Sorry, but i dont understand, i only set my @Secured in my managed bean. Do you mean with: "your secured bean should always get accessed before the rendering starts" that i have to call the checkPermission method in a PreRenderView method in my managedbean?
like this: @Named @ViewAccessScoped @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) public class CursosMBean implements Serializable{ } 2012/6/25 Gerhard Petracek <gerhard.petra...@gmail.com> > hi jose, > > your secured bean should always get accessed before the rendering starts > (e.g. via a PreRenderView callback). > otherwise you get the exception during the rendering process. > > regards, > gerhard > > http://www.irian.at > > Your JSF/JavaEE powerhouse - > JavaEE Consulting, Development and > Courses in English and German > > Professional Support for Apache MyFaces > > > > 2012/6/25 José Luis Cetina <maxtorz...@gmail.com> > > > My denied page never shown, i always get Cannot set content type. > Response > > already committed. > > > > > > I have this: > > > > @Page > > public class Denegado extends DefaultErrorView{ > > > > } > > > > @Stereotype > > @Target(value = {ElementType.TYPE}) > > @Retention(value = RetentionPolicy.RUNTIME) > > > > > @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class) > > public @interface SecurityModule { > > ModuloPantallaEnum codigoModulo(); > > } > > > > my bean: > > @Named > > @ViewAccessScoped > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) > > public class CursosMBean implements Serializable{ > > } > > > > THEN I ADD SecurityViolation > > @Override > > protected void checkPermission(InvocationContext ic, > > Set<SecurityViolation> violations) { > > violations.add(newSecurityViolation("DENIED.")); > > } > > > > But i always see in my page this: > > > > An Error Occurred: > > > > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException > > > > viewId=/web/portal_academico/control_escolar/cursos.xhtml > > > > > location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml > > phaseId=RENDER_RESPONSE(6) > > > > Caused by: > > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException > > at > > > > > org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95) > > > > > > > > And in the log: > > > > org.apache.myfaces.context.servlet.ServletExternalContextImpl > > setResponseContentType > > SEVERE: Cannot set content type. Response already committed > > > > What is wrong? > > > > -- > > ------------------------------------------------------------------- > > *SCJA. José Luis Cetina* > > ------------------------------------------------------------------- > > > -- ------------------------------------------------------------------- *SCJA. José Luis Cetina* -------------------------------------------------------------------