myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gerhard Petracek <gerhard.petra...@gmail.com>
Subject Re: @Secured CODI
Date Mon, 25 Jun 2012 21:20:53 GMT
hi jose,

we wrap ViewHandler#createView -> if your config is correct, it should work
(you can check e.g. [1]).

regards,
gerhard

[1] http://s.apache.org/SBP

http://www.irian.at

Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German

Professional Support for Apache MyFaces



2012/6/25 José Luis Cetina <maxtorzito@gmail.com>

> In the CODI Wiki page says:
>
> https://cwiki.apache.org/confluence/display/EXTCDI/Core+Usage#CoreUsage-SecurityViolation
>
> The rest is done by CODI. Please note that there is a natural overhead if
> the @Secured annotation is used as interceptor. In combination with the JSF
> module, we recommend to us it for the ViewConfig instead of beans because
> the performance overhead is minimal compared to an interceptor.
>
> But if i set the @Secured annotation in ViewConfig and i enter directly to
> the URL (without a navigation link, of course i dont use CODI if i access
> in this way) the checkPermission method was never invoked, as i can see the
> only way you can use @Secured annotation in a viewconfig is when you never
> expected the user can access to your page with the URL in a  directly way,
> am i right?
>
>
> --
> -------------------------------------------------------------------
> *SCJA. José Luis Cetina*
> -------------------------------------------------------------------
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message