Uploaded image for project: 'DeltaSpike'
  1. DeltaSpike
  2. DELTASPIKE-681

Handling AccessDeniedException will run the secured method

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 1.0.1
    • 1.0.2
    • Core, Security-Module
    • None

    Description

      I'm using DeltaSpike Security Module together with Picketlink. I created an annotation:

      @Retention(value = RetentionPolicy.RUNTIME)
      @Target(

      { ElementType.TYPE, ElementType.METHOD }

      )
      @Documented
      @SecurityBindingType
      public @interface Admin { }

      Created an authorizer method:

      @Secures
      @Admin
      public boolean doSecuredCheck(InvocationContext invocationContext, BeanManager manager) throws Exception {
      return false; //Nobody is an admin!
      }

      An created a secured method:

      @Admin
      public void test() {
      System.out.println("in method");
      }

      So far this works fine, the method will not run when invoked from a h:commandButton, because the authorizer method returns false. An AccessDeniedException is thrown which will be displayed on the error page. It is very ugly.

      I wanted to handle the exception gracefully, so I created an exception handler:

      void printExceptions(@Handles ExceptionEvent<AccessDeniedException> evt) {
      FacesContext.getCurrentInstance().addMessage(null, new FacesMessage("You have no access!"));
      }

      The exception handler is being called, no ugly error page, and I can see the "You have no access!" message appearing on the page.

      Hovewer I can also see this in the console:
      "in method"

      So handling the exception caused to secured method to actually run!

      Attachments

        1. DELTASPIKE-681.patch
          1 kB
          Gerhard Petracek

        Activity

          People

            Unassigned Unassigned
            kgab Gabor K
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: