Thomas Frühbeck created DELTASPIKE-801:
------------------------------------------
Summary: Security: SecurityParameterValueRedefiner doesnt
recognize @Nonbinding
Key: DELTASPIKE-801
URL: https://issues.apache.org/jira/browse/DELTASPIKE-801
Project: DeltaSpike
Issue Type: Bug
Components: Security-Module
Affects Versions: 1.2.0
Environment: Wildfly 8.1.0.Final / JSF / DeltaSpike
Reporter: Thomas Frühbeck
According specification @Nonbinding annotation desingates properties of
annotations to be ignored when checking for equality.
Nevertheless I get a missing parameter binding exception in following situation:
Exception:
java.lang.IllegalStateException: Missing required security parameter binding
[@at.telekom.sms.web.security.AuthorizedParam(action=UPDATE)] on method
invocation [net.a1.csms.jsf.GroupBean.setCsmsGroup(class
at.telekom.sms.persistence.entities.SmsLists)]
Binding Annotaiton:
@SecurityParameterBinding
@Target({ TYPE, METHOD, FIELD, PARAMETER })
@Retention(RUNTIME)
public @interface AuthorizedParam {
@Nonbinding
Action action() default Action.UPDATE;
}
Authorizer:
public class MssmsAuthorizer {
@Secures @Authorized
public boolean authorized(InvocationContext ctx, @LoggedIn MssmsUser
mssmsUser, @AuthorizedParam SmsLists smsList) {
return doAuthorize(ctx, mssmsUser, smsList);
}
}
Annotated Bean method:
{
@Authorized
@OpenTransactionProvided(rollbackOnly=true)
public void setCsmsGroup(@AuthorizedParam(action=Action.READ) final
SmsLists newGroup) {
...
}
}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
