2015-05-14 96 views
0

我這對情侶的例子創建了我的身份確認:如何將FacesMessage添加到CDI安全攔截器?

Stackoverflow

Blog By Adam Warski

但不幸的是,我不能看到如何添加FacesMesagges例外情況的檢查失敗。

我的文件:

CheckAction

@Inherited 
@InterceptorBinding 
@Retention(RetentionPolicy.RUNTIME) 
@Target({ ElementType.METHOD, ElementType.TYPE }) 
public @interface CheckAction { 
    @Nonbinding public ESysObject object() default ESysObject.NONE; 
    @Nonbinding public EAction action() default EAction.NONE; 
}  

CheckActionInterceptor

@Interceptor 
@CheckAction 
public class CheckActionInterceptor implements Serializable { 
    private static final long serialVersionUID = 1L; 

    @AroundInvoke 
    public Object checkPermissions(InvocationContext context) throws Exception { 
     final CheckAction annotation = context.getMethod().getAnnotation(CheckAction.class); 

     if (!isActionAllowed(annotation.object(), annotation.action())) { 
      throw new PermissionException("Sorry you don't have needed permissions"); 
     } 

     return context.proceed(); 
    } 

爲myBean

@Named 
@ViewScoped 
@Logged 
public class PageController implements Serializable { 
    private static final long serialVersionUID = 1L; 

    @CheckAction(object = ESysObject.Dictionary, action = EAction.WRITE) 
    public String save() { 
     switch (action) { 
     case "create": 
     case "edit": 
      service.saveOrUpdate(cursor); 
      break; 
     } 
     return "page?faces-redirect=true"; 
    } 

它的所有工作。

但是如何處理PermissionException對不對?如何FacesContext.getCurrentInstance().addMessage("security check", new FacesMessage("Permission Error", "you don't have needed permissions"));

回答

0

所以,我做了我的問題。

在我的情況,我發現這個ansver:

CheckActionInterceptor

@Interceptor 
@CheckAction 
public class CheckActionInterceptor implements Serializable { 
    private static final long serialVersionUID = 1L; 

    @AroundInvoke 
    public Object checkPermissions(InvocationContext context) throws Exception { 
     final CheckAction annotation = context.getMethod().getAnnotation(CheckAction.class); 

     if (!isActionAllowed(annotation.object(), annotation.action())) { 
      facesContext.addMessage("Error", new FacesMessage("Permission error", text)); 
      log.error(text); 
      return null; 
     } 

     return context.proceed(); 
    } 

我不thow一個錯誤,我返回null。我的程序更進一步,但不允許執行所需的操作/方法。