deltaspike-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gerhard Petracek <gerhard.petra...@gmail.com>
Subject Re: Question about @Secured integration with type safe navigation
Date Sat, 15 Feb 2014 14:22:06 GMT
once jsf handles the request, it should work.
(for sure you need your custom AccessDecisionVoter + the corresponding
view-config. please have a look at [1].)

regards,
gerhard

[1] http://deltaspike.apache.org/jsf.html#security-integration-via-secured

http://www.irian.at

Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German

Professional Support for Apache MyFaces



2014-02-15 15:15 GMT+01:00 Thomas Andraschko <andraschko.thomas@gmail.com>:

> AFAIR it worked fine in CODI.
>
> @Gerhard: Any reason why it don't work in DS?
>
>
> 2014-02-15 15:11 GMT+01:00 Karl Kildén <karl.kilden@gmail.com>:
>
> > Hello,
> >
> > If a user simply types in /secured/admin.xhtml in the browser the
> @Secured
> > annotation will not help, right? As far as I understand it's it only
> > triggers the AccessDecisionVoter when you actually navigate with JSF...
> > So I would still need to define a @WebFilter to secure my application.
> >
> > Now, the effect would that a secured request will be secured twice, once
> by
> > the filter and once by my AccessDecisionVoter and I didn't really
> > accomplish much by using the AccessDecisionVoter? I feel like I am
> missing
> > something.
> >
> > cheers
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message