Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
1.0.1
-
None
Description
I'm using DeltaSpike Security Module together with Picketlink. I created an annotation:
@Retention(value = RetentionPolicy.RUNTIME)
@Target(
)
@Documented
@SecurityBindingType
public @interface Admin { }
Created an authorizer method:
@Secures
@Admin
public boolean doSecuredCheck(InvocationContext invocationContext, BeanManager manager) throws Exception {
return false; //Nobody is an admin!
}
An created a secured method:
@Admin
public void test() {
System.out.println("in method");
}
So far this works fine, the method will not run when invoked from a h:commandButton, because the authorizer method returns false. An AccessDeniedException is thrown which will be displayed on the error page. It is very ugly.
I wanted to handle the exception gracefully, so I created an exception handler:
void printExceptions(@Handles ExceptionEvent<AccessDeniedException> evt) {
FacesContext.getCurrentInstance().addMessage(null, new FacesMessage("You have no access!"));
}
The exception handler is being called, no ugly error page, and I can see the "You have no access!" message appearing on the page.
Hovewer I can also see this in the console:
"in method"
So handling the exception caused to secured method to actually run!