You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@deltaspike.apache.org by Michael Glauche <mi...@glauche.de> on 2014/07/02 21:40:26 UTC
AccessDecisionVoterContext not working for JSF pages
Hi,
i'm trying to apply the DS (1.0.0) security example (Wildfly 8.1.0,
weld, MyFaces 2.0.18) to the JSF module, specifically the @Secured and
Stereotypes with custom Meta-data.
So, i did create:
@Stereotype
@Secured(RoleAccessDecisionVoter.class)
public @interface Admin
{
int securityLevel();
}
When i use that annotation on a bean everything works fine:
public class RoleAccessDecisionVoter implements AccessDecisionVoter
{
private static final long serialVersionUID = -8007511215776345835L;
public Set<SecurityViolation> checkPermission(AccessDecisionVoterContext voterContext)
{
Admin admin = voterContext.getMetaDataFor(Admin.class.getName(), Admin.class);
does work, and will return the securitylevel from the bean.
But, when i use the annotation in the JSF views, the @Secured is working, but the Annotation is not
found in the voterContext.
public interface Pages {
class Index implements ViewConfig { }
@Admin(securityLevel=42)
class Admin implements ViewConfig { }
}
in this case "admin" in the checkPermission is null ...
Am i missing something obvious? Is it supposed to work this way?
Kind regards,
Michael
Re: AccessDecisionVoterContext not working for JSF pages
Posted by Gerhard Petracek <ge...@gmail.com>.
hi michael,
i've pushed the change (+ a test for it).
-> with v1.0.1 it will be possible to use @ViewMetaData for your stereotype
to keep the annotation itself as meta-data.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2014-07-02 22:15 GMT+02:00 Gerhard Petracek <ge...@gmail.com>:
> hi michael,
>
> what you would need is the support of stereotypes which are annotated with
> @ViewMetaData as well.
> currently that isn't supported that way.
>
> for now you could split it - e.g:
> @Admin
> @SecurityLevel(42)
>
> you are welcome to file a jira-ticket for the corresponding improvement.
>
> regards,
> gerhard
>
> http://www.irian.at
>
> Your JSF/JavaEE powerhouse -
> JavaEE Consulting, Development and
> Courses in English and German
>
> Professional Support for Apache MyFaces
>
>
>
> 2014-07-02 21:40 GMT+02:00 Michael Glauche <mi...@glauche.de>:
>
> Hi,
>>
>> i'm trying to apply the DS (1.0.0) security example (Wildfly 8.1.0, weld,
>> MyFaces 2.0.18) to the JSF module, specifically the @Secured and
>> Stereotypes with custom Meta-data.
>>
>> So, i did create:
>>
>> @Stereotype
>> @Secured(RoleAccessDecisionVoter.class)
>> public @interface Admin
>> {
>> int securityLevel();
>> }
>>
>> When i use that annotation on a bean everything works fine:
>> public class RoleAccessDecisionVoter implements AccessDecisionVoter
>> {
>> private static final long serialVersionUID =
>> -8007511215776345835L;
>>
>> public Set<SecurityViolation> checkPermission(AccessDecisionVoterContext
>> voterContext)
>> {
>> Admin admin = voterContext.getMetaDataFor(Admin.class.getName(),
>> Admin.class);
>>
>> does work, and will return the securitylevel from the bean.
>>
>> But, when i use the annotation in the JSF views, the @Secured is working,
>> but the Annotation is not
>> found in the voterContext.
>>
>> public interface Pages {
>> class Index implements ViewConfig { }
>>
>> @Admin(securityLevel=42)
>> class Admin implements ViewConfig { }
>> }
>>
>> in this case "admin" in the checkPermission is null ...
>>
>> Am i missing something obvious? Is it supposed to work this way?
>>
>> Kind regards,
>> Michael
>>
>>
>>
>>
>
Re: AccessDecisionVoterContext not working for JSF pages
Posted by Gerhard Petracek <ge...@gmail.com>.
hi michael,
what you would need is the support of stereotypes which are annotated with
@ViewMetaData as well.
currently that isn't supported that way.
for now you could split it - e.g:
@Admin
@SecurityLevel(42)
you are welcome to file a jira-ticket for the corresponding improvement.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2014-07-02 21:40 GMT+02:00 Michael Glauche <mi...@glauche.de>:
> Hi,
>
> i'm trying to apply the DS (1.0.0) security example (Wildfly 8.1.0, weld,
> MyFaces 2.0.18) to the JSF module, specifically the @Secured and
> Stereotypes with custom Meta-data.
>
> So, i did create:
>
> @Stereotype
> @Secured(RoleAccessDecisionVoter.class)
> public @interface Admin
> {
> int securityLevel();
> }
>
> When i use that annotation on a bean everything works fine:
> public class RoleAccessDecisionVoter implements AccessDecisionVoter
> {
> private static final long serialVersionUID =
> -8007511215776345835L;
>
> public Set<SecurityViolation> checkPermission(AccessDecisionVoterContext
> voterContext)
> {
> Admin admin = voterContext.getMetaDataFor(Admin.class.getName(),
> Admin.class);
>
> does work, and will return the securitylevel from the bean.
>
> But, when i use the annotation in the JSF views, the @Secured is working,
> but the Annotation is not
> found in the voterContext.
>
> public interface Pages {
> class Index implements ViewConfig { }
>
> @Admin(securityLevel=42)
> class Admin implements ViewConfig { }
> }
>
> in this case "admin" in the checkPermission is null ...
>
> Am i missing something obvious? Is it supposed to work this way?
>
> Kind regards,
> Michael
>
>
>
>