You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@deltaspike.apache.org by Rafael Pestano <rm...@gmail.com> on 2015/04/09 20:06:55 UTC
Security module question
Hi everyone, a simple question (i hope not a stupid one ;))
reading the security module docs[1] I couldn't get the purpose of the
*boolean* return in CustomAuthorizer#doSecuredCheck
It is for third party integration or I need to use it elsewhere?
For now i'm not using itm when user does not have access to a method I just
throw an exeption (is it the correct way?).
[1]
http://deltaspike.apache.org/documentation/security.html#_securitybinding_for_class_and_method_invocations
--
<http://www.advancedit.com.br/>Att,
Rafael M. Pestano
Desenvolvedor Java Cia. de Processamento de Dados do Rio Grande do Sul
http://rpestano.wordpress.com/
@realpestano <https://twitter.com/realpestano>
Re: Security module question
Posted by Gerhard Petracek <ge...@gmail.com>.
short addition:
i've attached a patch at [1].
regards,
gerhard
[1] https://issues.apache.org/jira/browse/DELTASPIKE-873
2015-04-09 23:54 GMT+02:00 Gerhard Petracek <ge...@gmail.com>:
> hi rafael,
>
> if you return false, you should see an AccessDeniedException.
>
> currently you need a configured default error-page to get an useful
> behavior in BridgeExceptionHandlerWrapper.
> (see org.apache.deltaspike.core.api.config.view.DefaultErrorView)
>
> please file a jira ticket that the error-message should be shown on the
> same page in any case (-> also without a configured default error-page).
>
> regards,
> gerhard
>
> http://www.irian.at
>
> Your JavaEE powerhouse -
> JavaEE Consulting, Development and
> Courses in English and German
>
> Professional Support for Apache
> MyFaces, DeltaSpike and OpenWebBeans
>
>
>
> 2015-04-09 20:09 GMT+02:00 Rafael Pestano <rm...@gmail.com>:
>
>> just FY, when I return false in the doSecurityCheck() my application hangs
>> and the exception below is thrown:
>>
>> at
>>
>> org.apache.deltaspike.jsf.impl.exception.control.BridgeExceptionHandlerWrapper.processAccessDeniedException(BridgeExceptionHandlerWrapper.java:162)
>> [deltaspike-jsf-module-impl-1.3.0.jar:1.3.0]
>> at
>>
>> org.apache.deltaspike.jsf.impl.exception.control.BridgeExceptionHandlerWrapper.handle(BridgeExceptionHandlerWrapper.java:84)
>> [deltaspike-jsf-module-impl-1.3.0.jar:1.3.0]
>> at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:119)
>> [jsf-impl-2.1.28.redhat-3.jar:2.1.28.redhat-3]
>> at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
>> [jsf-impl-2.1.28.redhat-3.jar:2.1.28.redhat-
>>
>>
>>
>> 2015-04-09 15:06 GMT-03:00 Rafael Pestano <rm...@gmail.com>:
>>
>> > Hi everyone, a simple question (i hope not a stupid one ;))
>> >
>> > reading the security module docs[1] I couldn't get the purpose of the
>> > *boolean* return in CustomAuthorizer#doSecuredCheck
>> >
>> > It is for third party integration or I need to use it elsewhere?
>> >
>> > For now i'm not using itm when user does not have access to a method I
>> > just throw an exeption (is it the correct way?).
>> >
>> > [1]
>> >
>> http://deltaspike.apache.org/documentation/security.html#_securitybinding_for_class_and_method_invocations
>> > --
>> > <http://www.advancedit.com.br/>Att,
>> >
>> > Rafael M. Pestano
>> >
>> > Desenvolvedor Java Cia. de Processamento de Dados do Rio Grande do Sul
>> > http://rpestano.wordpress.com/
>> > @realpestano <https://twitter.com/realpestano>
>> >
>>
>>
>>
>> --
>> <http://www.advancedit.com.br/>Att,
>>
>> Rafael M. Pestano
>>
>> Desenvolvedor Java Cia. de Processamento de Dados do Rio Grande do Sul
>> http://rpestano.wordpress.com/
>> @realpestano <https://twitter.com/realpestano>
>>
>
>
Re: Security module question
Posted by Gerhard Petracek <ge...@gmail.com>.
hi rafael,
if you return false, you should see an AccessDeniedException.
currently you need a configured default error-page to get an useful
behavior in BridgeExceptionHandlerWrapper.
(see org.apache.deltaspike.core.api.config.view.DefaultErrorView)
please file a jira ticket that the error-message should be shown on the
same page in any case (-> also without a configured default error-page).
regards,
gerhard
http://www.irian.at
Your JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache
MyFaces, DeltaSpike and OpenWebBeans
2015-04-09 20:09 GMT+02:00 Rafael Pestano <rm...@gmail.com>:
> just FY, when I return false in the doSecurityCheck() my application hangs
> and the exception below is thrown:
>
> at
>
> org.apache.deltaspike.jsf.impl.exception.control.BridgeExceptionHandlerWrapper.processAccessDeniedException(BridgeExceptionHandlerWrapper.java:162)
> [deltaspike-jsf-module-impl-1.3.0.jar:1.3.0]
> at
>
> org.apache.deltaspike.jsf.impl.exception.control.BridgeExceptionHandlerWrapper.handle(BridgeExceptionHandlerWrapper.java:84)
> [deltaspike-jsf-module-impl-1.3.0.jar:1.3.0]
> at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:119)
> [jsf-impl-2.1.28.redhat-3.jar:2.1.28.redhat-3]
> at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
> [jsf-impl-2.1.28.redhat-3.jar:2.1.28.redhat-
>
>
>
> 2015-04-09 15:06 GMT-03:00 Rafael Pestano <rm...@gmail.com>:
>
> > Hi everyone, a simple question (i hope not a stupid one ;))
> >
> > reading the security module docs[1] I couldn't get the purpose of the
> > *boolean* return in CustomAuthorizer#doSecuredCheck
> >
> > It is for third party integration or I need to use it elsewhere?
> >
> > For now i'm not using itm when user does not have access to a method I
> > just throw an exeption (is it the correct way?).
> >
> > [1]
> >
> http://deltaspike.apache.org/documentation/security.html#_securitybinding_for_class_and_method_invocations
> > --
> > <http://www.advancedit.com.br/>Att,
> >
> > Rafael M. Pestano
> >
> > Desenvolvedor Java Cia. de Processamento de Dados do Rio Grande do Sul
> > http://rpestano.wordpress.com/
> > @realpestano <https://twitter.com/realpestano>
> >
>
>
>
> --
> <http://www.advancedit.com.br/>Att,
>
> Rafael M. Pestano
>
> Desenvolvedor Java Cia. de Processamento de Dados do Rio Grande do Sul
> http://rpestano.wordpress.com/
> @realpestano <https://twitter.com/realpestano>
>
Re: Security module question
Posted by Rafael Pestano <rm...@gmail.com>.
just FY, when I return false in the doSecurityCheck() my application hangs
and the exception below is thrown:
at
org.apache.deltaspike.jsf.impl.exception.control.BridgeExceptionHandlerWrapper.processAccessDeniedException(BridgeExceptionHandlerWrapper.java:162)
[deltaspike-jsf-module-impl-1.3.0.jar:1.3.0]
at
org.apache.deltaspike.jsf.impl.exception.control.BridgeExceptionHandlerWrapper.handle(BridgeExceptionHandlerWrapper.java:84)
[deltaspike-jsf-module-impl-1.3.0.jar:1.3.0]
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:119)
[jsf-impl-2.1.28.redhat-3.jar:2.1.28.redhat-3]
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
[jsf-impl-2.1.28.redhat-3.jar:2.1.28.redhat-
2015-04-09 15:06 GMT-03:00 Rafael Pestano <rm...@gmail.com>:
> Hi everyone, a simple question (i hope not a stupid one ;))
>
> reading the security module docs[1] I couldn't get the purpose of the
> *boolean* return in CustomAuthorizer#doSecuredCheck
>
> It is for third party integration or I need to use it elsewhere?
>
> For now i'm not using itm when user does not have access to a method I
> just throw an exeption (is it the correct way?).
>
> [1]
> http://deltaspike.apache.org/documentation/security.html#_securitybinding_for_class_and_method_invocations
> --
> <http://www.advancedit.com.br/>Att,
>
> Rafael M. Pestano
>
> Desenvolvedor Java Cia. de Processamento de Dados do Rio Grande do Sul
> http://rpestano.wordpress.com/
> @realpestano <https://twitter.com/realpestano>
>
--
<http://www.advancedit.com.br/>Att,
Rafael M. Pestano
Desenvolvedor Java Cia. de Processamento de Dados do Rio Grande do Sul
http://rpestano.wordpress.com/
@realpestano <https://twitter.com/realpestano>