hi alexei, it's currently not supported (intentionally). -> please file a jira-ticket for it and we will re-visit this topic.
regards, gerhard 2016-06-09 0:53 GMT+02:00 Осипов Алексей <[email protected]>: > Hello, > > I'm working with type-safe view-config for my app an run in an issue with > defining security restrictions for pages. > > Deltaspike documentation explains how to use @Secured annotation and > implement AccessDecisionVoter-s to define permission checks for pages. > I have a bunch of custom SecurityBindingType-s that checked via > @Secures-annotated methods and I want to use those SecurityBindingType-s to > configure permission checks on ViewConfig objects. > > Example (mostly just from Deltaspike docs): > // Custom security binding annotation: > > |@Retention(value = RUNTIME) @Target({TYPE, METHOD}) @Documented > @SecurityBindingType public @interface UserLoggedIn {}| > > // Custom /authorizer/| > @ApplicationScoped | > > |public class LoggedInAuthorizer { @Secures @UserLoggedIn public boolean > doSecuredCheck(Identity identity) throws Exception { return > identity.isLoggedIn(); } }| > > // View config > @|UserLoggedIn // <- Note that I want to use |security binding annotation > here. Not a new class with @Secured > |public class MyPage implements ViewConfig||{ | > > |}| > // Note: this example has only one annotation (|UserLoggedIn|) but my app > has a dozen of them. > > So I want to use security binding annotations for ViewConfig classes in > the same way we usually use them for beans. > The problem is that I can't find easy way to do that type of security > check declaration in Delatspike. > > Obviously, I can write a AccessDecisionVoter for each custom security > binding type but I don't want to create so many classes just for view > configuration. > Also I can write an AccessDecisionVoter and list all my security binding > annotations and check them one by one. However I don't want to hardcode the > list of annotations. To high risk that somebody forgets to update the list. > > Is there better way to achieve that? Am I missing something? > > || > > Reference docs: > https://deltaspike.apache.org/documentation/security.html > https://deltaspike.apache.org/documentation/jsf.html > > PS: I've run into that problem during migration from Seam 3. Seam allowed > to use security binding annotations in page configuration. > > Best regards, > Alexei Osipov >
