[jboss-cvs] jboss-seam/src/main/org/jboss/seam/interceptors ...
Shane Bryzak
Shane_Bryzak at symantec.com
Thu Oct 19 01:30:28 EDT 2006
User: sbryzak2
Date: 06/10/19 01:30:28
Modified: src/main/org/jboss/seam/interceptors
SecurityInterceptor.java
Log:
forward all SecurityExceptions to error page, fixed NPE in security manager
Revision Changes Path
1.6 +63 -50 jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SecurityInterceptor.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -b -r1.5 -r1.6
--- SecurityInterceptor.java 18 Oct 2006 02:03:19 -0000 1.5
+++ SecurityInterceptor.java 19 Oct 2006 05:30:28 -0000 1.6
@@ -47,9 +47,12 @@
public Object checkSecurity(InvocationContext invocation)
throws Exception
{
+ Secure sec = null;
+
+ try
+ {
Method method = invocation.getMethod();
- Secure sec = null;
if (method.isAnnotationPresent(Secure.class))
sec = method.getAnnotation(Secure.class);
else if (method.getDeclaringClass().isAnnotationPresent(Secure.class))
@@ -107,13 +110,23 @@
// Fall through to error page
}
+ forwardToErrorPage(sec);
+ }
+
+ return invocation.proceed();
+ }
+ catch (SecurityException ex)
+ {
+ return forwardToErrorPage(sec);
+ }
+ }
+
+ private String forwardToErrorPage(Secure sec)
+ {
// Authorization has failed.. redirect the user to an error page
- if (sec.onfail() != null && !"".equals(sec.onfail()))
+ if (sec != null && sec.onfail() != null && !"".equals(sec.onfail()))
return sec.onfail();
return SeamSecurityManager.instance().getSecurityErrorAction();
}
-
- return invocation.proceed();
- }
}
More information about the jboss-cvs-commits
mailing list