hi thomas, i just checked that part which came in from seam3 and it looks like it never supported @Nonbinding. (SecurityParameterValueRedefiner just uses a set to check for the same annotation-instances.)
-> please file a jira-ticket (see [1]). it's planned to release v1.2.1 quite soon -> maybe we can add the support for @Nonbinding with the upcoming release. regards, gerhard [1] https://issues.apache.org/jira/browse/DELTASPIKE http://www.irian.at Your JavaEE powerhouse - JavaEE Consulting, Development and Courses in English and German Professional Support for Apache MyFaces, DeltaSpike and OpenWebBeans 2014-12-15 0:44 GMT+01:00 Thomas Frühbeck <[email protected]>: > > Hi, > > I am using DS-1.2.0. > I get a missing parameter binding exception in following situation: > > Exception: > java.lang.IllegalStateException: Missing required security parameter > binding [@at.telekom.sms.web.security.AuthorizedParam(action=UPDATE)] on > method invocation [net.a1.csms.jsf.GroupBean.setCsmsGroup(class > at.telekom.sms.persistence.entities.SmsLists)] > > Binding Annotaiton: > > @SecurityParameterBinding > @Target({ TYPE, METHOD, FIELD, PARAMETER }) > @Retention(RUNTIME) > public @interface AuthorizedParam { > > @Nonbinding > Action action() default Action.UPDATE; > > } > > Authorizer: > > public class MssmsAuthorizer { > > @Secures @Authorized > public boolean authorized(InvocationContext ctx, @LoggedIn MssmsUser > mssmsUser, @AuthorizedParam SmsLists smsList) { > return doAuthorize(ctx, mssmsUser, smsList); > } > } > > > Annotated Bean method: > > { > @Authorized > @OpenTransactionProvided(rollbackOnly=true) > public void setCsmsGroup(@AuthorizedParam(action=Action.READ) final > SmsLists newGroup) { > ... > } > } > > > Can you please explain, what I am doing wrong? > > Many Thanks, > Thomas > > >
