4 Replies Latest reply on May 10, 2011 3:46 PM by lightguard

Seam Security Interceptors

mo.moritz.grauel.akquinet.de May 9, 2011 1:18 PM

Hi,

I am toying around with seam-security. I have some trouble getting Typesafe Authorization to work for me. I am using seam-security 3.0.0.Final. I have created an annotation:

@SecurityBindingType
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.FIELD, ElementType.METHOD, ElementType.TYPE})
public @interface FooRequired {
}

And a corresponding method. If I use that annotation in a @ViewConfig it works as expected. However if I annotate a method with it, it has no result at runtime.

It never gets called.

After some poking, I was wondering why the SecurityInterceptor is not in the interceptor list of the seam-security beans.xml? Is this a bug? It only lists the TransactionInterceptor

I have placed a breakpoint inside the SecurityInterceptor and it never get's called.

If I annotate my secured method the following way:

@Interceptors({SecurityInterceptor.class})
    @FooRequired
    public void foo(){...}

Everything works as I expect it. But this is not the intended way, isn't it? Am I doing something wrong?

Any help would be appreciated.

Thanks

1. Re: Seam Security Interceptors

lightguard May 9, 2011 3:15 PM (in response to mo.moritz.grauel.akquinet.de)

Add the interceptor in the beans.xml and let us know the result. Interceptors are not enabled by default and must be listed in the beans.xml (I would put the security interceptor first so it's the first interceptor to be invoked).
Actions
2. Re: Seam Security Interceptors

mo.moritz.grauel.akquinet.de May 10, 2011 3:37 AM (in response to mo.moritz.grauel.akquinet.de)
Adding

<interceptors> <class>org.jboss.seam.security.extension.SecurityInterceptor</class> </interceptors>

to my beans.xml works. The interceptor get's called and the the security of the annotated methods gets validated.

Does the documentation of seam-security mentions somewhere that one has to enable the SecurityInterceptor manually?

If I specify

<interceptors> <class>org.jboss.seam.security.extension.SecurityInterceptor</class> <class>org.jboss.seam.transaction.TransactionInterceptor</class> </interceptors>

in my beans.xml the applications fails to deploy.
WELD-001416 Enabled interceptor class [..snip..]TransactionInterceptor[..snip..] specified twice
Actions
3. Re: Seam Security Interceptors

baraber May 10, 2011 9:47 AM (in response to mo.moritz.grauel.akquinet.de)

This is because the transaction interceptor is already configured in seam-security-impl jar (see /META-INF/beans.xml of the seam-security-impl jar) ...
Actions
4. Re: Seam Security Interceptors

lightguard May 10, 2011 3:46 PM (in response to mo.moritz.grauel.akquinet.de)

It doesn't look like it is in the docs, please add a JIRA (or even a pull request :) )
Actions

Go to original post