Versions Compared

Old Version 29

changes.mady.by.user Gerhard Petracek

Saved on

compared with

New Version 30

changes.mady.by.user Gerhard Petracek

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The rest is done by CODI. Please note that there is a natural overhead if the @Secured annotation is used as interceptor. In combination with the JSF module, we recommend to us it for the ViewConfig instead of beans because the performance overhead is minimal compared to an interceptor.

@Secured and Stereotypes (since CODI v1.0.4)

If there are multiple AccessDecisionVoter and maybe in different constellations, it's easier to provide an expressive CDI stereotypes for it. Later on that also allows to change the behaviour in a central place.

Code Block
java
java
titleStereotype support of @Secured

@Named
@Admin
public class MyBean implements Serializable
{
  //...
}

//...
@Stereotype
@Secured(RoleAccessDecisionVoter.class)
public @interface Admin
{
}

Furthermore, it's possible to provide custom meta-data easily.

Code Block
java
java
titleStereotype of @Secured with custom meta-data

@Named
@Admin(securityLevel=3)
public class MyBean implements Serializable
{
  //...
}

//...
@Stereotype
@Secured(RoleAccessDecisionVoter.class)
public @interface Admin
{
  int securityLevel();
}

@ApplicationScoped
public class RoleAccessDecisionVoter implements AccessDecisionVoter
{
    private static final long serialVersionUID = -8007511215776345835L;
    
    @Inject
    private AccessDecisionVoterContext voterContext;

    public Set<SecurityViolation> checkPermission(InvocationContext invocationContext)
    {
        Admin admin = voterContext.getMetaDataFor(Admin.class.getName(), Admin.class);
        int level = admin.securityLevel();
        //...
    }
}

BeanCreationDecisionVoter

...