[ https://issues.apache.org/jira/browse/DELTASPIKE-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gerhard Petracek resolved DELTASPIKE-64. ---------------------------------------- Resolution: Fixed we agreed on adding it based on DELTASPIKE-65 -> we will review the result > review and discuss @Secured > --------------------------- > > Key: DELTASPIKE-64 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-64 > Project: DeltaSpike > Issue Type: Sub-task > Components: Security-Module > Affects Versions: 0.1-incubating > Reporter: Gerhard Petracek > Assignee: Gerhard Petracek > Fix For: 0.2-incubating > > > this feature is listed at > https://cwiki.apache.org/confluence/display/DeltaSpike/SE+Feature+Ranking and > part of myfaces codi-core. > @Secured is a simple cdi interceptor annotation which allows to filter method > calls to cdi beans based on custom rules. > it's possible to specify 1-n custom implementations of AccessDecisionVoter. > those voters get invoked before the call is forwarded to the target method (a > voter is a cdi bean which gets resolved by its concrete type). an > implementation of AccessDecisionVoter can access the InvocationContext to get > further details about the target method to trigger the corresponding > evaluation. as a result voters return a set of violations > (SecurityViolation). if there is no violation, the target-method gets > executed. if there is at least one violation, an AccessDeniedException will > be thrown. > in addition an AccessDecisionVoterContext is needed to detect if there is an > ongoing security check (e.g. it's possible to use it in a custom scope to > avoid that a security check postpones the expiration). > (in myfaces codi it's also used to secure views via view-configs, however, we > will exclude this part for now.) > users can use those simple and generic apis to implement their own access > control and it will get used by other deltaspike modules automatically (if > they use the security-api). > (in an AccessDecisionVoter it's possible to integrate 3rd party > security-frameworks.) > usage of @Secured: > //... > @Secured({MyAccessDecisionVoter1.class, MyAccessDecisionVoter2.class}) > public class SecuredBean > { > //... > } -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira