You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltaspike.apache.org by "Gerhard Petracek (JIRA)" <ji...@apache.org> on 2014/08/05 23:29:14 UTC
[jira] [Resolved] (DELTASPIKE-681) Handling AccessDeniedException
will run the secured method
[ https://issues.apache.org/jira/browse/DELTASPIKE-681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gerhard Petracek resolved DELTASPIKE-681.
-----------------------------------------
Resolution: Fixed
Fix Version/s: 1.0.2
i aligned the handling. now both (@Secures and @Secured) handle it the same way (like in v1.0.0)
> Handling AccessDeniedException will run the secured method
> ----------------------------------------------------------
>
> Key: DELTASPIKE-681
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-681
> Project: DeltaSpike
> Issue Type: Bug
> Components: Core, Security-Module
> Affects Versions: 1.0.1
> Reporter: Gabor K
> Priority: Minor
> Fix For: 1.0.2
>
> Attachments: DELTASPIKE-681.patch
>
>
> I'm using DeltaSpike Security Module together with Picketlink. I created an annotation:
> @Retention(value = RetentionPolicy.RUNTIME)
> @Target({ ElementType.TYPE, ElementType.METHOD })
> @Documented
> @SecurityBindingType
> public @interface Admin { }
> Created an authorizer method:
> @Secures
> @Admin
> public boolean doSecuredCheck(InvocationContext invocationContext, BeanManager manager) throws Exception {
> return false; //Nobody is an admin!
> }
> An created a secured method:
> @Admin
> public void test() {
> System.out.println("in method");
> }
> So far this works fine, the method will not run when invoked from a h:commandButton, because the authorizer method returns false. An AccessDeniedException is thrown which will be displayed on the error page. It is very ugly.
> I wanted to handle the exception gracefully, so I created an exception handler:
> void printExceptions(@Handles ExceptionEvent<AccessDeniedException> evt) {
> FacesContext.getCurrentInstance().addMessage(null, new FacesMessage("You have no access!"));
> }
> The exception handler is being called, no ugly error page, and I can see the "You have no access!" message appearing on the page.
> Hovewer I can also see this in the console:
> "in method"
> So handling the exception caused to secured method to actually run!
--
This message was sent by Atlassian JIRA
(v6.2#6252)