4 Replies Latest reply on Feb 27, 2014 11:54 PM by Marc Zbyszynski

    Some questions about Errai Security in 3.0

    Marc Zbyszynski Newbie

      I've been testing out the Errai 3.0 branch for an internal project and we've been trying to use Errai Security to secure our application. Two issues have come up so far, so I thought I would ask. I decided to post this to the dev list since the feature isn't released yet, but please let me know if you'd rather I move it to the primary errai forum.

       

      Issue #1

      Our specific use case requires users to be authenticated to access our app, but no specific roles are required beyond logging in. So we've annotated our primary page with:

       

      @Templated
      @Page(path="home", role = DefaultPage.class)
      @RequireAuthentication
      

       

      The behavior that we're seeing as that the page renders fully and then the user is redirected to the login page, so the home page is briefly visible before the login page is rendered. Also we have a method annotated with @PageShown and that seems to be executed before the login page is displayed, regardless of whether the user is authenticated or not. Is this by design, and if so is there a lifecycle method or workaround for not firing a method until after the security criteria has been satisfied?

       

      Issue #2

      The master branch of errai-security right now is build with picketlink 2.5.0.Beta4. Picketlink's current stable release is 2.5.2.Final I believe, and Wildfly 8 CR1 ships with 2.5.1.Final, and it looks like some portions of their IDM api have changed significantly between 2.5.0.Beta4 and 2.5.2.Final. Is there any reason you are sticking with 2.5.0.Beta4, or are their plans to upgrade and no one has gotten around to it? I tried just overriding the version in my project's maven build, but that broke stuff so I'm guessing upgrading isn't trivial...

       

      Any insight anyone could offer would be greatly appreciated!

       

      Marc