Re: DefaultErrorView
hi jose, exceptions during the rendering process are always special. - everything which could lead to an exception should be done before the rendering process. in this case you can't switch to an error-view, if you are in the middle of the rendering process of a page. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com Sorry, but i dont understand, i only set my @Secured in my managed bean. Do you mean with: your secured bean should always get accessed before the rendering starts that i have to call the checkPermission method in a PreRenderView method in my managedbean? like this: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } 2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com hi jose, your secured bean should always get accessed before the rendering starts (e.g. via a PreRenderView callback). otherwise you get the exception during the rendering process. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/25 José Luis Cetina maxtorz...@gmail.com My denied page never shown, i always get Cannot set content type. Response already committed. I have this: @Page public class Denegado extends DefaultErrorView{ } @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } my bean: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } THEN I ADD SecurityViolation @Override protected void checkPermission(InvocationContext ic, SetSecurityViolation violations) { violations.add(newSecurityViolation(DENIED.)); } But i always see in my page this: An Error Occurred: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException viewId=/web/portal_academico/control_escolar/cursos.xhtml location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml phaseId=RENDER_RESPONSE(6) Caused by: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException at org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95) And in the log: org.apache.myfaces.context.servlet.ServletExternalContextImpl setResponseContentType SEVERE: Cannot set content type. Response already committed What is wrong? -- --- *SCJA. José Luis Cetina* --- -- --- *SCJA. José Luis Cetina* ---
Re: DefaultErrorView
If i use my own annotation @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } and then @Page(navigation = Page.NavigationMode.REDIRECT) public interface Pages extends ViewConfig { public @Page class MyError extends DefaultErrorView implements Pages {} @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt work public @Page class Private implements Pages{} } @javax.enterprise.context.ApplicationScoped public class PermissionAccessDecisionVoter implements AccessDecisionVoter { . } If i use my @SecurityModule in ViewConfig my checkPermission never been called, but if i use my @SecurityModule as interceptor (in my managedbean) it works, this is normal? 2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com hi jose, exceptions during the rendering process are always special. - everything which could lead to an exception should be done before the rendering process. in this case you can't switch to an error-view, if you are in the middle of the rendering process of a page. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com Sorry, but i dont understand, i only set my @Secured in my managed bean. Do you mean with: your secured bean should always get accessed before the rendering starts that i have to call the checkPermission method in a PreRenderView method in my managedbean? like this: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } 2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com hi jose, your secured bean should always get accessed before the rendering starts (e.g. via a PreRenderView callback). otherwise you get the exception during the rendering process. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/25 José Luis Cetina maxtorz...@gmail.com My denied page never shown, i always get Cannot set content type. Response already committed. I have this: @Page public class Denegado extends DefaultErrorView{ } @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } my bean: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } THEN I ADD SecurityViolation @Override protected void checkPermission(InvocationContext ic, SetSecurityViolation violations) { violations.add(newSecurityViolation(DENIED.)); } But i always see in my page this: An Error Occurred: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException viewId=/web/portal_academico/control_escolar/cursos.xhtml location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml phaseId=RENDER_RESPONSE(6) Caused by: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException at org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95) And in the log: org.apache.myfaces.context.servlet.ServletExternalContextImpl setResponseContentType SEVERE: Cannot set content type. Response already committed What is wrong? -- --- *SCJA. José Luis Cetina* --- -- --- *SCJA. José Luis Cetina* --- -- --- *SCJA. José Luis Cetina* ---
Re: DefaultErrorView
hi jose, yes - in a view-config @Secured is a simple annotation and not an interceptor (because there is nothing to intercept) - currently no @Stereotype support. @ custom (additional) meta-data: see [1]. regards, gerhard [1] https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com If i use my own annotation @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } and then @Page(navigation = Page.NavigationMode.REDIRECT) public interface Pages extends ViewConfig { public @Page class MyError extends DefaultErrorView implements Pages {} @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt work public @Page class Private implements Pages{} } @javax.enterprise.context.ApplicationScoped public class PermissionAccessDecisionVoter implements AccessDecisionVoter { . } If i use my @SecurityModule in ViewConfig my checkPermission never been called, but if i use my @SecurityModule as interceptor (in my managedbean) it works, this is normal? 2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com hi jose, exceptions during the rendering process are always special. - everything which could lead to an exception should be done before the rendering process. in this case you can't switch to an error-view, if you are in the middle of the rendering process of a page. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com Sorry, but i dont understand, i only set my @Secured in my managed bean. Do you mean with: your secured bean should always get accessed before the rendering starts that i have to call the checkPermission method in a PreRenderView method in my managedbean? like this: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } 2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com hi jose, your secured bean should always get accessed before the rendering starts (e.g. via a PreRenderView callback). otherwise you get the exception during the rendering process. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/25 José Luis Cetina maxtorz...@gmail.com My denied page never shown, i always get Cannot set content type. Response already committed. I have this: @Page public class Denegado extends DefaultErrorView{ } @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } my bean: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } THEN I ADD SecurityViolation @Override protected void checkPermission(InvocationContext ic, SetSecurityViolation violations) { violations.add(newSecurityViolation(DENIED.)); } But i always see in my page this: An Error Occurred: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException viewId=/web/portal_academico/control_escolar/cursos.xhtml location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml phaseId=RENDER_RESPONSE(6) Caused by: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException at org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95) And in the log: org.apache.myfaces.context.servlet.ServletExternalContextImpl setResponseContentType SEVERE: Cannot set content type. Response already committed What is wrong? -- --- *SCJA. José Luis Cetina
Re: DefaultErrorView
Ok, but when i use my own annottation as interpcetor and my checkPermission method add a SecurityViolation my page never redirect to my DefaultErrorView, i always get: PM org.apache.myfaces.context.servlet.ServletExternalContextImpl setResponseContentType SEVERE: Cannot set content type. Response already committed My Managedbean: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } its possible to use an interceptor (CODI Security) win a DefaultErrorView, if yes why i alway's get Response already committed? Thanks 2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com hi jose, yes - in a view-config @Secured is a simple annotation and not an interceptor (because there is nothing to intercept) - currently no @Stereotype support. @ custom (additional) meta-data: see [1]. regards, gerhard [1] https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com If i use my own annotation @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } and then @Page(navigation = Page.NavigationMode.REDIRECT) public interface Pages extends ViewConfig { public @Page class MyError extends DefaultErrorView implements Pages {} @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt work public @Page class Private implements Pages{} } @javax.enterprise.context.ApplicationScoped public class PermissionAccessDecisionVoter implements AccessDecisionVoter { . } If i use my @SecurityModule in ViewConfig my checkPermission never been called, but if i use my @SecurityModule as interceptor (in my managedbean) it works, this is normal? 2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com hi jose, exceptions during the rendering process are always special. - everything which could lead to an exception should be done before the rendering process. in this case you can't switch to an error-view, if you are in the middle of the rendering process of a page. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com Sorry, but i dont understand, i only set my @Secured in my managed bean. Do you mean with: your secured bean should always get accessed before the rendering starts that i have to call the checkPermission method in a PreRenderView method in my managedbean? like this: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } 2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com hi jose, your secured bean should always get accessed before the rendering starts (e.g. via a PreRenderView callback). otherwise you get the exception during the rendering process. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/25 José Luis Cetina maxtorz...@gmail.com My denied page never shown, i always get Cannot set content type. Response already committed. I have this: @Page public class Denegado extends DefaultErrorView{ } @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } my bean: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } THEN I ADD SecurityViolation @Override protected void checkPermission(InvocationContext ic, SetSecurityViolation violations) { violations.add(newSecurityViolation(DENIED.)); } But i always see in my page this: An Error Occurred: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException viewId=/web/portal_academico/control_escolar/cursos.xhtml
Re: DefaultErrorView
hi jose, that's a different topic (and we talked about it already). @ view-configs: you just use @Secured + a separated (custom) annotation e.g. @CustomMetaData (meta-annotated with @ViewMetaData) e.g.: @Page @Secured(CustomAccessDecisionVoter.class) @CustomMetaData(...) public final class MySecuredPage implements ViewConfig { } - your AccessDecisionVoter queries the custom meta-data for the current view: //... @Inject private ViewConfigResolver viewConfigResolver; //... String currentViewId = FacesContext.getCurrentInstance().getViewRoot().getViewId(); viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData(); or viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData(CustomMetaData.class); regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com Ok, but when i use my own annottation as interpcetor and my checkPermission method add a SecurityViolation my page never redirect to my DefaultErrorView, i always get: PM org.apache.myfaces.context.servlet.ServletExternalContextImpl setResponseContentType SEVERE: Cannot set content type. Response already committed My Managedbean: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } its possible to use an interceptor (CODI Security) win a DefaultErrorView, if yes why i alway's get Response already committed? Thanks 2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com hi jose, yes - in a view-config @Secured is a simple annotation and not an interceptor (because there is nothing to intercept) - currently no @Stereotype support. @ custom (additional) meta-data: see [1]. regards, gerhard [1] https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com If i use my own annotation @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } and then @Page(navigation = Page.NavigationMode.REDIRECT) public interface Pages extends ViewConfig { public @Page class MyError extends DefaultErrorView implements Pages {} @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt work public @Page class Private implements Pages{} } @javax.enterprise.context.ApplicationScoped public class PermissionAccessDecisionVoter implements AccessDecisionVoter { . } If i use my @SecurityModule in ViewConfig my checkPermission never been called, but if i use my @SecurityModule as interceptor (in my managedbean) it works, this is normal? 2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com hi jose, exceptions during the rendering process are always special. - everything which could lead to an exception should be done before the rendering process. in this case you can't switch to an error-view, if you are in the middle of the rendering process of a page. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com Sorry, but i dont understand, i only set my @Secured in my managed bean. Do you mean with: your secured bean should always get accessed before the rendering starts that i have to call the checkPermission method in a PreRenderView method in my managedbean? like this: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } 2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com hi jose, your secured bean should always get accessed before the rendering starts (e.g. via a PreRenderView callback). otherwise you get the exception during the rendering process. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/25 José Luis Cetina maxtorz...@gmail.com My denied page never shown, i always get Cannot set content type. Response
Re: DefaultErrorView
Ok, thanks, i did with ViewMetaData. 2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com hi jose, that's a different topic (and we talked about it already). @ view-configs: you just use @Secured + a separated (custom) annotation e.g. @CustomMetaData (meta-annotated with @ViewMetaData) e.g.: @Page @Secured(CustomAccessDecisionVoter.class) @CustomMetaData(...) public final class MySecuredPage implements ViewConfig { } - your AccessDecisionVoter queries the custom meta-data for the current view: //... @Inject private ViewConfigResolver viewConfigResolver; //... String currentViewId = FacesContext.getCurrentInstance().getViewRoot().getViewId(); viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData(); or viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData(CustomMetaData.class); regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com Ok, but when i use my own annottation as interpcetor and my checkPermission method add a SecurityViolation my page never redirect to my DefaultErrorView, i always get: PM org.apache.myfaces.context.servlet.ServletExternalContextImpl setResponseContentType SEVERE: Cannot set content type. Response already committed My Managedbean: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } its possible to use an interceptor (CODI Security) win a DefaultErrorView, if yes why i alway's get Response already committed? Thanks 2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com hi jose, yes - in a view-config @Secured is a simple annotation and not an interceptor (because there is nothing to intercept) - currently no @Stereotype support. @ custom (additional) meta-data: see [1]. regards, gerhard [1] https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com If i use my own annotation @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } and then @Page(navigation = Page.NavigationMode.REDIRECT) public interface Pages extends ViewConfig { public @Page class MyError extends DefaultErrorView implements Pages {} @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt work public @Page class Private implements Pages{} } @javax.enterprise.context.ApplicationScoped public class PermissionAccessDecisionVoter implements AccessDecisionVoter { . } If i use my @SecurityModule in ViewConfig my checkPermission never been called, but if i use my @SecurityModule as interceptor (in my managedbean) it works, this is normal? 2012/6/26 Gerhard Petracek gerhard.petra...@gmail.com hi jose, exceptions during the rendering process are always special. - everything which could lead to an exception should be done before the rendering process. in this case you can't switch to an error-view, if you are in the middle of the rendering process of a page. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/26 José Luis Cetina maxtorz...@gmail.com Sorry, but i dont understand, i only set my @Secured in my managed bean. Do you mean with: your secured bean should always get accessed before the rendering starts that i have to call the checkPermission method in a PreRenderView method in my managedbean? like this: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } 2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com hi jose, your secured bean should always get accessed before the rendering starts (e.g. via a PreRenderView callback). otherwise you get the exception during the rendering process. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE
DefaultErrorView
My denied page never shown, i always get Cannot set content type. Response already committed. I have this: @Page public class Denegado extends DefaultErrorView{ } @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } my bean: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } THEN I ADD SecurityViolation @Override protected void checkPermission(InvocationContext ic, SetSecurityViolation violations) { violations.add(newSecurityViolation(DENIED.)); } But i always see in my page this: An Error Occurred: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException viewId=/web/portal_academico/control_escolar/cursos.xhtml location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml phaseId=RENDER_RESPONSE(6) Caused by: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException at org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95) And in the log: org.apache.myfaces.context.servlet.ServletExternalContextImpl setResponseContentType SEVERE: Cannot set content type. Response already committed What is wrong? -- --- *SCJA. José Luis Cetina* ---
Re: DefaultErrorView
hi jose, your secured bean should always get accessed before the rendering starts (e.g. via a PreRenderView callback). otherwise you get the exception during the rendering process. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/25 José Luis Cetina maxtorz...@gmail.com My denied page never shown, i always get Cannot set content type. Response already committed. I have this: @Page public class Denegado extends DefaultErrorView{ } @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } my bean: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } THEN I ADD SecurityViolation @Override protected void checkPermission(InvocationContext ic, SetSecurityViolation violations) { violations.add(newSecurityViolation(DENIED.)); } But i always see in my page this: An Error Occurred: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException viewId=/web/portal_academico/control_escolar/cursos.xhtml location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml phaseId=RENDER_RESPONSE(6) Caused by: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException at org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95) And in the log: org.apache.myfaces.context.servlet.ServletExternalContextImpl setResponseContentType SEVERE: Cannot set content type. Response already committed What is wrong? -- --- *SCJA. José Luis Cetina* ---
Re: DefaultErrorView
Sorry, but i dont understand, i only set my @Secured in my managed bean. Do you mean with: your secured bean should always get accessed before the rendering starts that i have to call the checkPermission method in a PreRenderView method in my managedbean? like this: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } 2012/6/25 Gerhard Petracek gerhard.petra...@gmail.com hi jose, your secured bean should always get accessed before the rendering starts (e.g. via a PreRenderView callback). otherwise you get the exception during the rendering process. regards, gerhard http://www.irian.at Your JSF/JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces 2012/6/25 José Luis Cetina maxtorz...@gmail.com My denied page never shown, i always get Cannot set content type. Response already committed. I have this: @Page public class Denegado extends DefaultErrorView{ } @Stereotype @Target(value = {ElementType.TYPE}) @Retention(value = RetentionPolicy.RUNTIME) @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class) public @interface SecurityModule { ModuloPantallaEnum codigoModulo(); } my bean: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } THEN I ADD SecurityViolation @Override protected void checkPermission(InvocationContext ic, SetSecurityViolation violations) { violations.add(newSecurityViolation(DENIED.)); } But i always see in my page this: An Error Occurred: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException viewId=/web/portal_academico/control_escolar/cursos.xhtml location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml phaseId=RENDER_RESPONSE(6) Caused by: org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException at org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95) And in the log: org.apache.myfaces.context.servlet.ServletExternalContextImpl setResponseContentType SEVERE: Cannot set content type. Response already committed What is wrong? -- --- *SCJA. José Luis Cetina* --- -- --- *SCJA. José Luis Cetina* ---