Dennis Kieselhorst created TOBAGO-1688:
------------------------------------------
Summary: Security check (e.g. @RolesAllowed) should be configurable
Key: TOBAGO-1688
URL: https://issues.apache.org/jira/browse/TOBAGO-1688
Project: MyFaces Tobago
Issue Type: Improvement
Components: Core
Reporter: Dennis Kieselhorst
Assignee: Dennis Kieselhorst
If CDI is not available, a NameNotFoundException is thrown:
{noformat}
WARN o.a.m.t.i.u.AuthorizationHelper - Can't obtain 'java:comp/BeanManager'
javax.naming.NameNotFoundException: null
at org.eclipse.jetty.jndi.NamingContext.lookup(NamingContext.java:476)
at org.eclipse.jetty.jndi.NamingContext.lookup(NamingContext.java:563)
at org.eclipse.jetty.jndi.NamingContext.lookup(NamingContext.java:578)
at
org.eclipse.jetty.jndi.java.javaRootURLContext.lookup(javaRootURLContext.java:106)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at
org.apache.myfaces.tobago.internal.util.AuthorizationHelper.<init>(AuthorizationHelper.java:78)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
at
org.apache.myfaces.config.annotation.Tomcat7AnnotationLifecycleProvider.newInstance(Tomcat7AnnotationLifecycleProvider.java:60)
at
org.apache.myfaces.config.ManagedBeanBuilder.buildManagedBean(ManagedBeanBuilder.java:156)
at
org.apache.myfaces.el.unified.resolver.ManagedBeanResolver.createManagedBean(ManagedBeanResolver.java:333)
at
org.apache.myfaces.el.unified.resolver.ManagedBeanResolver.getValue(ManagedBeanResolver.java:296)
at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:62)
at
org.apache.myfaces.el.unified.resolver.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:179)
at
org.apache.myfaces.tobago.internal.util.AuthorizationHelper.getInstance(AuthorizationHelper.java:94)
at
org.apache.myfaces.tobago.internal.component.AbstractUICommandBase.isAllowed(AbstractUICommandBase.java:116)
at
org.apache.myfaces.tobago.internal.component.AbstractUICommandBase.isRendered(AbstractUICommandBase.java:92)
at
org.apache.myfaces.tobago.internal.renderkit.renderer.TobagoClientBehaviorRenderer.getScript(TobagoClientBehaviorRenderer.java:101)
at
org.apache.myfaces.tobago.internal.util.RenderUtils.getBehaviorCommands(RenderUtils.java:263)
at
org.apache.myfaces.tobago.internal.renderkit.renderer.PageRenderer.encodeBegin(PageRenderer.java:260)
at
javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:597)
at
org.apache.myfaces.tobago.internal.component.AbstractUIPage.encodeBegin(AbstractUIPage.java:60)
at
javax.faces.component.UIComponentBase.encodeAll(UIComponentBase.java:527)
at
javax.faces.component.UIComponentBase.encodeAll(UIComponentBase.java:551)
{noformat}
This should be configurable by a new config option check-security-annotations.
Default should be true.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
