You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by José Luis Cetina <ma...@gmail.com> on 2012/06/25 21:42:44 UTC
@Secured CODI
In the CODI Wiki page says:
https://cwiki.apache.org/confluence/display/EXTCDI/Core+Usage#CoreUsage-SecurityViolation
The rest is done by CODI. Please note that there is a natural overhead if
the @Secured annotation is used as interceptor. In combination with the JSF
module, we recommend to us it for the ViewConfig instead of beans because
the performance overhead is minimal compared to an interceptor.
But if i set the @Secured annotation in ViewConfig and i enter directly to
the URL (without a navigation link, of course i dont use CODI if i access
in this way) the checkPermission method was never invoked, as i can see the
only way you can use @Secured annotation in a viewconfig is when you never
expected the user can access to your page with the URL in a directly way,
am i right?
--
-------------------------------------------------------------------
*SCJA. José Luis Cetina*
-------------------------------------------------------------------
Re: @Secured CODI
Posted by Gerhard Petracek <ge...@gmail.com>.
hi jose,
we wrap ViewHandler#createView -> if your config is correct, it should work
(you can check e.g. [1]).
regards,
gerhard
[1] http://s.apache.org/SBP
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/25 José Luis Cetina <ma...@gmail.com>
> In the CODI Wiki page says:
>
> https://cwiki.apache.org/confluence/display/EXTCDI/Core+Usage#CoreUsage-SecurityViolation
>
> The rest is done by CODI. Please note that there is a natural overhead if
> the @Secured annotation is used as interceptor. In combination with the JSF
> module, we recommend to us it for the ViewConfig instead of beans because
> the performance overhead is minimal compared to an interceptor.
>
> But if i set the @Secured annotation in ViewConfig and i enter directly to
> the URL (without a navigation link, of course i dont use CODI if i access
> in this way) the checkPermission method was never invoked, as i can see the
> only way you can use @Secured annotation in a viewconfig is when you never
> expected the user can access to your page with the URL in a directly way,
> am i right?
>
>
> --
> -------------------------------------------------------------------
> *SCJA. José Luis Cetina*
> -------------------------------------------------------------------
>