Return-Path: X-Original-To: apmail-deltaspike-users-archive@www.apache.org Delivered-To: apmail-deltaspike-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A25B9106CE for ; Sat, 15 Feb 2014 14:22:54 +0000 (UTC) Received: (qmail 85389 invoked by uid 500); 15 Feb 2014 14:22:54 -0000 Delivered-To: apmail-deltaspike-users-archive@deltaspike.apache.org Received: (qmail 85253 invoked by uid 500); 15 Feb 2014 14:22:53 -0000 Mailing-List: contact users-help@deltaspike.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@deltaspike.apache.org Delivered-To: mailing list users@deltaspike.apache.org Received: (qmail 85245 invoked by uid 99); 15 Feb 2014 14:22:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Feb 2014 14:22:53 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of gerhard.petracek@gmail.com designates 209.85.216.49 as permitted sender) Received: from [209.85.216.49] (HELO mail-qa0-f49.google.com) (209.85.216.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Feb 2014 14:22:47 +0000 Received: by mail-qa0-f49.google.com with SMTP id w8so19477450qac.22 for ; Sat, 15 Feb 2014 06:22:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=4jLoDWnHuYhZMW9LaZDZ6VRXuV91v1N1U+Q8w7nE5aw=; b=QVC6DmrTs03cHFnxiZ98afPFgeTRcMElavGkRnCWfI9Ma/nBtJAWIm4aNj2pWcOAoQ W5veRDqM6zi8qttHHVPFAa1ZmXsZpTifEo6Yz01/5lIdCqESuDMEWAC7KVyHrfuK1pUo 8BLdsjI5osjzr8k6SsTW8UbfeupDRAf04QumsBz+LoBihUqJFQVXjI3MX6cn8cup19oF 21js03ga1rESlD1vktJahhfQEyGKw5mc9tpwzC3ZyHzQjyGf7DFhthRcXS++7Qd30WlO M2sROLLWYCbX35NQpqUwnh6Ie/fDDsrPHt7Te7uOKJYLHT/4d9iUcP7MU+MntmDViqaw xT4g== X-Received: by 10.140.21.179 with SMTP id 48mr1671268qgl.78.1392474146743; Sat, 15 Feb 2014 06:22:26 -0800 (PST) MIME-Version: 1.0 Received: by 10.96.202.99 with HTTP; Sat, 15 Feb 2014 06:22:06 -0800 (PST) In-Reply-To: References: From: Gerhard Petracek Date: Sat, 15 Feb 2014 15:22:06 +0100 Message-ID: Subject: Re: Question about @Secured integration with type safe navigation To: users@deltaspike.apache.org Content-Type: multipart/alternative; boundary=001a11c11feee045a604f272a6e9 X-Virus-Checked: Checked by ClamAV on apache.org --001a11c11feee045a604f272a6e9 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable once jsf handles the request, it should work. (for sure you need your custom AccessDecisionVoter + the corresponding view-config. please have a look at [1].) regards, gerhard [1] http://deltaspike.apache.org/jsf.html#security-integration-via-secured http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2014-02-15 15:15 GMT+01:00 Thomas Andraschko : > AFAIR it worked fine in CODI. > > @Gerhard: Any reason why it don't work in DS? > > > 2014-02-15 15:11 GMT+01:00 Karl Kild=E9n : > > > Hello, > > > > If a user simply types in /secured/admin.xhtml in the browser the > @Secured > > annotation will not help, right? As far as I understand it's it only > > triggers the AccessDecisionVoter when you actually navigate with JSF... > > So I would still need to define a @WebFilter to secure my application. > > > > Now, the effect would that a secured request will be secured twice, onc= e > by > > the filter and once by my AccessDecisionVoter and I didn't really > > accomplish much by using the AccessDecisionVoter? I feel like I am > missing > > something. > > > > cheers > > > --001a11c11feee045a604f272a6e9--