Ok, thanks, i did with ViewMetaData. 2012/6/26 Gerhard Petracek <gerhard.petra...@gmail.com>
> hi jose, > > that's a different topic (and we talked about it already). > > @ view-configs: > you just use @Secured + a separated (custom) annotation e.g. > @CustomMetaData (meta-annotated with @ViewMetaData) > > e.g.: > @Page > @Secured(CustomAccessDecisionVoter.class) > @CustomMetaData(...) > public final class MySecuredPage implements ViewConfig > { > } > > -> your AccessDecisionVoter queries the custom meta-data for the current > view: > > //... > @Inject > private ViewConfigResolver viewConfigResolver; > //... > String currentViewId = > FacesContext.getCurrentInstance().getViewRoot().getViewId(); > > viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData(); > or > > viewConfigResolver.getViewConfigDescriptor(currentViewId).getMetaData(CustomMetaData.class); > > regards, > gerhard > > http://www.irian.at > > Your JSF/JavaEE powerhouse - > JavaEE Consulting, Development and > Courses in English and German > > Professional Support for Apache MyFaces > > > > 2012/6/26 José Luis Cetina <maxtorz...@gmail.com> > > > Ok, but when i use my own annottation as interpcetor and my > checkPermission > > method add a SecurityViolation my page never redirect to my > > DefaultErrorView, i always get: > > > > PM org.apache.myfaces.context.servlet.ServletExternalContextImpl > > setResponseContentType > > SEVERE: Cannot set content type. Response already committed > > > > My Managedbean: > > > > @Named > > @ViewAccessScoped > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) > > public class CursosMBean implements Serializable{ > > } > > > > its possible to use an interceptor (CODI Security) win a > DefaultErrorView, > > if yes why i alway's get Response already committed? > > > > Thanks > > > > > > 2012/6/26 Gerhard Petracek <gerhard.petra...@gmail.com> > > > > > hi jose, > > > > > > yes - in a view-config @Secured is a simple annotation and not an > > > interceptor (because there is nothing to intercept) > > > -> currently no @Stereotype support. > > > > > > @ custom (additional) meta-data: > > > see [1]. > > > > > > regards, > > > gerhard > > > > > > [1] > > > > > > > > > https://cwiki.apache.org/confluence/display/EXTCDI/JSF+Usage#JSFUsage-Customviewmetadata > > > > > > http://www.irian.at > > > > > > Your JSF/JavaEE powerhouse - > > > JavaEE Consulting, Development and > > > Courses in English and German > > > > > > Professional Support for Apache MyFaces > > > > > > > > > > > > 2012/6/26 José Luis Cetina <maxtorz...@gmail.com> > > > > > > > If i use my own annotation > > > > > > > > @Stereotype > > > > @Target(value = {ElementType.TYPE}) > > > > @Retention(value = RetentionPolicy.RUNTIME) > > > > @Secured(value=PermissionAccessDecisionVoter.class) > > > > public @interface SecurityModule { > > > > ModuloPantallaEnum codigoModulo(); > > > > } > > > > > > > > and then > > > > > > > > @Page(navigation = Page.NavigationMode.REDIRECT) > > > > public interface Pages extends ViewConfig { > > > > > > > > public @Page class MyError extends DefaultErrorView implements Pages > > {} > > > > > > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) //doesnt > > work > > > > public @Page class Private implements Pages{} > > > > > > > > } > > > > > > > > > > > > @javax.enterprise.context.ApplicationScoped > > > > public class PermissionAccessDecisionVoter implements > > > AccessDecisionVoter { > > > > ..... > > > > } > > > > > > > > If i use my @SecurityModule in ViewConfig my checkPermission never > been > > > > called, but if i use my @SecurityModule as interceptor (in my > > > managedbean) > > > > it works, this is normal? > > > > > > > > 2012/6/26 Gerhard Petracek <gerhard.petra...@gmail.com> > > > > > > > > > hi jose, > > > > > > > > > > exceptions during the rendering process are always special. > > > > > -> everything which could lead to an exception should be done > before > > > the > > > > > rendering process. > > > > > in this case you can't switch to an error-view, if you are in the > > > middle > > > > of > > > > > the rendering process of a page. > > > > > > > > > > regards, > > > > > gerhard > > > > > > > > > > http://www.irian.at > > > > > > > > > > Your JSF/JavaEE powerhouse - > > > > > JavaEE Consulting, Development and > > > > > Courses in English and German > > > > > > > > > > Professional Support for Apache MyFaces > > > > > > > > > > > > > > > > > > > > 2012/6/26 José Luis Cetina <maxtorz...@gmail.com> > > > > > > > > > > > Sorry, but i dont understand, i only set my @Secured in my > managed > > > > bean. > > > > > > > > > > > > Do you mean with: "your secured bean should always get accessed > > > before > > > > > the > > > > > > rendering starts" that i have to call the checkPermission method > > in a > > > > > > PreRenderView method in my managedbean? > > > > > > > > > > > > like this: > > > > > > > > > > > > @Named > > > > > > @ViewAccessScoped > > > > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) > > > > > > public class CursosMBean implements Serializable{ > > > > > > > > > > > > } > > > > > > > > > > > > > > > > > > > > > > > > 2012/6/25 Gerhard Petracek <gerhard.petra...@gmail.com> > > > > > > > > > > > > > hi jose, > > > > > > > > > > > > > > your secured bean should always get accessed before the > rendering > > > > > starts > > > > > > > (e.g. via a PreRenderView callback). > > > > > > > otherwise you get the exception during the rendering process. > > > > > > > > > > > > > > regards, > > > > > > > gerhard > > > > > > > > > > > > > > http://www.irian.at > > > > > > > > > > > > > > Your JSF/JavaEE powerhouse - > > > > > > > JavaEE Consulting, Development and > > > > > > > Courses in English and German > > > > > > > > > > > > > > Professional Support for Apache MyFaces > > > > > > > > > > > > > > > > > > > > > > > > > > > > 2012/6/25 José Luis Cetina <maxtorz...@gmail.com> > > > > > > > > > > > > > > > My denied page never shown, i always get Cannot set content > > type. > > > > > > > Response > > > > > > > > already committed. > > > > > > > > > > > > > > > > > > > > > > > > I have this: > > > > > > > > > > > > > > > > @Page > > > > > > > > public class Denegado extends DefaultErrorView{ > > > > > > > > > > > > > > > > } > > > > > > > > > > > > > > > > @Stereotype > > > > > > > > @Target(value = {ElementType.TYPE}) > > > > > > > > @Retention(value = RetentionPolicy.RUNTIME) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > @Secured(value=PermissionAccessDecisionVoter.class,errorView=Denegado.class) > > > > > > > > public @interface SecurityModule { > > > > > > > > ModuloPantallaEnum codigoModulo(); > > > > > > > > } > > > > > > > > > > > > > > > > my bean: > > > > > > > > @Named > > > > > > > > @ViewAccessScoped > > > > > > > > @SecurityModule(codigoModulo = ModuloPantallaEnum.CURSOS) > > > > > > > > public class CursosMBean implements Serializable{ > > > > > > > > } > > > > > > > > > > > > > > > > THEN I ADD SecurityViolation > > > > > > > > @Override > > > > > > > > protected void checkPermission(InvocationContext ic, > > > > > > > > Set<SecurityViolation> violations) { > > > > > > > > violations.add(newSecurityViolation("DENIED.")); > > > > > > > > } > > > > > > > > > > > > > > > > But i always see in my page this: > > > > > > > > > > > > > > > > An Error Occurred: > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException > > > > > > > > > > > > > > > > viewId=/web/portal_academico/control_escolar/cursos.xhtml > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > location=/home/maxtorzito/repositorio/grupo_kx/project-rhino/trunk/project-rhino/target/project-rhino-0.9-SNAPSHOT/web/portal_academico/control_escolar/cursos.xhtml > > > > > > > > phaseId=RENDER_RESPONSE(6) > > > > > > > > > > > > > > > > Caused by: > > > > > > > > > > > > > > > > > > > > org.apache.myfaces.extensions.cdi.core.api.security.AccessDeniedException > > > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.myfaces.extensions.cdi.core.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:95) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > And in the log: > > > > > > > > > > > > > > > > org.apache.myfaces.context.servlet.ServletExternalContextImpl > > > > > > > > setResponseContentType > > > > > > > > SEVERE: Cannot set content type. Response already committed > > > > > > > > > > > > > > > > What is wrong? > > > > > > > > > > > > > > > > -- > > > > > > > > > > > ------------------------------------------------------------------- > > > > > > > > *SCJA. José Luis Cetina* > > > > > > > > > > > ------------------------------------------------------------------- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > ------------------------------------------------------------------- > > > > > > *SCJA. José Luis Cetina* > > > > > > > ------------------------------------------------------------------- > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > ------------------------------------------------------------------- > > > > *SCJA. José Luis Cetina* > > > > ------------------------------------------------------------------- > > > > > > > > > > > > > > > -- > > ------------------------------------------------------------------- > > *SCJA. José Luis Cetina* > > ------------------------------------------------------------------- > > > -- ------------------------------------------------------------------- *SCJA. José Luis Cetina* -------------------------------------------------------------------