You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltaspike.apache.org by "Andrew Schmidt (JIRA)" <ji...@apache.org> on 2017/09/19 14:10:00 UTC
[jira] [Updated] (DELTASPIKE-1294) Secured Stereotypes are not applied to inherited methods

     [ https://issues.apache.org/jira/browse/DELTASPIKE-1294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Schmidt updated DELTASPIKE-1294:
---------------------------------------
    Summary: Secured Stereotypes are not applied to inherited methods  (was: Secured Stereotypes do not get applied to inherited methods)

> Secured Stereotypes are not applied to inherited methods
> --------------------------------------------------------
>
>                 Key: DELTASPIKE-1294
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-1294
>             Project: DeltaSpike
>          Issue Type: Bug
>          Components: Security-Module
>    Affects Versions: 1.8.0
>            Reporter: Andrew Schmidt
>
> I have a @Secured @Stereotype annotation
> {code:java}
> @Retention( RUNTIME )
> @Stereotype
> @Inherited
> @Secured( CustomAccessDecisionVoter.class ) 
> @Target( { ElementType.TYPE, ElementType.METHOD } ) 
> public @interface Permission {
> }
> {code}
> And my decision voter:
> {code:java}
> @ApplicationScoped
> public class CustomAccessDecisionVoter extends AbstractAccessDecisionVoter {
>     @Override
>     protected void checkPermission( AccessDecisionVoterContext voterContext, Set<SecurityViolation> violations )
>     {
>         System.out.println( "Checking permission for " + voterContext.<InvocationContext> getSource().getMethod().getName() );
>     }
> }
> {code}
> And now a bean that inherits from another class
> {code:java}
> public class Animal
> {
>     public String getParentName()
>     {
>         return "parent";
>     }
> }
> {code}
> {code:java}
> @Named
> @Permission
> public class Dog extends Animal
> {
>     public String getChildName()
>     {
>         return "dog";
>     }
> }
> {code}
> In JSF dogName: 
> {code}#{dog.childName}{code} will invoke the checkPermission whereas   {code}#{dog.parentName}{code} will not
> This is in contrast to the @SecurityBindingType 
> {code:java}
> @Retention( value = RetentionPolicy.RUNTIME ) 
> @Target( { ElementType.TYPE, ElementType.METHOD } ) 
> @Documented 
> @SecurityBindingType
> public @interface UserLoggedIn {
> }
> {code}
> {code:java}
> @ApplicationScoped
> public class LoginAuthorizer
> {
>     @Secures
>     @UserLoggedIn
>     public boolean doSecuredCheck( InvocationContext invocationContext ) throws Exception
>     {
>         System.out.println( "doSecuredCheck called for: " + invocationContext.getMethod().getName() );
>         return true;
>     }
> }
> {code}
> Now applying @UserLoggedIn to  the Dog class will cause the doSecuredCheck to fire for both getChildName and getParentName



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)