Seam 3 security - annotations member access

baecks Dec 21, 2011 5:27 AM

Hello,

I set up security for my SEMA 3 (faces) application. Doing so means defining a number of enums and applying annotations (example below):

@ViewConfig
public interface Pages {
     static enum Pages1 {
          //@FacesRedirect
          @ViewPattern("/app/*")
          // @AccessDeniedView("/denied.xhtml")
          @LoginView("/login.xhtml")
          @User(foo = "test")
          ALL;
     }

With @User defined like this:

@SecurityBindingType
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.FIELD, ElementType.METHOD})
public @interface User {
     @Nonbinding String foo() default "ALL";
}

I'd now like to write one (and only one) authorizer method for @User, in which I can get access to the foo property that of the annotation applied to the enum for which the method is executed. I would be something like this:

@Secures @User boolean validate(){
  if(@User.foo().isEmpty()) return false;
}

I'd appreciate if somebody could let me know if/home this is possible in Seam 3.

Thanks,
Sven.

1. Re: Seam 3 security - annotations member access

fabriciolemos Dec 21, 2011 1:48 PM (in response to baecks)

That´s not possible: http://www.seamframework.org/Community/PermissionbasedAuthorizationInSeamFaces#comment152931

If you have 50 types of Users you have to write 50 annotations and 50 authorization methods.
Actions
2. Re: Seam 3 security - annotations member access

baecks Dec 22, 2011 4:06 AM (in response to baecks)

Hi Fabricio,

Thanks a lot for answering ... very appreciated.

I do believe supporting this would be a great addition to SEAM though. If there would be anybody of the development team reading this ... ;-)

Regards,
Sven.
Actions
3. Re: Seam 3 security - annotations member access

lightguard Dec 23, 2011 12:18 AM (in response to baecks)

Please create a JIRA ticket so we all can track it.
Actions

Go to original post