You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@deltaspike.apache.org by Thomas Frühbeck <fr...@aon.at> on 2014/12/15 00:44:15 UTC
missing security paramter binding on nonbinding member?
Hi,
I am using DS-1.2.0.
I get a missing parameter binding exception in following situation:
Exception:
java.lang.IllegalStateException: Missing required security parameter
binding [@at.telekom.sms.web.security.AuthorizedParam(action=UPDATE)] on
method invocation [net.a1.csms.jsf.GroupBean.setCsmsGroup(class
at.telekom.sms.persistence.entities.SmsLists)]
Binding Annotaiton:
@SecurityParameterBinding
@Target({ TYPE, METHOD, FIELD, PARAMETER })
@Retention(RUNTIME)
public @interface AuthorizedParam {
@Nonbinding
Action action() default Action.UPDATE;
}
Authorizer:
public class MssmsAuthorizer {
@Secures @Authorized
public boolean authorized(InvocationContext ctx, @LoggedIn
MssmsUser mssmsUser, @AuthorizedParam SmsLists smsList) {
return doAuthorize(ctx, mssmsUser, smsList);
}
}
Annotated Bean method:
{
@Authorized
@OpenTransactionProvided(rollbackOnly=true)
public void setCsmsGroup(@AuthorizedParam(action=Action.READ) final
SmsLists newGroup) {
...
}
}
Can you please explain, what I am doing wrong?
Many Thanks,
Thomas
Re: missing security paramter binding on nonbinding member?
Posted by Gerhard Petracek <ge...@gmail.com>.
short addition:
i'm ready to push the improvement for SecurityParameterValueRedefiner -> it
would be nice if you create the jira-ticket for it.
regards,
gerhard
http://www.irian.at
Your JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache
MyFaces, DeltaSpike and OpenWebBeans
2014-12-15 2:26 GMT+01:00 Gerhard Petracek <ge...@gmail.com>:
>
> hi thomas,
>
> i just checked that part which came in from seam3 and it looks like it
> never supported @Nonbinding.
> (SecurityParameterValueRedefiner just uses a set to check for the same
> annotation-instances.)
>
> -> please file a jira-ticket (see [1]).
> it's planned to release v1.2.1 quite soon -> maybe we can add the support
> for @Nonbinding with the upcoming release.
>
> regards,
> gerhard
>
> [1] https://issues.apache.org/jira/browse/DELTASPIKE
>
> http://www.irian.at
>
> Your JavaEE powerhouse -
> JavaEE Consulting, Development and
> Courses in English and German
>
> Professional Support for Apache
> MyFaces, DeltaSpike and OpenWebBeans
>
>
>
> 2014-12-15 0:44 GMT+01:00 Thomas Frühbeck <fr...@aon.at>:
>>
>> Hi,
>>
>> I am using DS-1.2.0.
>> I get a missing parameter binding exception in following situation:
>>
>> Exception:
>> java.lang.IllegalStateException: Missing required security parameter
>> binding [@at.telekom.sms.web.security.AuthorizedParam(action=UPDATE)] on
>> method invocation [net.a1.csms.jsf.GroupBean.setCsmsGroup(class
>> at.telekom.sms.persistence.entities.SmsLists)]
>>
>> Binding Annotaiton:
>>
>> @SecurityParameterBinding
>> @Target({ TYPE, METHOD, FIELD, PARAMETER })
>> @Retention(RUNTIME)
>> public @interface AuthorizedParam {
>>
>> @Nonbinding
>> Action action() default Action.UPDATE;
>>
>> }
>>
>> Authorizer:
>>
>> public class MssmsAuthorizer {
>>
>> @Secures @Authorized
>> public boolean authorized(InvocationContext ctx, @LoggedIn MssmsUser
>> mssmsUser, @AuthorizedParam SmsLists smsList) {
>> return doAuthorize(ctx, mssmsUser, smsList);
>> }
>> }
>>
>>
>> Annotated Bean method:
>>
>> {
>> @Authorized
>> @OpenTransactionProvided(rollbackOnly=true)
>> public void setCsmsGroup(@AuthorizedParam(action=Action.READ) final
>> SmsLists newGroup) {
>> ...
>> }
>> }
>>
>>
>> Can you please explain, what I am doing wrong?
>>
>> Many Thanks,
>> Thomas
>>
>>
>>
Re: missing security paramter binding on nonbinding member?
Posted by Gerhard Petracek <ge...@gmail.com>.
hi thomas,
i just checked that part which came in from seam3 and it looks like it
never supported @Nonbinding.
(SecurityParameterValueRedefiner just uses a set to check for the same
annotation-instances.)
-> please file a jira-ticket (see [1]).
it's planned to release v1.2.1 quite soon -> maybe we can add the support
for @Nonbinding with the upcoming release.
regards,
gerhard
[1] https://issues.apache.org/jira/browse/DELTASPIKE
http://www.irian.at
Your JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache
MyFaces, DeltaSpike and OpenWebBeans
2014-12-15 0:44 GMT+01:00 Thomas Frühbeck <fr...@aon.at>:
>
> Hi,
>
> I am using DS-1.2.0.
> I get a missing parameter binding exception in following situation:
>
> Exception:
> java.lang.IllegalStateException: Missing required security parameter
> binding [@at.telekom.sms.web.security.AuthorizedParam(action=UPDATE)] on
> method invocation [net.a1.csms.jsf.GroupBean.setCsmsGroup(class
> at.telekom.sms.persistence.entities.SmsLists)]
>
> Binding Annotaiton:
>
> @SecurityParameterBinding
> @Target({ TYPE, METHOD, FIELD, PARAMETER })
> @Retention(RUNTIME)
> public @interface AuthorizedParam {
>
> @Nonbinding
> Action action() default Action.UPDATE;
>
> }
>
> Authorizer:
>
> public class MssmsAuthorizer {
>
> @Secures @Authorized
> public boolean authorized(InvocationContext ctx, @LoggedIn MssmsUser
> mssmsUser, @AuthorizedParam SmsLists smsList) {
> return doAuthorize(ctx, mssmsUser, smsList);
> }
> }
>
>
> Annotated Bean method:
>
> {
> @Authorized
> @OpenTransactionProvided(rollbackOnly=true)
> public void setCsmsGroup(@AuthorizedParam(action=Action.READ) final
> SmsLists newGroup) {
> ...
> }
> }
>
>
> Can you please explain, what I am doing wrong?
>
> Many Thanks,
> Thomas
>
>
>