[
https://issues.apache.org/jira/browse/DELTASPIKE-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gerhard Petracek resolved DELTASPIKE-64.
----------------------------------------
Resolution: Fixed
we agreed on adding it based on DELTASPIKE-65 -> we will review the result
> review and discuss @Secured
> ---------------------------
>
> Key: DELTASPIKE-64
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-64
> Project: DeltaSpike
> Issue Type: Sub-task
> Components: Security-Module
> Affects Versions: 0.1-incubating
> Reporter: Gerhard Petracek
> Assignee: Gerhard Petracek
> Fix For: 0.2-incubating
>
>
> this feature is listed at
> https://cwiki.apache.org/confluence/display/DeltaSpike/SE+Feature+Ranking and
> part of myfaces codi-core.
> @Secured is a simple cdi interceptor annotation which allows to filter method
> calls to cdi beans based on custom rules.
> it's possible to specify 1-n custom implementations of AccessDecisionVoter.
> those voters get invoked before the call is forwarded to the target method (a
> voter is a cdi bean which gets resolved by its concrete type). an
> implementation of AccessDecisionVoter can access the InvocationContext to get
> further details about the target method to trigger the corresponding
> evaluation. as a result voters return a set of violations
> (SecurityViolation). if there is no violation, the target-method gets
> executed. if there is at least one violation, an AccessDeniedException will
> be thrown.
> in addition an AccessDecisionVoterContext is needed to detect if there is an
> ongoing security check (e.g. it's possible to use it in a custom scope to
> avoid that a security check postpones the expiration).
> (in myfaces codi it's also used to secure views via view-configs, however, we
> will exclude this part for now.)
> users can use those simple and generic apis to implement their own access
> control and it will get used by other deltaspike modules automatically (if
> they use the security-api).
> (in an AccessDecisionVoter it's possible to integrate 3rd party
> security-frameworks.)
> usage of @Secured:
> //...
> @Secured({MyAccessDecisionVoter1.class, MyAccessDecisionVoter2.class})
> public class SecuredBean
> {
> //...
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
