Your browser does not support iframes
...
The rest is done by CODI. Please note that there is a natural overhead if the @Secured annotation is used as interceptor. In combination with the JSF module, we recommend to us it for the ViewConfig instead of beans because the performance overhead is minimal compared to an interceptor.
This feature is optional and has to be activated via CodiCoreConfig#isInvalidBeanCreationEventEnabled. It allows to check the permission before a bean gets created for a CODI scope.
The abstract class AbstractBeanCreationDecisionVoter
...
allows an easier implementation. An InvalidBeanCreationEvent will be fired for every detected violation and it's possible to prevent the creation of an exception (see #setThrowSecurityViolation) because a context doesn't allow to handle such exceptions in a nice way. Internally CODI uses this concept for @ConversationRequired, however, it's possible to use it also for custom concepts.
This exception will be thrown in case of a security violation and contains the reason(s) of the violation(s) (a set of SecurityViolation )
...
