entry != null)
+            {
+                lazyInit();
+                invokeVoters(null, this.beanManager, entry.getAccessDecisionVoters(), entry.getErrorView());
+            }
+        }
+        catch (AccessDeniedException accessDeniedException)
+        {
+            Class<? extends ViewConfig> errorView = SecurityUtils.getErrorView(accessDeniedException);
+            return this.wrapped.createView(context, ViewConfigCache.getViewDefinition(errorView).getViewId());
+        }
+
+        return result;
+    }
+
+    private void lazyInit()
+    {
+        if(this.beanManager == null)
+        {
+            init();
+        }
+    }
+
+    private synchronized void init()
+    {
+        // switch into paranoia mode
+        if(this.beanManager == null)
+        {
+            this.beanManager = BeanManagerProvider.getInstance().getBeanManager();
+        }
+    }
+
+    public boolean isActivated()
+    {
+        return ClassDeactivation.isClassActivated(getClass());
+    }
+}

Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java?rev=1078402&r1=1078401&r2=1078402&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java
(original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/util/SecurityUtils.java
Sun Mar  6 05:00:40 2011
@@ -47,8 +47,19 @@ public abstract class SecurityUtils
         // prevent instantiation
     }
 
+    public static Class<? extends ViewConfig> getErrorView(RuntimeException runtimeException)
+    {
+        return tryToHandleSecurityViolation(runtimeException, false);
+    }
+
     public static void tryToHandleSecurityViolation(RuntimeException runtimeException)
     {
+        tryToHandleSecurityViolation(runtimeException, true);
+    }
+
+    private static Class<? extends ViewConfig> tryToHandleSecurityViolation(RuntimeException
runtimeException,
+                                                                            boolean allowNavigation)
+    {
         AccessDeniedException exception = extractException(runtimeException);
 
         if(exception == null)
@@ -80,7 +91,11 @@ public abstract class SecurityUtils
             throw exception;
         }
 
-        processApplicationSecurityException(exception, errorView);
+        if(allowNavigation)
+        {
+            processApplicationSecurityException(exception, errorView);
+        }
+        return errorView;
     }
 
     private static AccessDeniedException extractException(Throwable exception)

Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/META-INF/faces-config.xml
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/META-INF/faces-config.xml?rev=1078402&r1=1078401&r2=1078402&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/META-INF/faces-config.xml
(original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/META-INF/faces-config.xml
Sun Mar  6 05:00:40 2011
@@ -27,7 +27,7 @@
         <action-listener>org.apache.myfaces.extensions.cdi.jsf.impl.listener.action.CodiActionListener</action-listener>
         <navigation-handler>org.apache.myfaces.extensions.cdi.jsf.impl.navigation.CodiNavigationHandler</navigation-handler>
 
-        <view-handler>org.apache.myfaces.extensions.cdi.jsf.impl.scope.conversation.WindowContextAwareViewHandler</view-handler>
+        <view-handler>org.apache.myfaces.extensions.cdi.jsf.impl.CodiViewHandler</view-handler>
     </application>
 
     <factory>

Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf20-module/impl/src/main/resources/META-INF/faces-config.xml
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf20-module/impl/src/main/resources/META-INF/faces-config.xml?rev=1078402&r1=1078401&r2=1078402&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf20-module/impl/src/main/resources/META-INF/faces-config.xml
(original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf20-module/impl/src/main/resources/META-INF/faces-config.xml
Sun Mar  6 05:00:40 2011
@@ -28,7 +28,7 @@
         <action-listener>org.apache.myfaces.extensions.cdi.jsf.impl.listener.action.CodiActionListener</action-listener>
         <navigation-handler>org.apache.myfaces.extensions.cdi.jsf2.impl.navigation.CodiNavigationHandler</navigation-handler>
 
-        <view-handler>org.apache.myfaces.extensions.cdi.jsf.impl.scope.conversation.WindowContextAwareViewHandler</view-handler>
+        <view-handler>org.apache.myfaces.extensions.cdi.jsf.impl.CodiViewHandler</view-handler>
 
         <!-- currently not activated by default due to issues with specific jsf version
-->
         <!--system-event-listener>



Mime
View raw message