public UIViewRoot createView()

in jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/security/SecurityAwareViewHandler.java [77:143]

• 53 lines of code
• 9 McCabe index (conditional complexity)

    public UIViewRoot createView(FacesContext context, String viewId)
    {
        UIViewRoot result = this.wrapped.createView(context, viewId);

        if(this.deactivated)
        {
            return result;
        }

        UIViewRoot originalViewRoot = context.getViewRoot();

        //we have to use it as current view if an AccessDecisionVoter uses the JSF API to check access to the view-id
        context.setViewRoot(result);

        try
        {
            ViewConfigDescriptor entry = ViewConfigCache.getViewConfigDescriptor(result.getViewId());

            if(entry != null)
            {
                lazyInit();

                AccessDecisionVoterContext voterContext =
                        CodiUtils.getContextualReferenceByClass(beanManager, AccessDecisionVoterContext.class, true);

                Class<? extends ViewConfig> errorView = null;

                if(entry instanceof EditableViewConfigDescriptor)
                {
                    errorView = ((EditableViewConfigDescriptor)entry).getErrorView();
                }

                invokeVoters(null /*TODO*/, this.beanManager, voterContext, entry.getAccessDecisionVoters(), errorView);
            }
        }
        catch (AccessDeniedException accessDeniedException)
        {
            Class<? extends ViewConfig> errorView;

            ViewConfigDescriptor errorViewDescriptor =
                ViewConfigCache.getViewConfigDescriptor(accessDeniedException.getErrorView());

            if (errorViewDescriptor != null &&
                errorViewDescriptor.getNavigationMode() == Page.NavigationMode.REDIRECT &&
                CodiUtils.getContextualReferenceByClass(this.beanManager, JsfModuleConfig.class)
                    .isAlwaysUseNavigationHandlerOnSecurityViolation())
            {
                SecurityUtils.tryToHandleSecurityViolation(accessDeniedException);
                errorView = errorViewDescriptor.getViewConfig();
            }
            else
            {
                errorView = SecurityUtils.handleSecurityViolationWithoutNavigation(accessDeniedException);
            }

            return this.wrapped.createView(context, ViewConfigCache.getViewConfigDescriptor(errorView).getViewId());
        }
        finally
        {
            if(originalViewRoot != null)
            {
                context.setViewRoot(originalViewRoot);
            }
        }

        return result;
    }