Andrew Schmidt created DELTASPIKE-1294:
------------------------------------------
Summary: Secured Stereotypes do not get applied to inherited
methods
Key: DELTASPIKE-1294
URL: https://issues.apache.org/jira/browse/DELTASPIKE-1294
Project: DeltaSpike
Issue Type: Bug
Components: Security-Module
Affects Versions: 1.8.0
Reporter: Andrew Schmidt
I have a @Secured @Stereotype annotation
{code:java}
@Retention( RUNTIME )
@Stereotype
@Inherited
@Secured( CustomAccessDecisionVoter.class )
@Target( { ElementType.TYPE, ElementType.METHOD } )
public @interface Permission {
}
{code}
And my decision voter:
{code:java}
@ApplicationScoped
public class CustomAccessDecisionVoter extends AbstractAccessDecisionVoter {
@Override
protected void checkPermission( AccessDecisionVoterContext voterContext,
Set<SecurityViolation> violations )
{
System.out.println( "Checking permission for " +
voterContext.<InvocationContext> getSource().getMethod().getName() );
}
}
{code}
And now a bean that inherits from another class
{code:java}
public class Animal
{
public String getParentName()
{
return "parent";
}
}
{code}
{code:java}
@Named
@Permission
public class Dog extends Animal
{
public String getChildName()
{
return "dog";
}
}
{code}
In JSF dogName: #{dog.childName} will invoke the checkPermission whereas
#{dog.parentName} will not
This is in contrast to the @SecurityBindingType
{code:java}
@Retention( value = RetentionPolicy.RUNTIME )
@Target( { ElementType.TYPE, ElementType.METHOD } )
@Documented
@SecurityBindingType
public @interface UserLoggedIn {
}
{code}
{code:java}
@ApplicationScoped
public class LoginAuthorizer
{
@Secures
@UserLoggedIn
public boolean doSecuredCheck( InvocationContext invocationContext ) throws
Exception
{
System.out.println( "doSecuredCheck called for: " +
invocationContext.getMethod().getName() );
return true;
}
}
{code}
Now applying @UserLoggedIn to the Dog class will cause the doSecuredCheck to
fire for both getChildName and getParentName
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
