All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.deltaspike.jsf.impl.util.SecurityUtils Maven / Gradle / Ivy

There is a newer version: 2.0.0
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.deltaspike.jsf.impl.util;

import org.apache.deltaspike.core.api.config.view.DefaultErrorView;
import org.apache.deltaspike.core.api.config.view.ViewConfig;
import org.apache.deltaspike.core.api.config.view.metadata.ConfigDescriptor;
import org.apache.deltaspike.core.api.config.view.metadata.ViewConfigDescriptor;
import org.apache.deltaspike.core.api.config.view.metadata.ViewConfigResolver;
import org.apache.deltaspike.core.api.provider.BeanProvider;
import org.apache.deltaspike.core.api.config.view.navigation.ViewNavigationHandler;
import org.apache.deltaspike.security.api.authorization.AccessDecisionState;
import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
import org.apache.deltaspike.security.api.authorization.ErrorViewAwareAccessDeniedException;
import org.apache.deltaspike.security.api.authorization.Secured;
import org.apache.deltaspike.security.api.authorization.SecurityViolation;
import org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext;
import org.apache.deltaspike.security.spi.authorization.SecurityViolationHandler;

import javax.enterprise.inject.Typed;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import java.lang.annotation.Annotation;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

@Typed()
public abstract class SecurityUtils
{
    public static void invokeVoters(EditableAccessDecisionVoterContext accessDecisionVoterContext,
                                    ConfigDescriptor viewConfigDescriptor)
    {
        if (viewConfigDescriptor == null)
        {
            return;
        }

        List securedMetaData = viewConfigDescriptor.getMetaData(Secured.class);

        if (securedMetaData.isEmpty())
        {
            return;
        }

        accessDecisionVoterContext.addMetaData(ViewConfig.class.getName(), viewConfigDescriptor.getConfigClass());
        for (Annotation viewMetaData : viewConfigDescriptor.getMetaData())
        {
            if (!viewMetaData.annotationType().equals(Secured.class))
            {
                accessDecisionVoterContext.addMetaData(viewMetaData.annotationType().getName(), viewMetaData);
            }
        }

        Secured.Descriptor securedDescriptor = viewConfigDescriptor
                .getExecutableCallbackDescriptor(Secured.class, Secured.Descriptor.class);

        AccessDecisionState voterState = AccessDecisionState.VOTE_IN_PROGRESS;
        try
        {
            accessDecisionVoterContext.setState(voterState);

            List> violations = securedDescriptor.execute(accessDecisionVoterContext);
            Set allViolations = createViolationResult(violations);

            if (!allViolations.isEmpty())
            {
                voterState = AccessDecisionState.VIOLATION_FOUND;
                for (SecurityViolation violation : allViolations)
                {
                    accessDecisionVoterContext.addViolation(violation);
                }

                Class errorView = securedMetaData.iterator().next().errorView();
                throw new ErrorViewAwareAccessDeniedException(allViolations, errorView);
            }
        }
        finally
        {
            if (AccessDecisionState.VOTE_IN_PROGRESS.equals(voterState))
            {
                voterState = AccessDecisionState.NO_VIOLATION_FOUND;
            }

            accessDecisionVoterContext.setState(voterState);
        }
    }

    private static Set createViolationResult(List> violations)
    {
        if (violations == null || violations.isEmpty())
        {
            return Collections.emptySet();
        }

        Set result = new HashSet();

        for (Set securityViolationSet : violations)
        {
            result.addAll(securityViolationSet);
        }
        return result;
    }

    /**
     * Processes a security violation without triggering the navigation to the error page
     *
     * @param exception current exception
     */
    public static void handleSecurityViolationWithoutNavigation(RuntimeException exception)
    {
        tryToHandleSecurityViolation(exception, false);
    }

    /**
     * Processes a security violation including the navigation to the error page
     *
     * @param exception current exception
     */
    public static void tryToHandleSecurityViolation(RuntimeException exception)
    {
        tryToHandleSecurityViolation(exception, true);
    }

    private static void tryToHandleSecurityViolation(RuntimeException runtimeException,
                                                     boolean allowNavigation)
    {
        ErrorViewAwareAccessDeniedException exception = extractException(runtimeException);

        if (exception == null)
        {
            throw runtimeException;
        }

        Class errorView = null;

        Class inlineErrorView = exception.getErrorView();

        if (inlineErrorView != null && !DefaultErrorView.class.getName().equals(inlineErrorView.getName()))
        {
            errorView = inlineErrorView;
        }

        if (errorView == null)
        {
            ViewConfigResolver viewConfigResolver = BeanProvider.getContextualReference(ViewConfigResolver.class);
            ViewConfigDescriptor errorPageDescriptor = viewConfigResolver.getDefaultErrorViewConfigDescriptor();

            if (errorPageDescriptor != null)
            {
                errorView = errorPageDescriptor.getConfigClass();
            }
        }

        if (errorView == null && allowNavigation)
        {
            throw exception;
        }

        processApplicationSecurityException(exception, errorView, allowNavigation);
    }

    private static ErrorViewAwareAccessDeniedException extractException(Throwable exception)
    {
        if (exception == null)
        {
            return null;
        }

        if (exception instanceof ErrorViewAwareAccessDeniedException)
        {
            return (ErrorViewAwareAccessDeniedException) exception;
        }

        return extractException(exception.getCause());
    }

    private static void processApplicationSecurityException(AccessDeniedException exception,
                                                            Class errorView,
                                                            boolean allowNavigation)
    {
        SecurityViolationHandler securityViolationHandler =
                BeanProvider.getContextualReference(SecurityViolationHandler.class, true);

        if (securityViolationHandler != null)
        {
            //optional (custom handler) - allows to handle custom implementations of SecurityViolation
            securityViolationHandler.processSecurityViolations(exception.getViolations());
        }
        else
        {
            addViolationsAsMessage(exception.getViolations());
        }

        if (allowNavigation)
        {
            BeanProvider.getContextualReference(ViewNavigationHandler.class).navigateTo(errorView);
        }
    }

    private static void addViolationsAsMessage(Set violations)
    {
        String message;
        for (SecurityViolation violation : violations)
        {
            //TODO discuss it (with CODI handling such messages was easier)
            message = violation.getReason();

            if (!isMessageAddedAlready(message))
            {
                FacesMessage facesMessage = new FacesMessage(FacesMessage.SEVERITY_ERROR, message, message);
                FacesContext.getCurrentInstance().addMessage(null, facesMessage);
            }
        }
    }

    private static boolean isMessageAddedAlready(String message)
    {
        FacesContext facesContext = FacesContext.getCurrentInstance();

        if (facesContext == null || message == null)
        {
            return false;
        }

        List existingMessages = facesContext.getMessageList();

        if (existingMessages == null)
        {
            return false;
        }

        for (FacesMessage facesMessage : existingMessages)
        {
            if (message.equals(facesMessage.getSummary()))
            {
                return true;
            }
        }
        return false;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy