public UIViewRoot createView()

in deltaspike/modules/jsf/impl/src/main/java/org/apache/deltaspike/jsf/impl/security/SecurityAwareViewHandler.java [69:162]

• 77 lines of code
• 16 McCabe index (conditional complexity)

    public UIViewRoot createView(FacesContext context, String viewId)
    {
        UIViewRoot result = this.wrapped.createView(context, viewId);

        if (!this.activated)
        {
            return result;
        }

        if (this.securityModuleActivated == null)
        {
            lazyInit();
        }
        if (!this.securityModuleActivated)
        {
            return result;
        }

        UIViewRoot originalViewRoot = context.getViewRoot();

        Map<String, Object> viewMap = null;
        if (originalViewRoot != null)
        {
            Map<String, Object> originalViewMap = originalViewRoot.getViewMap(false);

            if (originalViewMap != null && !originalViewMap.isEmpty())
            {
                viewMap = new HashMap<String, Object>();
                viewMap.putAll(originalViewMap);
            }
        }

        //workaround for PreDestroyViewMapEvent which would be caused by the security check
        deactivatePreDestroyViewMapEvent(context);

        //we have to use it as current view if an AccessDecisionVoter uses the JSF API to check access to the view-id
        context.setViewRoot(result);

        try
        {
            ViewRootAccessHandler viewRootAccessHandler =
                    BeanProvider.getContextualReference(ViewRootAccessHandler.class);

            viewRootAccessHandler.checkAccessTo(result);
        }
        catch (ErrorViewAwareAccessDeniedException accessDeniedException)
        {
            ViewConfigResolver viewConfigResolver = BeanProvider.getContextualReference(ViewConfigResolver.class);

            ViewConfigDescriptor errorViewDescriptor = viewConfigResolver
                    .getViewConfigDescriptor(accessDeniedException.getErrorView());

            if (errorViewDescriptor != null && View.NavigationMode.REDIRECT ==
                errorViewDescriptor.getMetaData(View.class).iterator().next().navigation() /*always available*/ &&
                BeanProvider.getContextualReference(JsfModuleConfig.class)
                    .isAlwaysUseNavigationHandlerOnSecurityViolation())
            {
                SecurityUtils.tryToHandleSecurityViolation(accessDeniedException);
            }
            else
            {
                SecurityUtils.handleSecurityViolationWithoutNavigation(accessDeniedException);
            }

            if (errorViewDescriptor != null)
            {
                return this.wrapped.createView(context, errorViewDescriptor.getViewId());
            }
            else
            {
                //only in case of GET requests, because an exception during POST requests leads to re-rendering
                //the previous page (including the error message)
                if (!context.isPostback() && context.getViewRoot() != null)
                {
                    context.getViewRoot().setViewId(null);
                }
            }
            throw accessDeniedException; //security exception without error-view
        }
        finally
        {
            activatePreDestroyViewMapEvent(context);
            if (originalViewRoot != null)
            {
                context.setViewRoot(originalViewRoot);
                if (viewMap != null)
                {
                    originalViewRoot.getViewMap().putAll(viewMap);
                }
            }
        }

        return result;
    }