-
1. Re: Is it possible to pass arbitrary argument to Seam Securiy Check?
zeeman Jun 26, 2012 2:07 AM (in response to sijalica)1 of 1 people found this helpfulYou need to have a @produce method for param you want, inject it in your is security method. I think I have seen an example of that in ones of seam examples. Check them out on github.com/seam, param being injected was an item. If you download seam examples source and search for it you'll find it.
-
2. Re: Is it possible to pass arbitrary argument to Seam Securiy Check?
lightguard Jul 9, 2012 9:59 AM (in response to zeeman)1 of 1 people found this helpfulYou may also want to looking what Apache DeltaSpike (https://cwiki.apache.org/DeltaSpike/temporary-documentation.html#TemporaryDocumentation-SecurityModule) with the param binding
-
3. Re: Is it possible to pass arbitrary argument to Seam Securiy Check?
sijalica Aug 3, 2012 10:21 AM (in response to lightguard)I've been trying to implement this for some time now, and I have come to this:
@Path("/path")
@LoggedIn
public interface MyClassInterface {
@GET
@Path("/method")
Response getMyValue(@QueryParam("input") Integer input);
}public class MyClass implements MyClassInterface {
@Override
@ParameterInterceptorBinding
public Response getMyValue(@CheckedParameter Integer input) {
//some stuff
}
}
public class Restrictions {
@Secures
@ParameterInterceptorBinding
public boolean isOk(@CheckedParameter Integer input) {
if (input.equals(getValueFromBackend()) {
return true;
}
return false;
}
}
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.PARAMETER)
@Documented
@SecurityParameterBinding
public @interface CheckedParameter {
}
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
@Documented
@SecurityBindingType
public @interface ParameterInterceptorBinding {
}
If I call my REST service nothing happens. If I delete @CheckedParameter from "getMyValue()" method and also "isOk()" method it works (ofcourse, now I cannot check my parameter because I don't know how to transfer it to authorizer...)
Also, if I write method like this:
public boolean isOk(InvocationContext context) {
...
}
still does not work, like there is an error and it just ignores it and acts as it is true always.
What am I doing wrong?
-
4. Re: Is it possible to pass arbitrary argument to Seam Securiy Check?
lightguard Aug 3, 2012 12:52 PM (in response to sijalica)Have you enabled the interceptor in the beans.xml file?
-
5. Re: Is it possible to pass arbitrary argument to Seam Securiy Check?
sijalica Aug 4, 2012 8:12 AM (in response to lightguard)My beans.xml looks like this:
<beans xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:s="urn:java:ee"
xmlns:security="urn:java:org.jboss.seam.security"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://jboss.org/schema/cdi/beans_1_0.xsd">
<interceptors>
<class>org.jboss.seam.security.SecurityInterceptor</class>
</interceptors>
<security:IdentityImpl>
<s:modifies/>
<security:authenticatorClass>xxxxxxxx.ACNAuthenticator</security:authenticatorClass>
</security:IdentityImpl>
</beans>
-
6. Re: Is it possible to pass arbitrary argument to Seam Securiy Check?
sijalica Aug 6, 2012 1:16 PM (in response to lightguard)Guys, does anyone has an idea what might be the problem?
This works:
public boolean isOk(Identity identity) {
identity.randomMethod... //works
}
This whole method gets ignored
public boolean isOk(InvocationContext context) {
}
And also this
public boolean isOk(@CheckedParameter Object o) {
...
}
-
7. Re: Is it possible to pass arbitrary argument to Seam Securiy Check?
lightguard Aug 6, 2012 2:20 PM (in response to sijalica)I don't know that bit of security very well. You'll probably have to get the source and start debugging, but I suspect it's simply that the invocation context isn't available for whatever reason.
-
8. Re: Is it possible to pass arbitrary argument to Seam Securiy Check?
sijalica Aug 7, 2012 9:57 AM (in response to lightguard)Okay, I solved it. It was a rookie mistake because I though that DeltaSpike and Seam are more compatible, whereas DeltaSpike makes Seam redundant. I've deleted ALL seam dependencies and added these (pom.xml):
<dependency>
<groupId>org.apache.deltaspike.core</groupId>
<artifactId>deltaspike-core-api</artifactId>
<version>${deltaspike.version}</version>
</dependency>
<dependency>
<groupId>org.apache.deltaspike.core</groupId>
<artifactId>deltaspike-core-impl</artifactId>
<version>${deltaspike.version}</version>
</dependency>
<dependency>
<groupId>org.apache.deltaspike.modules</groupId>
<artifactId>deltaspike-security-module-api</artifactId>
<version>${deltaspike.version}</version>
</dependency>
<dependency>
<groupId>org.apache.deltaspike.modules</groupId>
<artifactId>deltaspike-security-module-impl</artifactId>
<version>${deltaspike.version}</version>
</dependency>
And instead of seam SecurityInterceptor in beans.xml I added deltaspike one:
<interceptors>
<class>org.apache.deltaspike.security.impl.authorization.SecurityInterceptor</class>
</interceptors>