[ https://issues.apache.org/jira/browse/DELTASPIKE-1294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16271009#comment-16271009 ]
ASF subversion and git services commented on DELTASPIKE-1294: ------------------------------------------------------------- Commit 126362e4f049976b6b14a8cd627add1029321148 in deltaspike's branch refs/heads/master from [~gpetracek] [ https://git-wip-us.apache.org/repos/asf?p=deltaspike.git;h=126362e ] DELTASPIKE-1294 improvements in view of proxies and extensibility > Secured Stereotypes are not applied to inherited methods > -------------------------------------------------------- > > Key: DELTASPIKE-1294 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-1294 > Project: DeltaSpike > Issue Type: Bug > Components: Security-Module > Affects Versions: 1.8.0 > Reporter: Andrew Schmidt > Assignee: Mark Struberg > Fix For: 1.8.1 > > > I have a @Secured @Stereotype annotation > {code:java} > @Retention( RUNTIME ) > @Stereotype > @Inherited > @Secured( CustomAccessDecisionVoter.class ) > @Target( { ElementType.TYPE, ElementType.METHOD } ) > public @interface Permission { > } > {code} > And my decision voter: > {code:java} > @ApplicationScoped > public class CustomAccessDecisionVoter extends AbstractAccessDecisionVoter { > @Override > protected void checkPermission( AccessDecisionVoterContext voterContext, > Set<SecurityViolation> violations ) > { > System.out.println( "Checking permission for " + > voterContext.<InvocationContext> getSource().getMethod().getName() ); > } > } > {code} > And now a bean that inherits from another class > {code:java} > public class Animal > { > public String getParentName() > { > return "parent"; > } > } > {code} > {code:java} > @Named > @Permission > public class Dog extends Animal > { > public String getChildName() > { > return "dog"; > } > } > {code} > In JSF dogName: > {code}#{dog.childName}{code} will invoke the checkPermission whereas > {code}#{dog.parentName}{code} will not > This is in contrast to the @SecurityBindingType > {code:java} > @Retention( value = RetentionPolicy.RUNTIME ) > @Target( { ElementType.TYPE, ElementType.METHOD } ) > @Documented > @SecurityBindingType > public @interface UserLoggedIn { > } > {code} > {code:java} > @ApplicationScoped > public class LoginAuthorizer > { > @Secures > @UserLoggedIn > public boolean doSecuredCheck( InvocationContext invocationContext ) > throws Exception > { > System.out.println( "doSecuredCheck called for: " + > invocationContext.getMethod().getName() ); > return true; > } > } > {code} > Now applying @UserLoggedIn to the Dog class will cause the doSecuredCheck to > fire for both getChildName and getParentName -- This message was sent by Atlassian JIRA (v6.4.14#64029)