/**
* Get the default phases at which restrictions should be applied, by looking for
* a @RestrictAtPhase on a matching @ViewPattern, falling back on global defaults if none are
* found
*
* @param viewId
* @return default phases for a view
*/
public PhaseIdType[] getDefaultPhases(String viewId) {
PhaseIdType[] defaultPhases = null;
RestrictAtPhase restrictAtPhase =
viewConfigStore.getAnnotationData(viewId, RestrictAtPhase.class);
if (restrictAtPhase != null) {
defaultPhases = restrictAtPhase.value();
}
if (defaultPhases == null) {
defaultPhases = RestrictAtPhaseDefault.DEFAULT_PHASES;
}
return defaultPhases;
}
/**
* Perform the navigation to the @LoginView. If not @LoginView is defined, return a 401 response.
* The original view id requested by the user is stored in the session map, for use after a
* successful login.
*
* @param context
* @param viewRoot
*/
private void redirectToLoginPage(FacesContext context, UIViewRoot viewRoot) {
Map<String, Object> sessionMap = context.getExternalContext().getSessionMap();
preLoginEvent.fire(new PreLoginEvent(context, sessionMap));
LoginView loginView = viewConfigStore.getAnnotationData(viewRoot.getViewId(), LoginView.class);
if (loginView == null || loginView.value() == null || loginView.value().isEmpty()) {
log.debug("Returning 401 response (login required)");
context.getExternalContext().setResponseStatus(401);
context.responseComplete();
return;
}
String loginViewId = loginView.value();
log.debugf("Redirecting to configured LoginView %s", loginViewId);
NavigationHandler navHandler = context.getApplication().getNavigationHandler();
navHandler.handleNavigation(context, "", loginViewId);
context.renderResponse();
}
/**
* Perform the navigation to the @AccessDeniedView. If not @AccessDeniedView is defined, return a
* 401 response
*
* @param context
* @param viewRoot
*/
private void redirectToAccessDeniedView(FacesContext context, UIViewRoot viewRoot) {
AccessDeniedView accessDeniedView =
viewConfigStore.getAnnotationData(viewRoot.getViewId(), AccessDeniedView.class);
if (accessDeniedView == null
|| accessDeniedView.value() == null
|| accessDeniedView.value().isEmpty()) {
log.debug("Returning 401 response (access denied)");
context.getExternalContext().setResponseStatus(401);
context.responseComplete();
return;
}
String accessDeniedViewId = accessDeniedView.value();
log.debugf("Redirecting to configured AccessDenied %s", accessDeniedViewId);
NavigationHandler navHandler = context.getApplication().getNavigationHandler();
navHandler.handleNavigation(context, "", accessDeniedViewId);
context.renderResponse();
}
/**
* Retrieve all annotations from the ViewConfigStore for a given a JSF phase, and a view id, and
* where the annotation is qualified by @SecurityBindingType
*
* @param currentPhase
* @param viewId
* @return list of restrictions applicable to this viewId and PhaseTypeId
*/
public List<? extends Annotation> getRestrictionsForPhase(
PhaseIdType currentPhase, String viewId) {
List<? extends Annotation> allSecurityAnnotations =
viewConfigStore.getAllQualifierData(viewId, SecurityBindingType.class);
List<Annotation> applicableSecurityAnnotations = null;
for (Annotation annotation : allSecurityAnnotations) {
PhaseIdType[] defaultPhases = getDefaultPhases(viewId);
if (isAnnotationApplicableToPhase(annotation, currentPhase, defaultPhases)) {
if (applicableSecurityAnnotations
== null) { // avoid spawning arrays at all phases of the lifecycle
applicableSecurityAnnotations = new ArrayList<Annotation>();
}
applicableSecurityAnnotations.add(annotation);
}
}
return applicableSecurityAnnotations;
}
