[jira] [Commented] (DELTASPIKE-292) @SecurityBindings don't respect parameter types of @SecureParameterBinding parameters when determining the authorization method

Mon, 19 Nov 2012 12:12:00 -0800 

    [ 
https://issues.apache.org/jira/browse/DELTASPIKE-292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13500600#comment-13500600
 ] 

Shane Bryzak commented on DELTASPIKE-292:
-----------------------------------------

I understand what you're saying, but @SecurityParameterBinding parameters 
aren't considered in the matching algorithm, only the security binding type 
itself (in this example @CustomSecurityBinding).  See the 
registerSecuredMethod() method in [1], and matchesBinding() in [2] for the 
actual code.


[1] 
https://github.com/DeltaSpike/Mirror/blob/master/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/SecurityMetaDataStorage.java
[2] 
https://github.com/DeltaSpike/Mirror/blob/master/deltaspike/modules/security/impl/src/main/java/org/apache/deltaspike/security/impl/extension/Authorizer.java
                
> @SecurityBindings don't respect parameter types of @SecureParameterBinding 
> parameters when determining the authorization method
> -------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DELTASPIKE-292
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-292
>             Project: DeltaSpike
>          Issue Type: Bug
>          Components: Security-Module
>    Affects Versions: 0.3-incubating
>            Reporter: Arne Limburg
>            Assignee: Arne Limburg
>
> The following beans lead to the following exception: 
> org.apache.deltaspike.security.api.authorization.SecurityDefinitionException: 
> Ambiguous authorizers found for security binding type
> @ApplicationScoped
> public class SecuredBean
> {
>     @CustomSecurityBinding
>     public boolean getBlockedResult(@MockParamBinding MockObject mockObject)
>     {
>         return mockObject.isValue();
>     }
>     public boolean getResult(MockObject mockObject)
>     {
>         return mockObject.isValue();
>     }
> }
> @ApplicationScoped
> public class CustomAuthorizer
> {
>     @Secures
>     @CustomSecurityBinding
>     public boolean doSecuredCheck(@MockParamBinding MockObject obj, 
> InvocationContext invocationContext) 
>         throws Exception
>     {
>         return obj.isValue();
>     }
>     
>     @Secures
>     @CustomSecurityBinding
>     public boolean doSecuredCheck(@MockParamBinding MockObject2 obj)
>     {
>       return obj.isValue();
>     }
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to