You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltaspike.apache.org by "Philip Herbst (JIRA)" <ji...@apache.org> on 2014/07/13 00:25:04 UTC
[jira] [Commented] (DELTASPIKE-664) SecurityViolation are evaluated
twice for redirect pages with configured errorView
[ https://issues.apache.org/jira/browse/DELTASPIKE-664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14059940#comment-14059940 ]
Philip Herbst commented on DELTASPIKE-664:
------------------------------------------
Thanks for the quick answer. But I have to admit I don't fully understand your answer.
1. the folder is not protected. I can also view error.xhtml directly without any security violation.
2 the error message is just shown once by removing _RedirectedPages_ from SecuredPages.
After your answer I even tried putting the errorView in a different ViewConfig.
{code}
public interface Unprotected extends ViewConfig {
public class Error implements ViewConfig {}
}
{code}
The error message is still shown twice.
I guess it's because the secured view gets replaced with the error-view and is not redirected itself. After playing around a bit the following configuration works as expected (message only shown once)
{code}
public interface Unprotected extends ViewConfig {
@View(navigation = View.NavigationMode.REDIRECT, viewParams = View.ViewParameterMode.INCLUDE)
public class Error implements ViewConfig {}
}
@Specializes
public class MyJsfModuleConfig extends JsfModuleConfig{
@Override
public boolean isAlwaysUseNavigationHandlerOnSecurityViolation() {
return true;
}
}
{code}
Thanks for your support.
> SecurityViolation are evaluated twice for redirect pages with configured errorView
> ----------------------------------------------------------------------------------
>
> Key: DELTASPIKE-664
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-664
> Project: DeltaSpike
> Issue Type: Bug
> Components: Security-Module
> Affects Versions: 1.0.0
> Reporter: Philip Herbst
>
> I modified deltaspike-jsf-example to reproduce the behaviour
> Modification to org.apache.deltaspike.example.viewconfig.Pages
> {code}
> @Secured(value = DenyAllAccessDecisionVoter.class,
> errorView = ViewConfigFolder.Error.class)
> public interface SecuredPages extends ViewConfig, RedirectedPages {}
> ...
> public class Error implements ViewConfig {}
> {code}
> errror.xhtml
> {code}
> <h:form>
> <h:messages />
> </h:form>
> {code}
> Result: Error message is shown twice on error page.
--
This message was sent by Atlassian JIRA
(v6.2#6252)