Overview
Other MyFaces Extensions
- ExtVal
- Ext-Script
- [Orchestra]
- [Portlet Bridge]
Community
Development
Sponsorship
Your browser does not support iframes
...
The rest is done by CODI. Please note that there is a natural overhead if the @Secured annotation is used as interceptor. In combination with the JSF module, we recommend to us it for the ViewConfig
instead of beans because the performance overhead is minimal compared to an interceptor.
If there are multiple AccessDecisionVoter
and maybe in different constellations, it's easier to provide an expressive CDI stereotypes for it. Later on that also allows to change the behaviour in a central place.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
@Named
@Admin
public class MyBean implements Serializable
{
//...
}
//...
@Stereotype
@Secured(RoleAccessDecisionVoter.class)
public @interface Admin
{
}
|
Furthermore, it's possible to provide custom meta-data easily.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
@Named
@Admin(securityLevel=3)
public class MyBean implements Serializable
{
//...
}
//...
@Stereotype
@Secured(RoleAccessDecisionVoter.class)
public @interface Admin
{
int securityLevel();
}
@ApplicationScoped
public class RoleAccessDecisionVoter implements AccessDecisionVoter
{
private static final long serialVersionUID = -8007511215776345835L;
@Inject
private AccessDecisionVoterContext voterContext;
public Set<SecurityViolation> checkPermission(InvocationContext invocationContext)
{
Admin admin = voterContext.getMetaDataFor(Admin.class.getName(), Admin.class);
int level = admin.securityLevel();
//...
}
}
|
...