如何将 FacesMessage 添加到 CDI 安全拦截器?
How add FacesMessage to CDI security interceptor?
我通过以下几个示例创建了安全检查:
Whosebug
但不幸的是,我看不到如何添加 FacesMesagges 异常以防检查失败。
我的文件:
检查动作
@Inherited
@InterceptorBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ ElementType.METHOD, ElementType.TYPE })
public @interface CheckAction {
@Nonbinding public ESysObject object() default ESysObject.NONE;
@Nonbinding public EAction action() default EAction.NONE;
}
CheckActionInterceptor
@Interceptor
@CheckAction
public class CheckActionInterceptor implements Serializable {
private static final long serialVersionUID = 1L;
@AroundInvoke
public Object checkPermissions(InvocationContext context) throws Exception {
final CheckAction annotation = context.getMethod().getAnnotation(CheckAction.class);
if (!isActionAllowed(annotation.object(), annotation.action())) {
throw new PermissionException("Sorry you don't have needed permissions");
}
return context.proceed();
}
MyBean
@Named
@ViewScoped
@Logged
public class PageController implements Serializable {
private static final long serialVersionUID = 1L;
@CheckAction(object = ESysObject.Dictionary, action = EAction.WRITE)
public String save() {
switch (action) {
case "create":
case "edit":
service.saveOrUpdate(cursor);
break;
}
return "page?faces-redirect=true";
}
一切顺利。
但是如何正确处理PermissionException呢?如何FacesContext.getCurrentInstance().addMessage("security check", new FacesMessage("Permission Error", "you don't have needed permissions"));
所以,我已经完成了我的问题。
就我而言,我找到了这个答案:
CheckActionInterceptor
@Interceptor
@CheckAction
public class CheckActionInterceptor implements Serializable {
private static final long serialVersionUID = 1L;
@AroundInvoke
public Object checkPermissions(InvocationContext context) throws Exception {
final CheckAction annotation = context.getMethod().getAnnotation(CheckAction.class);
if (!isActionAllowed(annotation.object(), annotation.action())) {
facesContext.addMessage("Error", new FacesMessage("Permission error", text));
log.error(text);
return null;
}
return context.proceed();
}
我没有报错,我return null。我的程序更进一步,但不允许执行需要 action/method。
我通过以下几个示例创建了安全检查:
Whosebug
但不幸的是,我看不到如何添加 FacesMesagges 异常以防检查失败。
我的文件:
检查动作
@Inherited
@InterceptorBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ ElementType.METHOD, ElementType.TYPE })
public @interface CheckAction {
@Nonbinding public ESysObject object() default ESysObject.NONE;
@Nonbinding public EAction action() default EAction.NONE;
}
CheckActionInterceptor
@Interceptor
@CheckAction
public class CheckActionInterceptor implements Serializable {
private static final long serialVersionUID = 1L;
@AroundInvoke
public Object checkPermissions(InvocationContext context) throws Exception {
final CheckAction annotation = context.getMethod().getAnnotation(CheckAction.class);
if (!isActionAllowed(annotation.object(), annotation.action())) {
throw new PermissionException("Sorry you don't have needed permissions");
}
return context.proceed();
}
MyBean
@Named
@ViewScoped
@Logged
public class PageController implements Serializable {
private static final long serialVersionUID = 1L;
@CheckAction(object = ESysObject.Dictionary, action = EAction.WRITE)
public String save() {
switch (action) {
case "create":
case "edit":
service.saveOrUpdate(cursor);
break;
}
return "page?faces-redirect=true";
}
一切顺利。
但是如何正确处理PermissionException呢?如何FacesContext.getCurrentInstance().addMessage("security check", new FacesMessage("Permission Error", "you don't have needed permissions"));
所以,我已经完成了我的问题。
就我而言,我找到了这个答案:
CheckActionInterceptor
@Interceptor
@CheckAction
public class CheckActionInterceptor implements Serializable {
private static final long serialVersionUID = 1L;
@AroundInvoke
public Object checkPermissions(InvocationContext context) throws Exception {
final CheckAction annotation = context.getMethod().getAnnotation(CheckAction.class);
if (!isActionAllowed(annotation.object(), annotation.action())) {
facesContext.addMessage("Error", new FacesMessage("Permission error", text));
log.error(text);
return null;
}
return context.proceed();
}
我没有报错,我return null。我的程序更进一步,但不允许执行需要 action/method。