hey,I using annotation to do permission checking in t5.
the following is what I have done!!
In page class:
@ProtectedPage({ "admin","editor","fmanager"})
public class LibraryEdit extends BasePage {
//submit the form, it is a event handle method
@ProtectedMethod(value={"admin"})
Object onSuccessFromEdit() {
mmsLibraryService.save(_library);
return this;
}
}
@ProtectedPage and @ProtectedMethod are both my annotation which are used in
my PageProtectionFilter class, and what is in my PageProtectionFilter :
public class PageProtectionFilter implements ComponentRequestFilter {
private final PageRenderLinkSource _pageRenderLinkSource;
private final ComponentSource _componentSource;
private final Response _response;
private ApplicationStateManager _sessionStateManager;
private SecurityFinderService _securityService;
private final Logger _logger;
/**
* Receive all the services needed as constructor arguments. When we
bind
this service, T5 IoC will provide all the
* services!
*/
public PageProtectionFilter(PageRenderLinkSource pageRenderLinkSource,
ComponentSource componentSource,
Response response, ApplicationStateManager asm,@Inject
SecurityFinderService securityService,Logger logger) {
_pageRenderLinkSource = pageRenderLinkSource;
_response = response;
_componentSource = componentSource;
_sessionStateManager = asm;
_securityService = securityService;
_logger = logger;
}
//page filter
public void handlePageRender(PageRenderRequestParameters parameters,
ComponentRequestHandler handler)
throws IOException {
if (isAuthorisedToPage(parameters.getLogicalPageName())) {
handler.handlePageRender(parameters);
}
else {
// The method will have redirected us to the login page
return;
}
}
//component filter
public void handleComponentEvent(ComponentEventRequestParameters
parameters, ComponentRequestHandler handler)
throws IOException {
String eventType = parameters.getEventType();
String nci = parameters.getNestedComponentId();
if
(isAuthorisedToComponent(parameters.getActivePageName(),eventType,nci))
{
handler.handleComponentEvent(parameters);
}
else {
return;
}
}
// for page .........annotation work well in this method
public boolean isAuthorisedToPage(String requestedPageName) throws
IOException {
// If the requested page is annotated @ProtectedPage...
Component page = _componentSource.getPage(requestedPageName);
boolean protectedPage =
page.getClass().getAnnotation(ProtectedPage.class)
!= null;
if (protectedPage) {
// If the session contains a Visit then you have
already been
authenticated
if (_sessionStateManager.exists(Visit.class)) {
// We could do some role checking where but we
won't. You're authorised.
Visit visit =
_sessionStateManager.get(Visit.class);
String roles[] =
page.getClass().getAnnotation(ProtectedPage.class).value();
if(ArrayUtils.contains(roles,
visit.getMyRole()))
return true;
else{
Link accessDeniedPageLink =
_pageRenderLinkSource.createPageRenderLink(AccessDenied.class);
_response.sendRedirect(accessDeniedPageLink);
return false;
}
}
// Else if "auto-login" is on, then automatically log
in.
// - this facility is for development environment only.
It avoids getting
you thrown out of the
// app every time the session clears eg. when app is
restarted.
else if (isAutoLoginOn()) {
autoLogin(1L);
return true;
}
// Else go to the Login page
else {
Link loginPageLink =
_pageRenderLinkSource.createPageRenderLink(Index.class);
_response.sendRedirect(loginPageLink);
return false;
}
}
else {
return true;
}
}
//and could not work well here .....
public boolean isAuthorisedToComponent(String requestedPageName,String
eventType,String nci) throws IOException {
Component component =
_componentSource.getComponent(requestedPageName+":"+nci);
boolean isProtectedMethod = false;
String protectedMethod = "";
Method[] methods = component.getClass().getMethods();
for (Method method : methods) {
String str = method.getName().toLowerCase();
if(str.endsWith(nci)){
isProtectedMethod =
method.getAnnotation(ProtectedMethod.class) != null;
protectedMethod = method.getName();
break;
}
}
if (isProtectedMethod) {
// If the session contains a Visit then you have
already been
authenticated
if (_sessionStateManager.exists(Visit.class)) {
Visit visit =
_sessionStateManager.get(Visit.class);
String roles[] = null;
try {
roles =
component.getClass().getMethod(protectedMethod,
null).getAnnotation(ProtectedMethod.class).value();
} catch (Exception e) {
e.printStackTrace();
}
if(ArrayUtils.contains(roles,
visit.getMyRole()))
return true;
else{
Link accessDeniedPageLink =
_pageRenderLinkSource.createPageRenderLink(AccessDenied.class);
_response.sendRedirect(accessDeniedPageLink);
return false;
}
}
// Else if "auto-login" is on, then automatically log
in.
// - this facility is for development environment only.
It avoids getting
you thrown out of the
// app every time the session clears eg. when app is
restarted.
else if (isAutoLoginOn()) {
autoLogin(1L);
return true;
}
// Else go to the Login page
else {
Link loginPageLink =
_pageRenderLinkSource.createPageRenderLink(Index.class);
_response.sendRedirect(loginPageLink);
return false;
}
}
else {
return true;
}
}
/**
* Checks the value of system property jumpstart.auto-login. If "true"
then
returns true; if "false" then return
* false; if not set then returns false.
*/
private boolean isAutoLoginOn() {
boolean autoLogin = false;
if (_autoLoginStr == null) {
autoLogin = false;
}
else if (_autoLoginStr.equalsIgnoreCase("true")) {
autoLogin = true;
}
else if (_autoLoginStr.equalsIgnoreCase("false")) {
autoLogin = false;
}
else {
throw new IllegalStateException(
"System property auto-login has been
set to \""
+ _autoLoginStr
+ "\". Please set it
to \"true\" or \"false\". If not specified at
all then it will default to \"false\".");
}
return autoLogin;
}
/**
* Automatically logs you in as the given user. Its intention is to
prevent
you being thrown out of the application
*/
private void autoLogin(Long userId) {
try {
User user = _securityService.findUser(userId);
Visit visit = new Visit();
visit.noteLogin(user);
_logger.info(user.getLoginId() + " has been
auto-logged-in.");
_sessionStateManager.set(Visit.class, visit);
}
catch (Exception e) {
throw new IllegalStateException(e);
}
}
}
my problem is I could not get the annotation which I set on the t5 event
method.
actually, when I invoke :
......................
Component component =
_componentSource.getComponent(requestedPageName+":"+nci);
boolean isProtectedMethod = false;
String protectedMethod = "";
Method[] methods = component.getClass().getMethods();
for (Method method : methods) {
String str = method.getName().toLowerCase();
if(str.endsWith(nci)){
isProtectedMethod =
method.getAnnotation(ProtectedMethod.class) != null;
protectedMethod = method.getName();
break;
}
}
...............
the event method onSuccessFromEdit was not found methods array!!!
any helps are appreciated!!!
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/annotation-on-t5-event-method-couldn-t-work-tp2471453p2471453.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
