4 Replies Latest reply on May 10, 2011 3:46 PM by Jason Porter

    Seam Security Interceptors

    Mo Grauel Newbie

      Hi,


      I am toying around with seam-security. I have some trouble getting Typesafe Authorization to work for me. I am using seam-security 3.0.0.Final. I have created an annotation:



      @SecurityBindingType
      @Retention(RetentionPolicy.RUNTIME)
      @Target({ElementType.FIELD, ElementType.METHOD, ElementType.TYPE})
      public @interface FooRequired {
      }



      And a corresponding method. If I use that annotation in a @ViewConfig it works as expected. However if I annotate a method with it, it has no result at runtime.


      It never gets called.


      After some poking, I was wondering why the SecurityInterceptor is not in the interceptor list of the seam-security beans.xml? Is this a bug? It only lists the TransactionInterceptor


      I have placed a breakpoint inside the SecurityInterceptor and it never get's called.


      If I annotate my secured method the following way:



      @Interceptors({SecurityInterceptor.class})
          @FooRequired
          public void foo(){...}



      Everything works as I expect it. But this is not the intended way, isn't it? Am I doing something wrong?


      Any help would be appreciated.


      Thanks

        • 1. Re: Seam Security Interceptors
          Jason Porter Master

          Add the interceptor in the beans.xml and let us know the result. Interceptors are not enabled by default and must be listed in the beans.xml (I would put the security interceptor first so it's the first interceptor to be invoked).

          • 2. Re: Seam Security Interceptors
            Mo Grauel Newbie

            Adding


            <interceptors>
                <class>org.jboss.seam.security.extension.SecurityInterceptor</class>
              </interceptors>



            to my beans.xml works. The interceptor get's called and the the security of the annotated methods gets validated.


            Does the documentation of seam-security mentions somewhere that one has to enable the SecurityInterceptor manually?


            If I specify


            <interceptors>
                <class>org.jboss.seam.security.extension.SecurityInterceptor</class>
                <class>org.jboss.seam.transaction.TransactionInterceptor</class>
              </interceptors>



            in my beans.xml the applications fails to deploy.

            WELD-001416 Enabled interceptor class [..snip..]TransactionInterceptor[..snip..] specified twice





            • 3. Re: Seam Security Interceptors
              Richard Barabe Newbie

              This is because the transaction interceptor is already configured in seam-security-impl jar  (see /META-INF/beans.xml of the seam-security-impl jar) ...

              • 4. Re: Seam Security Interceptors
                Jason Porter Master

                It doesn't look like it is in the docs, please add a JIRA (or even a pull request :) )