[
https://issues.apache.org/jira/browse/DELTASPIKE-675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14070769#comment-14070769
]
Gerhard Petracek edited comment on DELTASPIKE-675 at 7/22/14 7:41 PM:
----------------------------------------------------------------------
it works already, if you use @SessionScoped or @WindowScoped for
AdminAccessDecisionVoter and store the denied page on your own.
changed code:
{code}
@SessionScoped //or @WindowScoped
public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {
@Inject
private ViewConfigResolver viewConfigResolver;
private Class<? extends ViewConfig> deniedPage = Pages.Home.class;
@Override
protected void checkPermission(AccessDecisionVoterContext context,
Set<SecurityViolation> violations) {
AuthorizationChecker authorizationChecker =
BeanProvider.getContextualReference(AuthorizationChecker.class);
boolean loggedIn = authorizationChecker.isLoggedIn();
if(loggedIn) {
//...
} else {
violations.add(/*...*/);
deniedPage = viewConfigResolver.getViewConfigDescriptor(
FacesContext.getCurrentInstance().getViewRoot().getViewId()).getConfigClass();
}
}
public Class<? extends ViewConfig> getDeniedPage() {
try {
return deniedPage;
} finally {
deniedPage = Pages.Home.class;
}
}
}
{code}
and in AuthenticationListener you inject AdminAccessDecisionVoter
->
{code}
public void handleLoggedIn(@Observes LoggedInEvent event) {
this.viewNavigationHandler.navigateTo(adminAccessDecisionVoter.getDeniedPage());
}
{code}
adding the information to AccessDecisionVoterContext wouldn't help a lot imo.
however, it's a nice use-case and we should add it to the documentation.
was (Author: gpetracek):
it works already, if you use @SessionScoped or @WindowScoped for
AdminAccessDecisionVoter and store the denied page on your own.
changed code:
{code}
@SessionScoped //or @WindowScoped
public class AdminAccessDecisionVoter extends AbstractAccessDecisionVoter {
@Inject
private ViewConfigResolver viewConfigResolver;
private Class<? extends ViewConfig> deniedPage = Pages.Home.class;
@Override
protected void checkPermission(AccessDecisionVoterContext context,
Set<SecurityViolation> violations) {
AuthorizationChecker authorizationChecker =
BeanProvider.getContextualReference(AuthorizationChecker.class);
boolean loggedIn = authorizationChecker.isLoggedIn();
if(loggedIn){
//...
} else {
violations.add(/*...*/);
deniedPage = viewConfigResolver.getViewConfigDescriptor(
FacesContext.getCurrentInstance().getViewRoot().getViewId()).getConfigClass();
}
}
public Class<? extends ViewConfig> getDeniedPage() {
try {
return deniedPage;
} finally {
deniedPage = Pages.Home.class;
}
}
}
{code}
and in AuthenticationListener you inject AdminAccessDecisionVoter
->
{code}
public void handleLoggedIn(@Observes LoggedInEvent event) {
this.viewNavigationHandler.navigateTo(adminAccessDecisionVoter.getDeniedPage());
}
{code}
adding the information to AccessDecisionVoterContext wouldn't help a lot imo.
however, it's a nice use-case and we should add it to the documentation.
> Make intitially requested and secured page available for redirect after login
> -----------------------------------------------------------------------------
>
> Key: DELTASPIKE-675
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-675
> Project: DeltaSpike
> Issue Type: Improvement
> Components: Security-Module
> Affects Versions: 1.0.1
> Reporter: Werner Gaulke
> Assignee: Gerhard Petracek
> Priority: Minor
>
> h2. Situation
> DeltaSpike combined with PicketLink for security handling (users and roles).
> Custom AccessdecisionVoter to check, whether the user is allowed to access a
> page (by Secured Annotation in ViewConfig).
> DS-Security intercept access to this page and redirects to the login. After
> the login it would be nice to redirect the user to the initially requested
> page.
> Generally this problem is independend of the used security framework, in this
> case though PicketLink is used.
> Reference to mailing list:
> http://mail-archives.apache.org/mod_mbox/deltaspike-users/201407.mbox/%[email protected]%3E
> h2. Idea for the solution
> Make requested page avaiable in AccessDecisionVoterContext and let the app
> handle the redirect after login. I think this could be done in SecurityUtils.
> h2. Example
> Attached you will find a minimal JSF/DS/PL application which uses a in memory
> database. Start the application in JBOSS Wildfly and access it.
> You can now click on "Admin Area" in the main-menu and DS will redirect you
> to the login form. After login a LoggedIn Event by PL is fired.
> A redirect to the requested page is desired.
> https://www.dropbox.com/s/7k59jp1ka4xeez2/ds-pl-minimal.zip
--
This message was sent by Atlassian JIRA
(v6.2#6252)
