[
https://issues.apache.org/jira/browse/TOBAGO-1688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15843590#comment-15843590
]
Hudson commented on TOBAGO-1688:
--------------------------------
SUCCESS: Integrated in Jenkins build Tobago 3.0.x Sonar #3 (See
[https://builds.apache.org/job/Tobago%203.0.x%20Sonar/3/])
TOBAGO-1688: Security check (e.g. @RolesAllowed) should be configurable (deki:
[http://svn.apache.org/viewvc/?view=rev&rev=1780522])
* (edit)
tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java
* (edit)
tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUICommandBase.java
* (edit)
tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigEntityResolver.java
* (edit)
tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java
* (edit)
tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java
* (edit)
tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
* (edit)
tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java
* (edit)
tobago-3.0.x/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-3.0.xsd
* (add)
tobago-3.0.x/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-3.1.xsd
* (edit)
tobago-3.0.x/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParserUnitTest.java
* (add) tobago-3.0.x/tobago-core/src/test/resources/tobago-config-3.1.xml
* (edit)
tobago-3.0.x/tobago-example/tobago-example-blank/src/main/webapp/WEB-INF/tobago-config.xml
* (edit)
tobago-3.0.x/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
* (edit)
tobago-3.0.x/tobago-extension/tobago-sandbox/src/main/resources/META-INF/tobago-config.xml
* (edit)
tobago-3.0.x/tobago-theme/tobago-theme-charlotteville/src/main/resources/META-INF/tobago-config.xml
* (edit)
tobago-3.0.x/tobago-theme/tobago-theme-richmond/src/main/resources/META-INF/tobago-config.xml
* (edit)
tobago-3.0.x/tobago-theme/tobago-theme-scarborough/src/main/resources/META-INF/tobago-config.xml
* (edit)
tobago-3.0.x/tobago-theme/tobago-theme-speyside/src/main/resources/META-INF/tobago-config.xml
* (edit)
tobago-3.0.x/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml
> Security check (e.g. @RolesAllowed) should be configurable
> ----------------------------------------------------------
>
> Key: TOBAGO-1688
> URL: https://issues.apache.org/jira/browse/TOBAGO-1688
> Project: MyFaces Tobago
> Issue Type: Improvement
> Components: Core
> Reporter: Dennis Kieselhorst
> Assignee: Dennis Kieselhorst
> Fix For: 3.1.0
>
>
> If CDI is not available, a NameNotFoundException is thrown:
> {noformat}
> WARN o.a.m.t.i.u.AuthorizationHelper - Can't obtain 'java:comp/BeanManager'
> javax.naming.NameNotFoundException: null
> at org.eclipse.jetty.jndi.NamingContext.lookup(NamingContext.java:476)
> at org.eclipse.jetty.jndi.NamingContext.lookup(NamingContext.java:563)
> at org.eclipse.jetty.jndi.NamingContext.lookup(NamingContext.java:578)
> at
> org.eclipse.jetty.jndi.java.javaRootURLContext.lookup(javaRootURLContext.java:106)
> at javax.naming.InitialContext.lookup(InitialContext.java:417)
> at
> org.apache.myfaces.tobago.internal.util.AuthorizationHelper.<init>(AuthorizationHelper.java:78)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> at java.lang.Class.newInstance(Class.java:442)
> at
> org.apache.myfaces.config.annotation.Tomcat7AnnotationLifecycleProvider.newInstance(Tomcat7AnnotationLifecycleProvider.java:60)
> at
> org.apache.myfaces.config.ManagedBeanBuilder.buildManagedBean(ManagedBeanBuilder.java:156)
> at
> org.apache.myfaces.el.unified.resolver.ManagedBeanResolver.createManagedBean(ManagedBeanResolver.java:333)
> at
> org.apache.myfaces.el.unified.resolver.ManagedBeanResolver.getValue(ManagedBeanResolver.java:296)
> at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:62)
> at
> org.apache.myfaces.el.unified.resolver.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:179)
> at
> org.apache.myfaces.tobago.internal.util.AuthorizationHelper.getInstance(AuthorizationHelper.java:94)
> at
> org.apache.myfaces.tobago.internal.component.AbstractUICommandBase.isAllowed(AbstractUICommandBase.java:116)
> at
> org.apache.myfaces.tobago.internal.component.AbstractUICommandBase.isRendered(AbstractUICommandBase.java:92)
> at
> org.apache.myfaces.tobago.internal.renderkit.renderer.TobagoClientBehaviorRenderer.getScript(TobagoClientBehaviorRenderer.java:101)
> at
> org.apache.myfaces.tobago.internal.util.RenderUtils.getBehaviorCommands(RenderUtils.java:263)
> at
> org.apache.myfaces.tobago.internal.renderkit.renderer.PageRenderer.encodeBegin(PageRenderer.java:260)
> at
> javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:597)
> at
> org.apache.myfaces.tobago.internal.component.AbstractUIPage.encodeBegin(AbstractUIPage.java:60)
> at
> javax.faces.component.UIComponentBase.encodeAll(UIComponentBase.java:527)
> at
> javax.faces.component.UIComponentBase.encodeAll(UIComponentBase.java:551)
> {noformat}
> This should be configurable by a new config option
> check-security-annotations. Default should be true.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
