Re: SecureAnnotationsInterceptor using non default annotation
Yes ... changing the order of the properties fixes it. Thanks! -- View this message in context: http://cxf.547215.n5.nabble.com/SecureAnnotationsInterceptor-using-non-default-annotation-tp5738528p5738544.html Sent from the cxf-user mailing list archive at Nabble.com.
Re: SecureAnnotationsInterceptor using non default annotation
I am not sure but it looks like findRoles code is executed before annotationClassName is setted with the new value then the methodRolesAllowed gets fill with wrong information. I'll have to confirm this point. -- View this message in context: http://cxf.547215.n5.nabble.com/SecureAnnotationsInterceptor-using-non-default-annotation-tp5738528p5738543.html Sent from the cxf-user mailing list archive at Nabble.com.
Re: SecureAnnotationsInterceptor using non default annotation
Hi On 14/01/14 13:22, blacar wrote: Hi Sergey, I've created a custom annotation. My intention is to use it as @Secured("admin"). I've configured it as you told and i can see it defined at runtime as annotationClassName attribute ... so, Thanks! @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) @Inherited @Documented public @interface Secured { public String[] value(); } However i am still missing something. :P I see interceptor is called, target method is correct but getExpectedRoles returns empty list, so authorization is always granted; and this is (i guess) because methodRolesMap is empty and i think it shouldn't ... but i don't know whats the missing piece. This is what i added to my application context: where serviceImpl is my JAX-RS annotated class with a method holding the @Secured("admin") I suspect it is to do with the ordering of properties, at the moment when a securedObject property is set then it is checked immediately, it will need to be fixed for the ordering not making a difference, but for now please set the annotationClassName first and it will work Cheers, Sergey Cheers, -- View this message in context: http://cxf.547215.n5.nabble.com/SecureAnnotationsInterceptor-using-non-default-annotation-tp5738528p5738541.html Sent from the cxf-user mailing list archive at Nabble.com. -- Sergey Beryozkin Talend Community Coders http://coders.talend.com/ Blog: http://sberyozkin.blogspot.com
Re: SecureAnnotationsInterceptor using non default annotation
Hi Sergey, I've created a custom annotation. My intention is to use it as @Secured("admin"). I've configured it as you told and i can see it defined at runtime as annotationClassName attribute ... so, Thanks! @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) @Inherited @Documented public @interface Secured { public String[] value(); } However i am still missing something. :P I see interceptor is called, target method is correct but getExpectedRoles returns empty list, so authorization is always granted; and this is (i guess) because methodRolesMap is empty and i think it shouldn't ... but i don't know whats the missing piece. This is what i added to my application context: where serviceImpl is my JAX-RS annotated class with a method holding the @Secured("admin") Cheers, -- View this message in context: http://cxf.547215.n5.nabble.com/SecureAnnotationsInterceptor-using-non-default-annotation-tp5738528p5738541.html Sent from the cxf-user mailing list archive at Nabble.com.
Re: SecureAnnotationsInterceptor using non default annotation
Hi On 14/01/14 10:54, blacar wrote: Hello, How can i setup a different annotation for checking authorization with SecureAnnotationsInterceptor? By default it expects "javax.annotation.security.RolesAllowed" but since it is not part of Java SE i am not able to use it. However i've read that i could use a different annotation "... it checks RolesAllowed annotations by default but one can provide the annotation class name used to specify the roles." Use an 'annotationClassName' property Cheers, Sergey How can this be done? Thanks in advance, RBC -- View this message in context: http://cxf.547215.n5.nabble.com/SecureAnnotationsInterceptor-using-non-default-annotation-tp5738528.html Sent from the cxf-user mailing list archive at Nabble.com.