public void checkAccessRestrictionForRequestedView(Navigator navigator) {
    final View targetView = viewProvider.getView(navigator.getState());

    if (targetView != null) {
      final Collection<ConfigAttribute> attributes =
          new SecuredAnnotationSecurityMetadataSource()
              .getAttributes(
                  new SimpleMethodInvocation(
                      targetView,
                      ReflectionUtils.findMethod(
                          View.class, "enter", ViewChangeListener.ViewChangeEvent.class)));
      try {
        accessDecisionManager.decide(
            SecurityContextHolder.getContext().getAuthentication(), targetView, attributes);
      } catch (AccessDeniedException adExc) {
        // must be ignored as this exception is already handled in the AccessDecisionManager
      }
    }
  }
Beispiel #2
0
  @Override
  protected void init(VaadinRequest request) {
    setLocale(Locale.ENGLISH);
    // Let's register a custom error handler to make the 'access denied' messages a bit friendlier.
    setErrorHandler(
        new DefaultErrorHandler() {
          @Override
          public void error(com.vaadin.server.ErrorEvent event) {
            if (SecurityExceptionUtils.isAccessDeniedException(event.getThrowable())) {
              Notification.show("Sorry, you don't have access to do that.");
            } else {
              super.error(event);
            }
          }
        });

    VerticalLayout layout = new VerticalLayout();
    Panel viewContent = new Panel();
    MenuBar menu = new MenuBar();
    menu.addStyleName("navigation-menu");

    layout.addComponents(menu, viewContent);
    layout.setSizeFull();
    viewContent.setSizeFull();
    layout.setExpandRatio(viewContent, 1);

    menu.addItem("Trading Area", e -> onDashboardClicked());
    menu.addItem("Users", e -> onCustomersClicked());

    navigator = new Navigator(this, viewContent);
    springViewProvider.setAccessDeniedViewClass(AccessDeniedView.class);
    navigator.addProvider(springViewProvider);
    navigator.setErrorView(ErrorView.class);
    setContent(layout);
    String state = navigator.getState();
    if (state != null && !state.isEmpty()) {
      navigator.navigateTo(state);
    } else {
      navigator.navigateTo(TradingAreaView.NAME);
    }
  }