[ https://issues.apache.org/jira/browse/DELTASPIKE-681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gerhard Petracek resolved DELTASPIKE-681. ----------------------------------------- Resolution: Fixed Fix Version/s: 1.0.2 i aligned the handling. now both (@Secures and @Secured) handle it the same way (like in v1.0.0) > Handling AccessDeniedException will run the secured method > ---------------------------------------------------------- > > Key: DELTASPIKE-681 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-681 > Project: DeltaSpike > Issue Type: Bug > Components: Core, Security-Module > Affects Versions: 1.0.1 > Reporter: Gabor K > Priority: Minor > Fix For: 1.0.2 > > Attachments: DELTASPIKE-681.patch > > > I'm using DeltaSpike Security Module together with Picketlink. I created an > annotation: > @Retention(value = RetentionPolicy.RUNTIME) > @Target({ ElementType.TYPE, ElementType.METHOD }) > @Documented > @SecurityBindingType > public @interface Admin { } > Created an authorizer method: > @Secures > @Admin > public boolean doSecuredCheck(InvocationContext invocationContext, > BeanManager manager) throws Exception { > return false; //Nobody is an admin! > } > An created a secured method: > @Admin > public void test() { > System.out.println("in method"); > } > So far this works fine, the method will not run when invoked from a > h:commandButton, because the authorizer method returns false. An > AccessDeniedException is thrown which will be displayed on the error page. It > is very ugly. > I wanted to handle the exception gracefully, so I created an exception > handler: > void printExceptions(@Handles ExceptionEvent<AccessDeniedException> evt) { > FacesContext.getCurrentInstance().addMessage(null, new > FacesMessage("You have no access!")); > } > The exception handler is being called, no ugly error page, and I can see the > "You have no access!" message appearing on the page. > Hovewer I can also see this in the console: > "in method" > So handling the exception caused to secured method to actually run! -- This message was sent by Atlassian JIRA (v6.2#6252)