001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied. See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019 package org.tynamo.security;
020
021 import org.apache.shiro.ShiroException;
022 import org.apache.shiro.session.Session;
023 import org.apache.shiro.subject.Subject;
024 import org.apache.shiro.util.StringUtils;
025 import org.apache.shiro.web.util.WebUtils;
026 import org.apache.tapestry5.internal.services.PageResponseRenderer;
027 import org.apache.tapestry5.internal.services.RequestPageCache;
028 import org.apache.tapestry5.internal.structure.Page;
029 import org.apache.tapestry5.runtime.Component;
030 import org.apache.tapestry5.services.ExceptionReporter;
031 import org.apache.tapestry5.services.RequestGlobals;
032 import org.apache.tapestry5.services.Response;
033 import org.tynamo.security.services.PageService;
034 import org.tynamo.security.services.SecurityService;
035
036 import javax.servlet.http.HttpServletResponse;
037 import java.io.IOException;
038
039 /**
040 * Handler for ShiroException
041 *
042 */
043 public class ShiroExceptionHandler
044 {
045
046 private final PageResponseRenderer renderer;
047 private final RequestPageCache pageCache;
048 private final SecurityService securityService;
049 private final PageService pageService;
050 private final RequestGlobals requestGlobals;
051 private final Response response;
052
053 public ShiroExceptionHandler(PageResponseRenderer renderer, RequestPageCache pageCache,
054 SecurityService securityService, PageService pageService,
055 RequestGlobals requestGlobals, Response response)
056 {
057
058 this.renderer = renderer;
059 this.pageCache = pageCache;
060 this.securityService = securityService;
061 this.pageService = pageService;
062 this.requestGlobals = requestGlobals;
063 this.response = response;
064 }
065
066
067 /**
068 * TODO: Make configurable strategies objects for ShiroException
069 */
070 public void handle(ShiroException exception) throws IOException
071 {
072
073 if (securityService.isAuthenticated())
074 {
075
076 String unauthorizedPage = pageService.getUnauthorizedPage();
077
078 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
079 if (!StringUtils.hasText(unauthorizedPage))
080 {
081 return;
082 }
083
084 Page page = pageCache.get(unauthorizedPage);
085
086 reportExceptionIfPossible(exception, page);
087
088 renderer.renderPageResponse(page);
089
090 } else
091 {
092 Subject subject = securityService.getSubject();
093
094 if (subject != null)
095 {
096 Session session = subject.getSession();
097 if (session != null)
098 {
099 WebUtils.saveRequest(requestGlobals.getHTTPServletRequest());
100 }
101 }
102
103 Page page = pageCache.get(pageService.getLoginPage());
104
105 reportExceptionIfPossible(exception, page);
106
107 renderer.renderPageResponse(page);
108
109 }
110 }
111
112 private void reportExceptionIfPossible(ShiroException exception, Page page)
113 {
114 Component rootComponent = page.getRootComponent();
115 if (rootComponent instanceof ExceptionReporter)
116 {
117 ((ExceptionReporter) rootComponent).reportException(exception);
118 }
119 }
120 }