You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@deltaspike.apache.org by "Philip Herbst (JIRA)" <ji...@apache.org> on 2014/07/13 00:25:04 UTC

[jira] [Commented] (DELTASPIKE-664) SecurityViolation are evaluated twice for redirect pages with configured errorView

    [ https://issues.apache.org/jira/browse/DELTASPIKE-664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14059940#comment-14059940 ] 

Philip Herbst commented on DELTASPIKE-664:
------------------------------------------

Thanks for the quick answer. But I have to admit I don't fully understand your answer. 
1. the folder is not protected. I can also view error.xhtml directly without any security violation.
2  the error message is just shown once by removing _RedirectedPages_ from SecuredPages.

After your answer I even tried putting the errorView in a different ViewConfig.

{code}
public interface Unprotected extends ViewConfig {
    public class Error implements ViewConfig {}
}
{code}

The error message is still shown twice.

I guess it's because the secured view gets replaced with the error-view and is not redirected itself. After playing around a bit the following configuration works as expected (message only shown once)
 
{code}
public interface Unprotected extends ViewConfig {
    @View(navigation = View.NavigationMode.REDIRECT, viewParams = View.ViewParameterMode.INCLUDE)
    public class Error implements ViewConfig {}
}

@Specializes
public class MyJsfModuleConfig extends JsfModuleConfig{
    @Override
    public boolean isAlwaysUseNavigationHandlerOnSecurityViolation() {
        return true;
    }
}
{code}

Thanks for your support.


> SecurityViolation are evaluated twice for redirect pages with configured errorView
> ----------------------------------------------------------------------------------
>
>                 Key: DELTASPIKE-664
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-664
>             Project: DeltaSpike
>          Issue Type: Bug
>          Components: Security-Module
>    Affects Versions: 1.0.0
>            Reporter: Philip Herbst
>
> I modified deltaspike-jsf-example to reproduce the behaviour
> Modification to org.apache.deltaspike.example.viewconfig.Pages
> {code}
>     @Secured(value = DenyAllAccessDecisionVoter.class, 
>              errorView = ViewConfigFolder.Error.class)
>     public interface SecuredPages extends ViewConfig, RedirectedPages {}
> ...
>     public class Error implements ViewConfig {}
> {code}
> errror.xhtml
> {code}
>     <h:form>
>    	  <h:messages />
>     </h:form>
> {code}
> Result: Error message is shown twice on error page.



--
This message was sent by Atlassian JIRA
(v6.2#6252)