[jira] [Resolved] (DELTASPIKE-681) Handling AccessDeniedException will run the secured method

Tue, 05 Aug 2014 14:29:32 -0700 

     [ 
https://issues.apache.org/jira/browse/DELTASPIKE-681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gerhard Petracek resolved DELTASPIKE-681.
-----------------------------------------

       Resolution: Fixed
    Fix Version/s: 1.0.2

i aligned the handling. now both (@Secures and @Secured) handle it the same way 
(like in v1.0.0)

> Handling AccessDeniedException will run the secured method
> ----------------------------------------------------------
>
>                 Key: DELTASPIKE-681
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-681
>             Project: DeltaSpike
>          Issue Type: Bug
>          Components: Core, Security-Module
>    Affects Versions: 1.0.1
>            Reporter: Gabor K
>            Priority: Minor
>             Fix For: 1.0.2
>
>         Attachments: DELTASPIKE-681.patch
>
>
> I'm using DeltaSpike Security Module together with Picketlink. I created an 
> annotation:
> @Retention(value = RetentionPolicy.RUNTIME)
> @Target({ ElementType.TYPE, ElementType.METHOD })
> @Documented
> @SecurityBindingType
> public @interface Admin { }
> Created an authorizer method:
> @Secures
> @Admin
> public boolean doSecuredCheck(InvocationContext invocationContext, 
> BeanManager manager) throws Exception {
>               return false; //Nobody is an admin!
> }
> An created a secured method:
> @Admin
> public void test() {
>       System.out.println("in method");
> }
> So far this works fine, the method will not run when invoked from a 
> h:commandButton, because the authorizer method returns false. An 
> AccessDeniedException is thrown which will be displayed on the error page. It 
> is very ugly.
> I wanted to handle the exception gracefully, so I created an exception 
> handler:
> void printExceptions(@Handles ExceptionEvent<AccessDeniedException> evt) {
>       FacesContext.getCurrentInstance().addMessage(null, new 
> FacesMessage("You have no access!"));
> }
> The exception handler is being called, no ugly error page, and I can see the 
> "You have no access!" message appearing on the page.
> Hovewer I can also see this in the console:
> "in method"
> So handling the exception caused to secured method to actually run!



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to