Announcement Announcement Module
Collapse
No announcement yet.
@PreAuthorize and JSF Managed Beans for method security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • @PreAuthorize and JSF Managed Beans for method security

    Hello,

    can I use @PreAuthorize or @Secured annotation inside a JSF Managed Bean. I've attempt to do this but I'm not get success. I've insert the code above in applicationContext file:

    Code:
    <context:component-scan base-package="prpa.athos.MBean" />
    <global-method-security  
        pre-post-annotations="enabled"  >
        
    </global-method-security>
    in faces-config.xml

    Code:
    <application>
        <el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
    </application>
    When I put @PreAuthorize or @Secured annotations the method secured don't blocks a user haven't authorization to execute this methos.

    Please, someone help me!!

    Thanks!

  • #2
    You can but it is pretty useless a JSF managed bean isn't proxied or detected by Spring so basically it doesn't do anything. So you will need to have a spring managed bean (not JSF managed) and let the already SpringBeanFacesELResolver retrieve it from the context.

    Another solution would be to use compile or loadtimeweaving to modify the class byte code and use AspectJ to apply the security aspects that way it will work in any environment but is a bit more tricky to get working.

    Comment

    Working...
    X