Uploaded image for project: 'DeltaSpike'
  1. DeltaSpike
  2. DELTASPIKE-801

Security: SecurityParameterValueRedefiner doesnt recognize @Nonbinding

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 1.2.0
    • 1.2.1
    • Security-Module
    • None
    • Wildfly 8.1.0.Final / JSF / DeltaSpike

    Description

      According specification @Nonbinding annotation desingates properties of annotations to be ignored when checking for equality.

      Nevertheless I get a missing parameter binding exception in following situation:

      Exception:
      java.lang.IllegalStateException: Missing required security parameter binding [@at.telekom.sms.web.security.AuthorizedParam(action=UPDATE)] on method invocation [net.a1.csms.jsf.GroupBean.setCsmsGroup(class at.telekom.sms.persistence.entities.SmsLists)]

      Binding Annotaiton:

      @SecurityParameterBinding
      @Target(

      { TYPE, METHOD, FIELD, PARAMETER }

      )
      @Retention(RUNTIME)
      public @interface AuthorizedParam

      { @Nonbinding Action action() default Action.UPDATE; }

      Authorizer:

      public class MssmsAuthorizer {

      @Secures @Authorized
      public boolean authorized(InvocationContext ctx, @LoggedIn MssmsUser mssmsUser, @AuthorizedParam SmsLists smsList)

      { return doAuthorize(ctx, mssmsUser, smsList); }

      }

      Annotated Bean method:

      {
      @Authorized
      @OpenTransactionProvided(rollbackOnly=true)
      public void setCsmsGroup(@AuthorizedParam(action=Action.READ) final SmsLists newGroup)

      { ... }

      }

      Attachments

        Activity

          People

            gpetracek Gerhard Petracek
            shadogray Thomas Frühbeck
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: