Details

      Description

      I use @Secured with a custom AccessDecisionVoter checking if a user is logged in. If the user is not logged in I only want to redirect to the login page. Currently it is not possible to do this without creating a message in the FacesContext.

      As discussed with Gerhard, a simple solution for this would be an optional SecurityViolationHandler. If there is a bean for this type, it is used to handle SecurityViolation instances created in the voter. If not, the default behavior (adding messages to the facesContext) should be used.

        Activity

          People

          • Assignee:
            Gerhard Petracek
            Reporter:
            Michael Kurz
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development