hi rainer, yesterday i committed an improved request-scoped cache. however, if it's enough to do your check only once (e.g. per session/workflow/...), you can use a custom cache in your AccessDecisionVoter. (an AccessDecisionVoter is a std. cdi bean -> you can use any cdi scope for it).
regards, gerhard 2013/4/10 Rainer Schön <[email protected]> > Hi all > > Now my last observation regarding the security module: When @Secured is > applied to a ViewConfig the DecisionVoter is called: > > a) 3 times, when the security check passes and > b) 2 times, when the security check fails > > This is not the behavior I expect and can lead to problems, when the check > is expensive and/or in case of b) where security exceptions are thrown > twice and thus must be filtered out in the exception handler in some way if > the action taken should be unique. > > If @Secured is applied to a bean or method, everything works fine. > > Regards > Rainer >
