In the CODI Wiki page says: https://cwiki.apache.org/confluence/display/EXTCDI/Core+Usage#CoreUsage-SecurityViolation
The rest is done by CODI. Please note that there is a natural overhead if the @Secured annotation is used as interceptor. In combination with the JSF module, we recommend to us it for the ViewConfig instead of beans because the performance overhead is minimal compared to an interceptor. But if i set the @Secured annotation in ViewConfig and i enter directly to the URL (without a navigation link, of course i dont use CODI if i access in this way) the checkPermission method was never invoked, as i can see the only way you can use @Secured annotation in a viewconfig is when you never expected the user can access to your page with the URL in a directly way, am i right? -- ------------------------------------------------------------------- *SCJA. José Luis Cetina* -------------------------------------------------------------------
