You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by José Luis Cetina <ma...@gmail.com> on 2012/06/25 22:25:37 UTC
DefaultErrorView
My denied page never shown, i always get Cannot set content type. Response
already committed.
I have this:
@Page
public class Denegado extends DefaultErrorView{
}
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
my bean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
THEN I ADD SecurityViolation
@Override
protected void checkPermission(InvocationContext ic,
Set<SecurityViolation> violations) {
violations.add(newSecurityViolation("DENIED."));
}
But i always see in my page this:
An Error Occurred:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
viewId=/web/portal_academico/control_escolar/cursos.xhtml
location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
phaseId=RENDER_RESPONSE(6)
Caused by:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
at
org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
And in the log:
org.apache.myfaces.context.servlet.ServletExternalContextImpl
setResponseContentType
SEVERE: Cannot set content type. Response already committed
What is wrong?
--
-------------------------------------------------------------------
*SCJA. José Luis Cetina*
-------------------------------------------------------------------
Re: DefaultErrorView
Posted by José Luis Cetina <ma...@gmail.com>.
Ok, thanks, i did with ViewMetaData.
2012/6/26 Gerhard Petracek <ge...@gmail.com>
> hi jose,
>
> that's a different topic (and we talked about it already).
>
> @ view-configs:
> you just use @Secured + a separated (custom) annotation e.g.
> @CustomMetaData (meta-annotated with @ViewMetaData)
>
> e.g.:
> @Page
> @Secured(CustomAccessDecisionVoter.class)
> @CustomMetaData(...)
> public final class MySecuredPage implements ViewConfig
> {
> }
>
> -> your AccessDecisionVoter queries the custom meta-data for the current
> view:
>
> //...
> @Inject
> private ViewConfigResolver viewConfigResolver;
> //...
> String currentViewId =
> FacesContext.getCurrentInstance().getViewRoot().getViewId();
>
> viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData();
> or
>
> viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData(CustomMetaData.class);
>
> regards,
> gerhard
>
> http://www.irian.at
>
> Your JSF/JavaEE powerhouse -
> JavaEE Consulting, Development and
> Courses in English and German
>
> Professional Support for Apache MyFaces
>
>
>
> 2012/6/26 José Luis Cetina <ma...@gmail.com>
>
> > Ok, but when i use my own annottation as interpcetor and my
> checkPermission
> > method add a SecurityViolation my page never redirect to my
> > DefaultErrorView, i always get:
> >
> > PM org.apache.myfaces.context.servlet.ServletExternalContextImpl
> > setResponseContentType
> > SEVERE: Cannot set content type. Response already committed
> >
> > My Managedbean:
> >
> > @Named
> > @ViewAccessScoped
> > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > public class CursosMBean implements Serializable{
> > }
> >
> > its possible to use an interceptor (CODI Security) win a
> DefaultErrorView,
> > if yes why i alway's get Response already committed?
> >
> > Thanks
> >
> >
> > 2012/6/26 Gerhard Petracek <ge...@gmail.com>
> >
> > > hi jose,
> > >
> > > yes - in a view-config @Secured is a simple annotation and not an
> > > interceptor (because there is nothing to intercept)
> > > -> currently no @Stereotype support.
> > >
> > > @ custom (additional) meta-data:
> > > see [1].
> > >
> > > regards,
> > > gerhard
> > >
> > > [1]
> > >
> > >
> >
> https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata
> > >
> > > http://www.irian.at
> > >
> > > Your JSF/JavaEE powerhouse -
> > > JavaEE Consulting, Development and
> > > Courses in English and German
> > >
> > > Professional Support for Apache MyFaces
> > >
> > >
> > >
> > > 2012/6/26 José Luis Cetina <ma...@gmail.com>
> > >
> > > > If i use my own annotation
> > > >
> > > > @Stereotype
> > > > @Target(value = {ElementType.TYPE})
> > > > @Retention(value = RetentionPolicy.RUNTIME)
> > > > @Secured(value=PermissionAccessDecisionVoter.class)
> > > > public @interface SecurityModule {
> > > > ModuloPantallaEnum codigoModulo();
> > > > }
> > > >
> > > > and then
> > > >
> > > > @Page(navigation = Page.NavigationMode.REDIRECT)
> > > > public interface Pages extends ViewConfig {
> > > >
> > > > public @Page class MyError extends DefaultErrorView implements Pages
> > {}
> > > >
> > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt
> > work
> > > > public @Page class Private implements Pages{}
> > > >
> > > > }
> > > >
> > > >
> > > > @javax.enterprise.context.ApplicationScoped
> > > > public class PermissionAccessDecisionVoter implements
> > > AccessDecisionVoter {
> > > > .....
> > > > }
> > > >
> > > > If i use my @SecurityModule in ViewConfig my checkPermission never
> been
> > > > called, but if i use my @SecurityModule as interceptor (in my
> > > managedbean)
> > > > it works, this is normal?
> > > >
> > > > 2012/6/26 Gerhard Petracek <ge...@gmail.com>
> > > >
> > > > > hi jose,
> > > > >
> > > > > exceptions during the rendering process are always special.
> > > > > -> everything which could lead to an exception should be done
> before
> > > the
> > > > > rendering process.
> > > > > in this case you can't switch to an error-view, if you are in the
> > > middle
> > > > of
> > > > > the rendering process of a page.
> > > > >
> > > > > regards,
> > > > > gerhard
> > > > >
> > > > > http://www.irian.at
> > > > >
> > > > > Your JSF/JavaEE powerhouse -
> > > > > JavaEE Consulting, Development and
> > > > > Courses in English and German
> > > > >
> > > > > Professional Support for Apache MyFaces
> > > > >
> > > > >
> > > > >
> > > > > 2012/6/26 José Luis Cetina <ma...@gmail.com>
> > > > >
> > > > > > Sorry, but i dont understand, i only set my @Secured in my
> managed
> > > > bean.
> > > > > >
> > > > > > Do you mean with: "your secured bean should always get accessed
> > > before
> > > > > the
> > > > > > rendering starts" that i have to call the checkPermission method
> > in a
> > > > > > PreRenderView method in my managedbean?
> > > > > >
> > > > > > like this:
> > > > > >
> > > > > > @Named
> > > > > > @ViewAccessScoped
> > > > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > > > > > public class CursosMBean implements Serializable{
> > > > > >
> > > > > > }
> > > > > >
> > > > > >
> > > > > >
> > > > > > 2012/6/25 Gerhard Petracek <ge...@gmail.com>
> > > > > >
> > > > > > > hi jose,
> > > > > > >
> > > > > > > your secured bean should always get accessed before the
> rendering
> > > > > starts
> > > > > > > (e.g. via a PreRenderView callback).
> > > > > > > otherwise you get the exception during the rendering process.
> > > > > > >
> > > > > > > regards,
> > > > > > > gerhard
> > > > > > >
> > > > > > > http://www.irian.at
> > > > > > >
> > > > > > > Your JSF/JavaEE powerhouse -
> > > > > > > JavaEE Consulting, Development and
> > > > > > > Courses in English and German
> > > > > > >
> > > > > > > Professional Support for Apache MyFaces
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > 2012/6/25 José Luis Cetina <ma...@gmail.com>
> > > > > > >
> > > > > > > > My denied page never shown, i always get Cannot set content
> > type.
> > > > > > > Response
> > > > > > > > already committed.
> > > > > > > >
> > > > > > > >
> > > > > > > > I have this:
> > > > > > > >
> > > > > > > > @Page
> > > > > > > > public class Denegado extends DefaultErrorView{
> > > > > > > >
> > > > > > > > }
> > > > > > > >
> > > > > > > > @Stereotype
> > > > > > > > @Target(value = {ElementType.TYPE})
> > > > > > > > @Retention(value = RetentionPolicy.RUNTIME)
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
> > > > > > > > public @interface SecurityModule {
> > > > > > > > ModuloPantallaEnum codigoModulo();
> > > > > > > > }
> > > > > > > >
> > > > > > > > my bean:
> > > > > > > > @Named
> > > > > > > > @ViewAccessScoped
> > > > > > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > > > > > > > public class CursosMBean implements Serializable{
> > > > > > > > }
> > > > > > > >
> > > > > > > > THEN I ADD SecurityViolation
> > > > > > > > @Override
> > > > > > > > protected void checkPermission(InvocationContext ic,
> > > > > > > > Set<SecurityViolation> violations) {
> > > > > > > > violations.add(newSecurityViolation("DENIED."));
> > > > > > > > }
> > > > > > > >
> > > > > > > > But i always see in my page this:
> > > > > > > >
> > > > > > > > An Error Occurred:
> > > > > > > >
> > > > > > > >
> > > > > >
> > > >
> > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > > > > > > >
> > > > > > > > viewId=/web/portal_academico/control_escolar/cursos.xhtml
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
> > > > > > > > phaseId=RENDER_RESPONSE(6)
> > > > > > > >
> > > > > > > > Caused by:
> > > > > > > >
> > > > > >
> > > >
> > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > > > > > > > at
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > And in the log:
> > > > > > > >
> > > > > > > > org.apache.myfaces.context.servlet.ServletExternalContextImpl
> > > > > > > > setResponseContentType
> > > > > > > > SEVERE: Cannot set content type. Response already committed
> > > > > > > >
> > > > > > > > What is wrong?
> > > > > > > >
> > > > > > > > --
> > > > > > > >
> > > -------------------------------------------------------------------
> > > > > > > > *SCJA. José Luis Cetina*
> > > > > > > >
> > > -------------------------------------------------------------------
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> -------------------------------------------------------------------
> > > > > > *SCJA. José Luis Cetina*
> > > > > >
> -------------------------------------------------------------------
> > > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > -------------------------------------------------------------------
> > > > *SCJA. José Luis Cetina*
> > > > -------------------------------------------------------------------
> > > >
> > >
> >
> >
> >
> > --
> > -------------------------------------------------------------------
> > *SCJA. José Luis Cetina*
> > -------------------------------------------------------------------
> >
>
--
-------------------------------------------------------------------
*SCJA. José Luis Cetina*
-------------------------------------------------------------------
Re: DefaultErrorView
Posted by Gerhard Petracek <ge...@gmail.com>.
hi jose,
that's a different topic (and we talked about it already).
@ view-configs:
you just use @Secured + a separated (custom) annotation e.g.
@CustomMetaData (meta-annotated with @ViewMetaData)
e.g.:
@Page
@Secured(CustomAccessDecisionVoter.class)
@CustomMetaData(...)
public final class MySecuredPage implements ViewConfig
{
}
-> your AccessDecisionVoter queries the custom meta-data for the current
view:
//...
@Inject
private ViewConfigResolver viewConfigResolver;
//...
String currentViewId =
FacesContext.getCurrentInstance().getViewRoot().getViewId();
viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData();
or
viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData(CustomMetaData.class);
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina <ma...@gmail.com>
> Ok, but when i use my own annottation as interpcetor and my checkPermission
> method add a SecurityViolation my page never redirect to my
> DefaultErrorView, i always get:
>
> PM org.apache.myfaces.context.servlet.ServletExternalContextImpl
> setResponseContentType
> SEVERE: Cannot set content type. Response already committed
>
> My Managedbean:
>
> @Named
> @ViewAccessScoped
> @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> public class CursosMBean implements Serializable{
> }
>
> its possible to use an interceptor (CODI Security) win a DefaultErrorView,
> if yes why i alway's get Response already committed?
>
> Thanks
>
>
> 2012/6/26 Gerhard Petracek <ge...@gmail.com>
>
> > hi jose,
> >
> > yes - in a view-config @Secured is a simple annotation and not an
> > interceptor (because there is nothing to intercept)
> > -> currently no @Stereotype support.
> >
> > @ custom (additional) meta-data:
> > see [1].
> >
> > regards,
> > gerhard
> >
> > [1]
> >
> >
> https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata
> >
> > http://www.irian.at
> >
> > Your JSF/JavaEE powerhouse -
> > JavaEE Consulting, Development and
> > Courses in English and German
> >
> > Professional Support for Apache MyFaces
> >
> >
> >
> > 2012/6/26 José Luis Cetina <ma...@gmail.com>
> >
> > > If i use my own annotation
> > >
> > > @Stereotype
> > > @Target(value = {ElementType.TYPE})
> > > @Retention(value = RetentionPolicy.RUNTIME)
> > > @Secured(value=PermissionAccessDecisionVoter.class)
> > > public @interface SecurityModule {
> > > ModuloPantallaEnum codigoModulo();
> > > }
> > >
> > > and then
> > >
> > > @Page(navigation = Page.NavigationMode.REDIRECT)
> > > public interface Pages extends ViewConfig {
> > >
> > > public @Page class MyError extends DefaultErrorView implements Pages
> {}
> > >
> > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt
> work
> > > public @Page class Private implements Pages{}
> > >
> > > }
> > >
> > >
> > > @javax.enterprise.context.ApplicationScoped
> > > public class PermissionAccessDecisionVoter implements
> > AccessDecisionVoter {
> > > .....
> > > }
> > >
> > > If i use my @SecurityModule in ViewConfig my checkPermission never been
> > > called, but if i use my @SecurityModule as interceptor (in my
> > managedbean)
> > > it works, this is normal?
> > >
> > > 2012/6/26 Gerhard Petracek <ge...@gmail.com>
> > >
> > > > hi jose,
> > > >
> > > > exceptions during the rendering process are always special.
> > > > -> everything which could lead to an exception should be done before
> > the
> > > > rendering process.
> > > > in this case you can't switch to an error-view, if you are in the
> > middle
> > > of
> > > > the rendering process of a page.
> > > >
> > > > regards,
> > > > gerhard
> > > >
> > > > http://www.irian.at
> > > >
> > > > Your JSF/JavaEE powerhouse -
> > > > JavaEE Consulting, Development and
> > > > Courses in English and German
> > > >
> > > > Professional Support for Apache MyFaces
> > > >
> > > >
> > > >
> > > > 2012/6/26 José Luis Cetina <ma...@gmail.com>
> > > >
> > > > > Sorry, but i dont understand, i only set my @Secured in my managed
> > > bean.
> > > > >
> > > > > Do you mean with: "your secured bean should always get accessed
> > before
> > > > the
> > > > > rendering starts" that i have to call the checkPermission method
> in a
> > > > > PreRenderView method in my managedbean?
> > > > >
> > > > > like this:
> > > > >
> > > > > @Named
> > > > > @ViewAccessScoped
> > > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > > > > public class CursosMBean implements Serializable{
> > > > >
> > > > > }
> > > > >
> > > > >
> > > > >
> > > > > 2012/6/25 Gerhard Petracek <ge...@gmail.com>
> > > > >
> > > > > > hi jose,
> > > > > >
> > > > > > your secured bean should always get accessed before the rendering
> > > > starts
> > > > > > (e.g. via a PreRenderView callback).
> > > > > > otherwise you get the exception during the rendering process.
> > > > > >
> > > > > > regards,
> > > > > > gerhard
> > > > > >
> > > > > > http://www.irian.at
> > > > > >
> > > > > > Your JSF/JavaEE powerhouse -
> > > > > > JavaEE Consulting, Development and
> > > > > > Courses in English and German
> > > > > >
> > > > > > Professional Support for Apache MyFaces
> > > > > >
> > > > > >
> > > > > >
> > > > > > 2012/6/25 José Luis Cetina <ma...@gmail.com>
> > > > > >
> > > > > > > My denied page never shown, i always get Cannot set content
> type.
> > > > > > Response
> > > > > > > already committed.
> > > > > > >
> > > > > > >
> > > > > > > I have this:
> > > > > > >
> > > > > > > @Page
> > > > > > > public class Denegado extends DefaultErrorView{
> > > > > > >
> > > > > > > }
> > > > > > >
> > > > > > > @Stereotype
> > > > > > > @Target(value = {ElementType.TYPE})
> > > > > > > @Retention(value = RetentionPolicy.RUNTIME)
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
> > > > > > > public @interface SecurityModule {
> > > > > > > ModuloPantallaEnum codigoModulo();
> > > > > > > }
> > > > > > >
> > > > > > > my bean:
> > > > > > > @Named
> > > > > > > @ViewAccessScoped
> > > > > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > > > > > > public class CursosMBean implements Serializable{
> > > > > > > }
> > > > > > >
> > > > > > > THEN I ADD SecurityViolation
> > > > > > > @Override
> > > > > > > protected void checkPermission(InvocationContext ic,
> > > > > > > Set<SecurityViolation> violations) {
> > > > > > > violations.add(newSecurityViolation("DENIED."));
> > > > > > > }
> > > > > > >
> > > > > > > But i always see in my page this:
> > > > > > >
> > > > > > > An Error Occurred:
> > > > > > >
> > > > > > >
> > > > >
> > >
> org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > > > > > >
> > > > > > > viewId=/web/portal_academico/control_escolar/cursos.xhtml
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
> > > > > > > phaseId=RENDER_RESPONSE(6)
> > > > > > >
> > > > > > > Caused by:
> > > > > > >
> > > > >
> > >
> org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > > > > > > at
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > And in the log:
> > > > > > >
> > > > > > > org.apache.myfaces.context.servlet.ServletExternalContextImpl
> > > > > > > setResponseContentType
> > > > > > > SEVERE: Cannot set content type. Response already committed
> > > > > > >
> > > > > > > What is wrong?
> > > > > > >
> > > > > > > --
> > > > > > >
> > -------------------------------------------------------------------
> > > > > > > *SCJA. José Luis Cetina*
> > > > > > >
> > -------------------------------------------------------------------
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > -------------------------------------------------------------------
> > > > > *SCJA. José Luis Cetina*
> > > > > -------------------------------------------------------------------
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > -------------------------------------------------------------------
> > > *SCJA. José Luis Cetina*
> > > -------------------------------------------------------------------
> > >
> >
>
>
>
> --
> -------------------------------------------------------------------
> *SCJA. José Luis Cetina*
> -------------------------------------------------------------------
>
Re: DefaultErrorView
Posted by José Luis Cetina <ma...@gmail.com>.
Ok, but when i use my own annottation as interpcetor and my checkPermission
method add a SecurityViolation my page never redirect to my
DefaultErrorView, i always get:
PM org.apache.myfaces.context.servlet.ServletExternalContextImpl
setResponseContentType
SEVERE: Cannot set content type. Response already committed
My Managedbean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
its possible to use an interceptor (CODI Security) win a DefaultErrorView,
if yes why i alway's get Response already committed?
Thanks
2012/6/26 Gerhard Petracek <ge...@gmail.com>
> hi jose,
>
> yes - in a view-config @Secured is a simple annotation and not an
> interceptor (because there is nothing to intercept)
> -> currently no @Stereotype support.
>
> @ custom (additional) meta-data:
> see [1].
>
> regards,
> gerhard
>
> [1]
>
> https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata
>
> http://www.irian.at
>
> Your JSF/JavaEE powerhouse -
> JavaEE Consulting, Development and
> Courses in English and German
>
> Professional Support for Apache MyFaces
>
>
>
> 2012/6/26 José Luis Cetina <ma...@gmail.com>
>
> > If i use my own annotation
> >
> > @Stereotype
> > @Target(value = {ElementType.TYPE})
> > @Retention(value = RetentionPolicy.RUNTIME)
> > @Secured(value=PermissionAccessDecisionVoter.class)
> > public @interface SecurityModule {
> > ModuloPantallaEnum codigoModulo();
> > }
> >
> > and then
> >
> > @Page(navigation = Page.NavigationMode.REDIRECT)
> > public interface Pages extends ViewConfig {
> >
> > public @Page class MyError extends DefaultErrorView implements Pages {}
> >
> > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt work
> > public @Page class Private implements Pages{}
> >
> > }
> >
> >
> > @javax.enterprise.context.ApplicationScoped
> > public class PermissionAccessDecisionVoter implements
> AccessDecisionVoter {
> > .....
> > }
> >
> > If i use my @SecurityModule in ViewConfig my checkPermission never been
> > called, but if i use my @SecurityModule as interceptor (in my
> managedbean)
> > it works, this is normal?
> >
> > 2012/6/26 Gerhard Petracek <ge...@gmail.com>
> >
> > > hi jose,
> > >
> > > exceptions during the rendering process are always special.
> > > -> everything which could lead to an exception should be done before
> the
> > > rendering process.
> > > in this case you can't switch to an error-view, if you are in the
> middle
> > of
> > > the rendering process of a page.
> > >
> > > regards,
> > > gerhard
> > >
> > > http://www.irian.at
> > >
> > > Your JSF/JavaEE powerhouse -
> > > JavaEE Consulting, Development and
> > > Courses in English and German
> > >
> > > Professional Support for Apache MyFaces
> > >
> > >
> > >
> > > 2012/6/26 José Luis Cetina <ma...@gmail.com>
> > >
> > > > Sorry, but i dont understand, i only set my @Secured in my managed
> > bean.
> > > >
> > > > Do you mean with: "your secured bean should always get accessed
> before
> > > the
> > > > rendering starts" that i have to call the checkPermission method in a
> > > > PreRenderView method in my managedbean?
> > > >
> > > > like this:
> > > >
> > > > @Named
> > > > @ViewAccessScoped
> > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > > > public class CursosMBean implements Serializable{
> > > >
> > > > }
> > > >
> > > >
> > > >
> > > > 2012/6/25 Gerhard Petracek <ge...@gmail.com>
> > > >
> > > > > hi jose,
> > > > >
> > > > > your secured bean should always get accessed before the rendering
> > > starts
> > > > > (e.g. via a PreRenderView callback).
> > > > > otherwise you get the exception during the rendering process.
> > > > >
> > > > > regards,
> > > > > gerhard
> > > > >
> > > > > http://www.irian.at
> > > > >
> > > > > Your JSF/JavaEE powerhouse -
> > > > > JavaEE Consulting, Development and
> > > > > Courses in English and German
> > > > >
> > > > > Professional Support for Apache MyFaces
> > > > >
> > > > >
> > > > >
> > > > > 2012/6/25 José Luis Cetina <ma...@gmail.com>
> > > > >
> > > > > > My denied page never shown, i always get Cannot set content type.
> > > > > Response
> > > > > > already committed.
> > > > > >
> > > > > >
> > > > > > I have this:
> > > > > >
> > > > > > @Page
> > > > > > public class Denegado extends DefaultErrorView{
> > > > > >
> > > > > > }
> > > > > >
> > > > > > @Stereotype
> > > > > > @Target(value = {ElementType.TYPE})
> > > > > > @Retention(value = RetentionPolicy.RUNTIME)
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
> > > > > > public @interface SecurityModule {
> > > > > > ModuloPantallaEnum codigoModulo();
> > > > > > }
> > > > > >
> > > > > > my bean:
> > > > > > @Named
> > > > > > @ViewAccessScoped
> > > > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > > > > > public class CursosMBean implements Serializable{
> > > > > > }
> > > > > >
> > > > > > THEN I ADD SecurityViolation
> > > > > > @Override
> > > > > > protected void checkPermission(InvocationContext ic,
> > > > > > Set<SecurityViolation> violations) {
> > > > > > violations.add(newSecurityViolation("DENIED."));
> > > > > > }
> > > > > >
> > > > > > But i always see in my page this:
> > > > > >
> > > > > > An Error Occurred:
> > > > > >
> > > > > >
> > > >
> > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > > > > >
> > > > > > viewId=/web/portal_academico/control_escolar/cursos.xhtml
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
> > > > > > phaseId=RENDER_RESPONSE(6)
> > > > > >
> > > > > > Caused by:
> > > > > >
> > > >
> > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > > > > > at
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
> > > > > >
> > > > > >
> > > > > >
> > > > > > And in the log:
> > > > > >
> > > > > > org.apache.myfaces.context.servlet.ServletExternalContextImpl
> > > > > > setResponseContentType
> > > > > > SEVERE: Cannot set content type. Response already committed
> > > > > >
> > > > > > What is wrong?
> > > > > >
> > > > > > --
> > > > > >
> -------------------------------------------------------------------
> > > > > > *SCJA. José Luis Cetina*
> > > > > >
> -------------------------------------------------------------------
> > > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > -------------------------------------------------------------------
> > > > *SCJA. José Luis Cetina*
> > > > -------------------------------------------------------------------
> > > >
> > >
> >
> >
> >
> > --
> > -------------------------------------------------------------------
> > *SCJA. José Luis Cetina*
> > -------------------------------------------------------------------
> >
>
--
-------------------------------------------------------------------
*SCJA. José Luis Cetina*
-------------------------------------------------------------------
Re: DefaultErrorView
Posted by Gerhard Petracek <ge...@gmail.com>.
hi jose,
yes - in a view-config @Secured is a simple annotation and not an
interceptor (because there is nothing to intercept)
-> currently no @Stereotype support.
@ custom (additional) meta-data:
see [1].
regards,
gerhard
[1]
https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina <ma...@gmail.com>
> If i use my own annotation
>
> @Stereotype
> @Target(value = {ElementType.TYPE})
> @Retention(value = RetentionPolicy.RUNTIME)
> @Secured(value=PermissionAccessDecisionVoter.class)
> public @interface SecurityModule {
> ModuloPantallaEnum codigoModulo();
> }
>
> and then
>
> @Page(navigation = Page.NavigationMode.REDIRECT)
> public interface Pages extends ViewConfig {
>
> public @Page class MyError extends DefaultErrorView implements Pages {}
>
> @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt work
> public @Page class Private implements Pages{}
>
> }
>
>
> @javax.enterprise.context.ApplicationScoped
> public class PermissionAccessDecisionVoter implements AccessDecisionVoter {
> .....
> }
>
> If i use my @SecurityModule in ViewConfig my checkPermission never been
> called, but if i use my @SecurityModule as interceptor (in my managedbean)
> it works, this is normal?
>
> 2012/6/26 Gerhard Petracek <ge...@gmail.com>
>
> > hi jose,
> >
> > exceptions during the rendering process are always special.
> > -> everything which could lead to an exception should be done before the
> > rendering process.
> > in this case you can't switch to an error-view, if you are in the middle
> of
> > the rendering process of a page.
> >
> > regards,
> > gerhard
> >
> > http://www.irian.at
> >
> > Your JSF/JavaEE powerhouse -
> > JavaEE Consulting, Development and
> > Courses in English and German
> >
> > Professional Support for Apache MyFaces
> >
> >
> >
> > 2012/6/26 José Luis Cetina <ma...@gmail.com>
> >
> > > Sorry, but i dont understand, i only set my @Secured in my managed
> bean.
> > >
> > > Do you mean with: "your secured bean should always get accessed before
> > the
> > > rendering starts" that i have to call the checkPermission method in a
> > > PreRenderView method in my managedbean?
> > >
> > > like this:
> > >
> > > @Named
> > > @ViewAccessScoped
> > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > > public class CursosMBean implements Serializable{
> > >
> > > }
> > >
> > >
> > >
> > > 2012/6/25 Gerhard Petracek <ge...@gmail.com>
> > >
> > > > hi jose,
> > > >
> > > > your secured bean should always get accessed before the rendering
> > starts
> > > > (e.g. via a PreRenderView callback).
> > > > otherwise you get the exception during the rendering process.
> > > >
> > > > regards,
> > > > gerhard
> > > >
> > > > http://www.irian.at
> > > >
> > > > Your JSF/JavaEE powerhouse -
> > > > JavaEE Consulting, Development and
> > > > Courses in English and German
> > > >
> > > > Professional Support for Apache MyFaces
> > > >
> > > >
> > > >
> > > > 2012/6/25 José Luis Cetina <ma...@gmail.com>
> > > >
> > > > > My denied page never shown, i always get Cannot set content type.
> > > > Response
> > > > > already committed.
> > > > >
> > > > >
> > > > > I have this:
> > > > >
> > > > > @Page
> > > > > public class Denegado extends DefaultErrorView{
> > > > >
> > > > > }
> > > > >
> > > > > @Stereotype
> > > > > @Target(value = {ElementType.TYPE})
> > > > > @Retention(value = RetentionPolicy.RUNTIME)
> > > > >
> > > > >
> > > >
> > >
> >
> @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
> > > > > public @interface SecurityModule {
> > > > > ModuloPantallaEnum codigoModulo();
> > > > > }
> > > > >
> > > > > my bean:
> > > > > @Named
> > > > > @ViewAccessScoped
> > > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > > > > public class CursosMBean implements Serializable{
> > > > > }
> > > > >
> > > > > THEN I ADD SecurityViolation
> > > > > @Override
> > > > > protected void checkPermission(InvocationContext ic,
> > > > > Set<SecurityViolation> violations) {
> > > > > violations.add(newSecurityViolation("DENIED."));
> > > > > }
> > > > >
> > > > > But i always see in my page this:
> > > > >
> > > > > An Error Occurred:
> > > > >
> > > > >
> > >
> org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > > > >
> > > > > viewId=/web/portal_academico/control_escolar/cursos.xhtml
> > > > >
> > > > >
> > > >
> > >
> >
> location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
> > > > > phaseId=RENDER_RESPONSE(6)
> > > > >
> > > > > Caused by:
> > > > >
> > >
> org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > > > > at
> > > > >
> > > > >
> > > >
> > >
> >
> org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
> > > > >
> > > > >
> > > > >
> > > > > And in the log:
> > > > >
> > > > > org.apache.myfaces.context.servlet.ServletExternalContextImpl
> > > > > setResponseContentType
> > > > > SEVERE: Cannot set content type. Response already committed
> > > > >
> > > > > What is wrong?
> > > > >
> > > > > --
> > > > > -------------------------------------------------------------------
> > > > > *SCJA. José Luis Cetina*
> > > > > -------------------------------------------------------------------
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > -------------------------------------------------------------------
> > > *SCJA. José Luis Cetina*
> > > -------------------------------------------------------------------
> > >
> >
>
>
>
> --
> -------------------------------------------------------------------
> *SCJA. José Luis Cetina*
> -------------------------------------------------------------------
>
Re: DefaultErrorView
Posted by José Luis Cetina <ma...@gmail.com>.
If i use my own annotation
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
and then
@Page(navigation = Page.NavigationMode.REDIRECT)
public interface Pages extends ViewConfig {
public @Page class MyError extends DefaultErrorView implements Pages {}
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt work
public @Page class Private implements Pages{}
}
@javax.enterprise.context.ApplicationScoped
public class PermissionAccessDecisionVoter implements AccessDecisionVoter {
.....
}
If i use my @SecurityModule in ViewConfig my checkPermission never been
called, but if i use my @SecurityModule as interceptor (in my managedbean)
it works, this is normal?
2012/6/26 Gerhard Petracek <ge...@gmail.com>
> hi jose,
>
> exceptions during the rendering process are always special.
> -> everything which could lead to an exception should be done before the
> rendering process.
> in this case you can't switch to an error-view, if you are in the middle of
> the rendering process of a page.
>
> regards,
> gerhard
>
> http://www.irian.at
>
> Your JSF/JavaEE powerhouse -
> JavaEE Consulting, Development and
> Courses in English and German
>
> Professional Support for Apache MyFaces
>
>
>
> 2012/6/26 José Luis Cetina <ma...@gmail.com>
>
> > Sorry, but i dont understand, i only set my @Secured in my managed bean.
> >
> > Do you mean with: "your secured bean should always get accessed before
> the
> > rendering starts" that i have to call the checkPermission method in a
> > PreRenderView method in my managedbean?
> >
> > like this:
> >
> > @Named
> > @ViewAccessScoped
> > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > public class CursosMBean implements Serializable{
> >
> > }
> >
> >
> >
> > 2012/6/25 Gerhard Petracek <ge...@gmail.com>
> >
> > > hi jose,
> > >
> > > your secured bean should always get accessed before the rendering
> starts
> > > (e.g. via a PreRenderView callback).
> > > otherwise you get the exception during the rendering process.
> > >
> > > regards,
> > > gerhard
> > >
> > > http://www.irian.at
> > >
> > > Your JSF/JavaEE powerhouse -
> > > JavaEE Consulting, Development and
> > > Courses in English and German
> > >
> > > Professional Support for Apache MyFaces
> > >
> > >
> > >
> > > 2012/6/25 José Luis Cetina <ma...@gmail.com>
> > >
> > > > My denied page never shown, i always get Cannot set content type.
> > > Response
> > > > already committed.
> > > >
> > > >
> > > > I have this:
> > > >
> > > > @Page
> > > > public class Denegado extends DefaultErrorView{
> > > >
> > > > }
> > > >
> > > > @Stereotype
> > > > @Target(value = {ElementType.TYPE})
> > > > @Retention(value = RetentionPolicy.RUNTIME)
> > > >
> > > >
> > >
> >
> @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
> > > > public @interface SecurityModule {
> > > > ModuloPantallaEnum codigoModulo();
> > > > }
> > > >
> > > > my bean:
> > > > @Named
> > > > @ViewAccessScoped
> > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > > > public class CursosMBean implements Serializable{
> > > > }
> > > >
> > > > THEN I ADD SecurityViolation
> > > > @Override
> > > > protected void checkPermission(InvocationContext ic,
> > > > Set<SecurityViolation> violations) {
> > > > violations.add(newSecurityViolation("DENIED."));
> > > > }
> > > >
> > > > But i always see in my page this:
> > > >
> > > > An Error Occurred:
> > > >
> > > >
> > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > > >
> > > > viewId=/web/portal_academico/control_escolar/cursos.xhtml
> > > >
> > > >
> > >
> >
> location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
> > > > phaseId=RENDER_RESPONSE(6)
> > > >
> > > > Caused by:
> > > >
> > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > > > at
> > > >
> > > >
> > >
> >
> org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
> > > >
> > > >
> > > >
> > > > And in the log:
> > > >
> > > > org.apache.myfaces.context.servlet.ServletExternalContextImpl
> > > > setResponseContentType
> > > > SEVERE: Cannot set content type. Response already committed
> > > >
> > > > What is wrong?
> > > >
> > > > --
> > > > -------------------------------------------------------------------
> > > > *SCJA. José Luis Cetina*
> > > > -------------------------------------------------------------------
> > > >
> > >
> >
> >
> >
> > --
> > -------------------------------------------------------------------
> > *SCJA. José Luis Cetina*
> > -------------------------------------------------------------------
> >
>
--
-------------------------------------------------------------------
*SCJA. José Luis Cetina*
-------------------------------------------------------------------
Re: DefaultErrorView
Posted by Gerhard Petracek <ge...@gmail.com>.
hi jose,
exceptions during the rendering process are always special.
-> everything which could lead to an exception should be done before the
rendering process.
in this case you can't switch to an error-view, if you are in the middle of
the rendering process of a page.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina <ma...@gmail.com>
> Sorry, but i dont understand, i only set my @Secured in my managed bean.
>
> Do you mean with: "your secured bean should always get accessed before the
> rendering starts" that i have to call the checkPermission method in a
> PreRenderView method in my managedbean?
>
> like this:
>
> @Named
> @ViewAccessScoped
> @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> public class CursosMBean implements Serializable{
>
> }
>
>
>
> 2012/6/25 Gerhard Petracek <ge...@gmail.com>
>
> > hi jose,
> >
> > your secured bean should always get accessed before the rendering starts
> > (e.g. via a PreRenderView callback).
> > otherwise you get the exception during the rendering process.
> >
> > regards,
> > gerhard
> >
> > http://www.irian.at
> >
> > Your JSF/JavaEE powerhouse -
> > JavaEE Consulting, Development and
> > Courses in English and German
> >
> > Professional Support for Apache MyFaces
> >
> >
> >
> > 2012/6/25 José Luis Cetina <ma...@gmail.com>
> >
> > > My denied page never shown, i always get Cannot set content type.
> > Response
> > > already committed.
> > >
> > >
> > > I have this:
> > >
> > > @Page
> > > public class Denegado extends DefaultErrorView{
> > >
> > > }
> > >
> > > @Stereotype
> > > @Target(value = {ElementType.TYPE})
> > > @Retention(value = RetentionPolicy.RUNTIME)
> > >
> > >
> >
> @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
> > > public @interface SecurityModule {
> > > ModuloPantallaEnum codigoModulo();
> > > }
> > >
> > > my bean:
> > > @Named
> > > @ViewAccessScoped
> > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > > public class CursosMBean implements Serializable{
> > > }
> > >
> > > THEN I ADD SecurityViolation
> > > @Override
> > > protected void checkPermission(InvocationContext ic,
> > > Set<SecurityViolation> violations) {
> > > violations.add(newSecurityViolation("DENIED."));
> > > }
> > >
> > > But i always see in my page this:
> > >
> > > An Error Occurred:
> > >
> > >
> org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > >
> > > viewId=/web/portal_academico/control_escolar/cursos.xhtml
> > >
> > >
> >
> location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
> > > phaseId=RENDER_RESPONSE(6)
> > >
> > > Caused by:
> > >
> org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > > at
> > >
> > >
> >
> org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
> > >
> > >
> > >
> > > And in the log:
> > >
> > > org.apache.myfaces.context.servlet.ServletExternalContextImpl
> > > setResponseContentType
> > > SEVERE: Cannot set content type. Response already committed
> > >
> > > What is wrong?
> > >
> > > --
> > > -------------------------------------------------------------------
> > > *SCJA. José Luis Cetina*
> > > -------------------------------------------------------------------
> > >
> >
>
>
>
> --
> -------------------------------------------------------------------
> *SCJA. José Luis Cetina*
> -------------------------------------------------------------------
>
Re: DefaultErrorView
Posted by José Luis Cetina <ma...@gmail.com>.
Sorry, but i dont understand, i only set my @Secured in my managed bean.
Do you mean with: "your secured bean should always get accessed before the
rendering starts" that i have to call the checkPermission method in a
PreRenderView method in my managedbean?
like this:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
2012/6/25 Gerhard Petracek <ge...@gmail.com>
> hi jose,
>
> your secured bean should always get accessed before the rendering starts
> (e.g. via a PreRenderView callback).
> otherwise you get the exception during the rendering process.
>
> regards,
> gerhard
>
> http://www.irian.at
>
> Your JSF/JavaEE powerhouse -
> JavaEE Consulting, Development and
> Courses in English and German
>
> Professional Support for Apache MyFaces
>
>
>
> 2012/6/25 José Luis Cetina <ma...@gmail.com>
>
> > My denied page never shown, i always get Cannot set content type.
> Response
> > already committed.
> >
> >
> > I have this:
> >
> > @Page
> > public class Denegado extends DefaultErrorView{
> >
> > }
> >
> > @Stereotype
> > @Target(value = {ElementType.TYPE})
> > @Retention(value = RetentionPolicy.RUNTIME)
> >
> >
> @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
> > public @interface SecurityModule {
> > ModuloPantallaEnum codigoModulo();
> > }
> >
> > my bean:
> > @Named
> > @ViewAccessScoped
> > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> > public class CursosMBean implements Serializable{
> > }
> >
> > THEN I ADD SecurityViolation
> > @Override
> > protected void checkPermission(InvocationContext ic,
> > Set<SecurityViolation> violations) {
> > violations.add(newSecurityViolation("DENIED."));
> > }
> >
> > But i always see in my page this:
> >
> > An Error Occurred:
> >
> > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> >
> > viewId=/web/portal_academico/control_escolar/cursos.xhtml
> >
> >
> location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
> > phaseId=RENDER_RESPONSE(6)
> >
> > Caused by:
> > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> > at
> >
> >
> org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
> >
> >
> >
> > And in the log:
> >
> > org.apache.myfaces.context.servlet.ServletExternalContextImpl
> > setResponseContentType
> > SEVERE: Cannot set content type. Response already committed
> >
> > What is wrong?
> >
> > --
> > -------------------------------------------------------------------
> > *SCJA. José Luis Cetina*
> > -------------------------------------------------------------------
> >
>
--
-------------------------------------------------------------------
*SCJA. José Luis Cetina*
-------------------------------------------------------------------
Re: DefaultErrorView
Posted by Gerhard Petracek <ge...@gmail.com>.
hi jose,
your secured bean should always get accessed before the rendering starts
(e.g. via a PreRenderView callback).
otherwise you get the exception during the rendering process.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/25 José Luis Cetina <ma...@gmail.com>
> My denied page never shown, i always get Cannot set content type. Response
> already committed.
>
>
> I have this:
>
> @Page
> public class Denegado extends DefaultErrorView{
>
> }
>
> @Stereotype
> @Target(value = {ElementType.TYPE})
> @Retention(value = RetentionPolicy.RUNTIME)
>
> @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
> public @interface SecurityModule {
> ModuloPantallaEnum codigoModulo();
> }
>
> my bean:
> @Named
> @ViewAccessScoped
> @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
> public class CursosMBean implements Serializable{
> }
>
> THEN I ADD SecurityViolation
> @Override
> protected void checkPermission(InvocationContext ic,
> Set<SecurityViolation> violations) {
> violations.add(newSecurityViolation("DENIED."));
> }
>
> But i always see in my page this:
>
> An Error Occurred:
>
> org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
>
> viewId=/web/portal_academico/control_escolar/cursos.xhtml
>
> location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
> phaseId=RENDER_RESPONSE(6)
>
> Caused by:
> org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
> at
>
> org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
>
>
>
> And in the log:
>
> org.apache.myfaces.context.servlet.ServletExternalContextImpl
> setResponseContentType
> SEVERE: Cannot set content type. Response already committed
>
> What is wrong?
>
> --
> -------------------------------------------------------------------
> *SCJA. José Luis Cetina*
> -------------------------------------------------------------------
>