You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@deltaspike.apache.org by "John Schneider (JIRA)" <ji...@apache.org> on 2013/11/24 02:04:35 UTC

[jira] [Created] (DELTASPIKE-450) Secured ViewConfig's are not working as documented

John Schneider created DELTASPIKE-450:
-----------------------------------------

             Summary: Secured ViewConfig's are not working as documented
                 Key: DELTASPIKE-450
                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-450
             Project: DeltaSpike
          Issue Type: Bug
          Components: Core, Security-Module
    Affects Versions: 0.5
         Environment: Glassfish 4 / Weld 2.0.4
            Reporter: John Schneider


I believe this is the documented method for securing pages, but the following view configuration does not invoke an AccessDecisionVoter.
@View(navigation = NavigationMode.REDIRECT)
public interface Pages extends ViewConfig {

  class LogIn implements Pages {}

  @Secured(value = ApplicationAccessDecisionVoter.class, errorView = LogIn.class)
  class Manage implements Pages {}
}

I also tried with a @Sterotype @Secured annotation which I've confirmed to be working perfectly when placed on a CDI business method. 

@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD, ElementType.FIELD})
@Documented
@Stereotype
@Secured(value = ApplicationAccessDecisionVoter.class, errorView = LogIn.class)
public @interface LoggedIn {
}

@View(navigation = NavigationMode.REDIRECT)
public interface Pages extends ViewConfig {
  class LogIn implements Pages {}

  @LoggedIn
  class Manage implements Pages {}
}



--
This message was sent by Atlassian JIRA
(v6.1#6144)