Re: DefaultErrorView
hi jose,
exceptions during the rendering process are always special.
- everything which could lead to an exception should be done before the
rendering process.
in this case you can't switch to an error-view, if you are in the middle of
the rendering process of a page.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
Sorry, but i dont understand, i only set my @Secured in my managed bean.
Do you mean with: your secured bean should always get accessed before the
rendering starts that i have to call the checkPermission method in a
PreRenderView method in my managedbean?
like this:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
your secured bean should always get accessed before the rendering starts
(e.g. via a PreRenderView callback).
otherwise you get the exception during the rendering process.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/25 José Luis Cetina maxtorz...@gmail.com
My denied page never shown, i always get Cannot set content type.
Response
already committed.
I have this:
@Page
public class Denegado extends DefaultErrorView{
}
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
my bean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
THEN I ADD SecurityViolation
@Override
protected void checkPermission(InvocationContext ic,
SetSecurityViolation violations) {
violations.add(newSecurityViolation(DENIED.));
}
But i always see in my page this:
An Error Occurred:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
viewId=/web/portal_academico/control_escolar/cursos.xhtml
location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
phaseId=RENDER_RESPONSE(6)
Caused by:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
at
org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
And in the log:
org.apache.myfaces.context.servlet.ServletExternalContextImpl
setResponseContentType
SEVERE: Cannot set content type. Response already committed
What is wrong?
--
---
*SCJA. José Luis Cetina*
---
--
---
*SCJA. José Luis Cetina*
---
Re: DefaultErrorView
If i use my own annotation
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
and then
@Page(navigation = Page.NavigationMode.REDIRECT)
public interface Pages extends ViewConfig {
public @Page class MyError extends DefaultErrorView implements Pages {}
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt work
public @Page class Private implements Pages{}
}
@javax.enterprise.context.ApplicationScoped
public class PermissionAccessDecisionVoter implements AccessDecisionVoter {
.
}
If i use my @SecurityModule in ViewConfig my checkPermission never been
called, but if i use my @SecurityModule as interceptor (in my managedbean)
it works, this is normal?
2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
exceptions during the rendering process are always special.
- everything which could lead to an exception should be done before the
rendering process.
in this case you can't switch to an error-view, if you are in the middle of
the rendering process of a page.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
Sorry, but i dont understand, i only set my @Secured in my managed bean.
Do you mean with: your secured bean should always get accessed before
the
rendering starts that i have to call the checkPermission method in a
PreRenderView method in my managedbean?
like this:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
your secured bean should always get accessed before the rendering
starts
(e.g. via a PreRenderView callback).
otherwise you get the exception during the rendering process.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/25 José Luis Cetina maxtorz...@gmail.com
My denied page never shown, i always get Cannot set content type.
Response
already committed.
I have this:
@Page
public class Denegado extends DefaultErrorView{
}
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
my bean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
THEN I ADD SecurityViolation
@Override
protected void checkPermission(InvocationContext ic,
SetSecurityViolation violations) {
violations.add(newSecurityViolation(DENIED.));
}
But i always see in my page this:
An Error Occurred:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
viewId=/web/portal_academico/control_escolar/cursos.xhtml
location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
phaseId=RENDER_RESPONSE(6)
Caused by:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
at
org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
And in the log:
org.apache.myfaces.context.servlet.ServletExternalContextImpl
setResponseContentType
SEVERE: Cannot set content type. Response already committed
What is wrong?
--
---
*SCJA. José Luis Cetina*
---
--
---
*SCJA. José Luis Cetina*
---
--
---
*SCJA. José Luis Cetina*
---
Re: DefaultErrorView
hi jose,
yes - in a view-config @Secured is a simple annotation and not an
interceptor (because there is nothing to intercept)
- currently no @Stereotype support.
@ custom (additional) meta-data:
see [1].
regards,
gerhard
[1]
https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
If i use my own annotation
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
and then
@Page(navigation = Page.NavigationMode.REDIRECT)
public interface Pages extends ViewConfig {
public @Page class MyError extends DefaultErrorView implements Pages {}
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt work
public @Page class Private implements Pages{}
}
@javax.enterprise.context.ApplicationScoped
public class PermissionAccessDecisionVoter implements AccessDecisionVoter {
.
}
If i use my @SecurityModule in ViewConfig my checkPermission never been
called, but if i use my @SecurityModule as interceptor (in my managedbean)
it works, this is normal?
2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
exceptions during the rendering process are always special.
- everything which could lead to an exception should be done before the
rendering process.
in this case you can't switch to an error-view, if you are in the middle
of
the rendering process of a page.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
Sorry, but i dont understand, i only set my @Secured in my managed
bean.
Do you mean with: your secured bean should always get accessed before
the
rendering starts that i have to call the checkPermission method in a
PreRenderView method in my managedbean?
like this:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
your secured bean should always get accessed before the rendering
starts
(e.g. via a PreRenderView callback).
otherwise you get the exception during the rendering process.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/25 José Luis Cetina maxtorz...@gmail.com
My denied page never shown, i always get Cannot set content type.
Response
already committed.
I have this:
@Page
public class Denegado extends DefaultErrorView{
}
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
my bean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
THEN I ADD SecurityViolation
@Override
protected void checkPermission(InvocationContext ic,
SetSecurityViolation violations) {
violations.add(newSecurityViolation(DENIED.));
}
But i always see in my page this:
An Error Occurred:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
viewId=/web/portal_academico/control_escolar/cursos.xhtml
location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
phaseId=RENDER_RESPONSE(6)
Caused by:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
at
org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
And in the log:
org.apache.myfaces.context.servlet.ServletExternalContextImpl
setResponseContentType
SEVERE: Cannot set content type. Response already committed
What is wrong?
--
---
*SCJA. José Luis Cetina
Re: DefaultErrorView
Ok, but when i use my own annottation as interpcetor and my checkPermission
method add a SecurityViolation my page never redirect to my
DefaultErrorView, i always get:
PM org.apache.myfaces.context.servlet.ServletExternalContextImpl
setResponseContentType
SEVERE: Cannot set content type. Response already committed
My Managedbean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
its possible to use an interceptor (CODI Security) win a DefaultErrorView,
if yes why i alway's get Response already committed?
Thanks
2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
yes - in a view-config @Secured is a simple annotation and not an
interceptor (because there is nothing to intercept)
- currently no @Stereotype support.
@ custom (additional) meta-data:
see [1].
regards,
gerhard
[1]
https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
If i use my own annotation
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
and then
@Page(navigation = Page.NavigationMode.REDIRECT)
public interface Pages extends ViewConfig {
public @Page class MyError extends DefaultErrorView implements Pages {}
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt work
public @Page class Private implements Pages{}
}
@javax.enterprise.context.ApplicationScoped
public class PermissionAccessDecisionVoter implements
AccessDecisionVoter {
.
}
If i use my @SecurityModule in ViewConfig my checkPermission never been
called, but if i use my @SecurityModule as interceptor (in my
managedbean)
it works, this is normal?
2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
exceptions during the rendering process are always special.
- everything which could lead to an exception should be done before
the
rendering process.
in this case you can't switch to an error-view, if you are in the
middle
of
the rendering process of a page.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
Sorry, but i dont understand, i only set my @Secured in my managed
bean.
Do you mean with: your secured bean should always get accessed
before
the
rendering starts that i have to call the checkPermission method in a
PreRenderView method in my managedbean?
like this:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
your secured bean should always get accessed before the rendering
starts
(e.g. via a PreRenderView callback).
otherwise you get the exception during the rendering process.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/25 José Luis Cetina maxtorz...@gmail.com
My denied page never shown, i always get Cannot set content type.
Response
already committed.
I have this:
@Page
public class Denegado extends DefaultErrorView{
}
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
my bean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
THEN I ADD SecurityViolation
@Override
protected void checkPermission(InvocationContext ic,
SetSecurityViolation violations) {
violations.add(newSecurityViolation(DENIED.));
}
But i always see in my page this:
An Error Occurred:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
viewId=/web/portal_academico/control_escolar/cursos.xhtml
Re: DefaultErrorView
hi jose,
that's a different topic (and we talked about it already).
@ view-configs:
you just use @Secured + a separated (custom) annotation e.g.
@CustomMetaData (meta-annotated with @ViewMetaData)
e.g.:
@Page
@Secured(CustomAccessDecisionVoter.class)
@CustomMetaData(...)
public final class MySecuredPage implements ViewConfig
{
}
- your AccessDecisionVoter queries the custom meta-data for the current
view:
//...
@Inject
private ViewConfigResolver viewConfigResolver;
//...
String currentViewId =
FacesContext.getCurrentInstance().getViewRoot().getViewId();
viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData();
or
viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData(CustomMetaData.class);
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
Ok, but when i use my own annottation as interpcetor and my checkPermission
method add a SecurityViolation my page never redirect to my
DefaultErrorView, i always get:
PM org.apache.myfaces.context.servlet.ServletExternalContextImpl
setResponseContentType
SEVERE: Cannot set content type. Response already committed
My Managedbean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
its possible to use an interceptor (CODI Security) win a DefaultErrorView,
if yes why i alway's get Response already committed?
Thanks
2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
yes - in a view-config @Secured is a simple annotation and not an
interceptor (because there is nothing to intercept)
- currently no @Stereotype support.
@ custom (additional) meta-data:
see [1].
regards,
gerhard
[1]
https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
If i use my own annotation
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
and then
@Page(navigation = Page.NavigationMode.REDIRECT)
public interface Pages extends ViewConfig {
public @Page class MyError extends DefaultErrorView implements Pages
{}
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt
work
public @Page class Private implements Pages{}
}
@javax.enterprise.context.ApplicationScoped
public class PermissionAccessDecisionVoter implements
AccessDecisionVoter {
.
}
If i use my @SecurityModule in ViewConfig my checkPermission never been
called, but if i use my @SecurityModule as interceptor (in my
managedbean)
it works, this is normal?
2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
exceptions during the rendering process are always special.
- everything which could lead to an exception should be done before
the
rendering process.
in this case you can't switch to an error-view, if you are in the
middle
of
the rendering process of a page.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
Sorry, but i dont understand, i only set my @Secured in my managed
bean.
Do you mean with: your secured bean should always get accessed
before
the
rendering starts that i have to call the checkPermission method
in a
PreRenderView method in my managedbean?
like this:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
your secured bean should always get accessed before the rendering
starts
(e.g. via a PreRenderView callback).
otherwise you get the exception during the rendering process.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/25 José Luis Cetina maxtorz...@gmail.com
My denied page never shown, i always get Cannot set content
type.
Response
Re: DefaultErrorView
Ok, thanks, i did with ViewMetaData.
2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
that's a different topic (and we talked about it already).
@ view-configs:
you just use @Secured + a separated (custom) annotation e.g.
@CustomMetaData (meta-annotated with @ViewMetaData)
e.g.:
@Page
@Secured(CustomAccessDecisionVoter.class)
@CustomMetaData(...)
public final class MySecuredPage implements ViewConfig
{
}
- your AccessDecisionVoter queries the custom meta-data for the current
view:
//...
@Inject
private ViewConfigResolver viewConfigResolver;
//...
String currentViewId =
FacesContext.getCurrentInstance().getViewRoot().getViewId();
viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData();
or
viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData(CustomMetaData.class);
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
Ok, but when i use my own annottation as interpcetor and my
checkPermission
method add a SecurityViolation my page never redirect to my
DefaultErrorView, i always get:
PM org.apache.myfaces.context.servlet.ServletExternalContextImpl
setResponseContentType
SEVERE: Cannot set content type. Response already committed
My Managedbean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
its possible to use an interceptor (CODI Security) win a
DefaultErrorView,
if yes why i alway's get Response already committed?
Thanks
2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
yes - in a view-config @Secured is a simple annotation and not an
interceptor (because there is nothing to intercept)
- currently no @Stereotype support.
@ custom (additional) meta-data:
see [1].
regards,
gerhard
[1]
https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
If i use my own annotation
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
and then
@Page(navigation = Page.NavigationMode.REDIRECT)
public interface Pages extends ViewConfig {
public @Page class MyError extends DefaultErrorView implements Pages
{}
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt
work
public @Page class Private implements Pages{}
}
@javax.enterprise.context.ApplicationScoped
public class PermissionAccessDecisionVoter implements
AccessDecisionVoter {
.
}
If i use my @SecurityModule in ViewConfig my checkPermission never
been
called, but if i use my @SecurityModule as interceptor (in my
managedbean)
it works, this is normal?
2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
exceptions during the rendering process are always special.
- everything which could lead to an exception should be done
before
the
rendering process.
in this case you can't switch to an error-view, if you are in the
middle
of
the rendering process of a page.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/26 José Luis Cetina maxtorz...@gmail.com
Sorry, but i dont understand, i only set my @Secured in my
managed
bean.
Do you mean with: your secured bean should always get accessed
before
the
rendering starts that i have to call the checkPermission method
in a
PreRenderView method in my managedbean?
like this:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
your secured bean should always get accessed before the
rendering
starts
(e.g. via a PreRenderView callback).
otherwise you get the exception during the rendering process.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE
DefaultErrorView
My denied page never shown, i always get Cannot set content type. Response
already committed.
I have this:
@Page
public class Denegado extends DefaultErrorView{
}
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
my bean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
THEN I ADD SecurityViolation
@Override
protected void checkPermission(InvocationContext ic,
SetSecurityViolation violations) {
violations.add(newSecurityViolation(DENIED.));
}
But i always see in my page this:
An Error Occurred:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
viewId=/web/portal_academico/control_escolar/cursos.xhtml
location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
phaseId=RENDER_RESPONSE(6)
Caused by:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
at
org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
And in the log:
org.apache.myfaces.context.servlet.ServletExternalContextImpl
setResponseContentType
SEVERE: Cannot set content type. Response already committed
What is wrong?
--
---
*SCJA. José Luis Cetina*
---
Re: DefaultErrorView
hi jose,
your secured bean should always get accessed before the rendering starts
(e.g. via a PreRenderView callback).
otherwise you get the exception during the rendering process.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/25 José Luis Cetina maxtorz...@gmail.com
My denied page never shown, i always get Cannot set content type. Response
already committed.
I have this:
@Page
public class Denegado extends DefaultErrorView{
}
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
my bean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
THEN I ADD SecurityViolation
@Override
protected void checkPermission(InvocationContext ic,
SetSecurityViolation violations) {
violations.add(newSecurityViolation(DENIED.));
}
But i always see in my page this:
An Error Occurred:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
viewId=/web/portal_academico/control_escolar/cursos.xhtml
location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
phaseId=RENDER_RESPONSE(6)
Caused by:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
at
org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
And in the log:
org.apache.myfaces.context.servlet.ServletExternalContextImpl
setResponseContentType
SEVERE: Cannot set content type. Response already committed
What is wrong?
--
---
*SCJA. José Luis Cetina*
---
Re: DefaultErrorView
Sorry, but i dont understand, i only set my @Secured in my managed bean.
Do you mean with: your secured bean should always get accessed before the
rendering starts that i have to call the checkPermission method in a
PreRenderView method in my managedbean?
like this:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com
hi jose,
your secured bean should always get accessed before the rendering starts
(e.g. via a PreRenderView callback).
otherwise you get the exception during the rendering process.
regards,
gerhard
http://www.irian.at
Your JSF/JavaEE powerhouse -
JavaEE Consulting, Development and
Courses in English and German
Professional Support for Apache MyFaces
2012/6/25 José Luis Cetina maxtorz...@gmail.com
My denied page never shown, i always get Cannot set content type.
Response
already committed.
I have this:
@Page
public class Denegado extends DefaultErrorView{
}
@Stereotype
@Target(value = {ElementType.TYPE})
@Retention(value = RetentionPolicy.RUNTIME)
@Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class)
public @interface SecurityModule {
ModuloPantallaEnum codigoModulo();
}
my bean:
@Named
@ViewAccessScoped
@SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS)
public class CursosMBean implements Serializable{
}
THEN I ADD SecurityViolation
@Override
protected void checkPermission(InvocationContext ic,
SetSecurityViolation violations) {
violations.add(newSecurityViolation(DENIED.));
}
But i always see in my page this:
An Error Occurred:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
viewId=/web/portal_academico/control_escolar/cursos.xhtml
location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml
phaseId=RENDER_RESPONSE(6)
Caused by:
org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException
at
org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95)
And in the log:
org.apache.myfaces.context.servlet.ServletExternalContextImpl
setResponseContentType
SEVERE: Cannot set content type. Response already committed
What is wrong?
--
---
*SCJA. José Luis Cetina*
---
--
---
*SCJA. José Luis Cetina*
---
