Created
October 21, 2011 15:34
-
-
Save sody/1304135 to your computer and use it in GitHub Desktop.
Secure pages with tapestry5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Allow(Authorities.ROLE_ADMIN) | |
| public class AdminHome { | |
| // some stuff | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class AdminHome { | |
| // some stuff | |
| void onActivate() { | |
| if (!isAllowed()) { | |
| throw new AccessDeniedException("Access denied"); | |
| } | |
| } | |
| // some stuff | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Target({ElementType.METHOD, ElementType.TYPE}) | |
| @Retention(RetentionPolicy.RUNTIME) | |
| @Documented | |
| public @interface Allow { | |
| String[] value(); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class OurModule { | |
| // some stuff | |
| public void contributeComponentClassTransformWorker(final OrderedConfiguration<ComponentClassTransformWorker2> configuration) { | |
| configuration.addInstance("PageSecurity", SecurityAnnotationWorker.class, "after:OnEvent"); | |
| } | |
| // some stuff | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class SecurityAnnotationWorker implements ComponentClassTransformWorker2 { | |
| public void transform(final PlasticClass plasticClass, final TransformationSupport support, final MutableComponentModel model) { | |
| final Allow allow = plasticClass.getAnnotation(Allow.class); | |
| if (model.isPage() && allow != null) { | |
| support.addEventHandler(EventConstants.ACTIVATE, 0, "Page Security", new ComponentEventHandler() { | |
| public void handleEvent(final Component instance, final ComponentEvent event) { | |
| final List<String> authorities = getAuthorities(); | |
| if (!authorities.containsAll(Arrays.asList(allow.value()))) { | |
| throw new AccessDeniedException(String.format("Access denied for authorities: '%s'", authorities)); | |
| } | |
| } | |
| }); | |
| } | |
| } | |
| private List<String> getAuthorities() { | |
| // get authorities from any security context | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment