<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Jaroslav<br>
<br>
> Note, I am using deltaspike 0.4 incubation version. May this
be a problem?<br>
<br>
Yes, our tool supports 0.3 incubation version. In version 0.4,
class implementing Extension interface<br>
is moved from
org.apache.deltaspike.security.impl.authorization.SecurityExtension<br>
to
org.apache.deltaspike.security.impl.extension.SecurityExtension.
That name is registered in
META-INF/javax.enterprise.inject.spi.Extension. <br>
<br>
Best regards<br>
Slava Kabanovich<br>
<br>
On 01/21/2013 12:27 AM, Jaroslav Jankovic wrote:<br>
</div>
<blockquote cite="mid:50FCFBFE.6020406@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi Slava,<br>
<br>
what triggers CDI Validator to work? I have performed all steps
you've provided but still no errors nor warnings. <br>
<br>
I have CDI enabled project with 4 deltaspike jars on its
classpath (core-api/impl, secure model-api/impl). What am I
missing?<br>
<br>
Note, I am using deltaspike 0.4 incubation version. May this be
a problem?<br>
<br>
J.J.<br>
<br>
On 01/15/2013 06:40 PM, Viacheslav Kabanovich wrote:<br>
</div>
<blockquote cite="mid:50F594A9.50107@exadel.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<br>
<div class="moz-forward-container"><br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" border="0"
cellpadding="0" cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>Re: Deltaspike</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date:
</th>
<td>Tue, 15 Jan 2013 09:32:03 -0800</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From:
</th>
<td>Viacheslav Kabanovich <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:scabanovich@exadel.com"><scabanovich@exadel.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To:
</th>
<td>Jaroslav Jankovic <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:jjankovi@redhat.com"><jjankovi@redhat.com></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi Jaroslav<br>
<br>
Please look at test DeltaspikeValidationTest in plugin
org.jboss.tools.cdi.deltaspike.core.test<br>
Method testSecurityValidation() tests all situations that
our validation supports. It works with test project located
at
org.jboss.tools.cdi.deltaspike.core.test/projects/DeltaspikeCoreTest<br>
<br>
For example, in the last assert, it checks that error is
added at method SecuredBean1.doSomething3() "No matching
authorizer found for security binding type
deltaspike.security.CustomSecurityBinding on method
doSomething3" because there is no authorized method with
binding CustomSecurityBinding(1). Class CustomAuthorizer
declares five authorizer methods, but they do not match this
binding. On the other hand two authorizer methods match
SecuredBean1.doSomething2() so that another assert checks
that there is error on that method "Ambiguous authorizers
found for security binding type
deltaspike.security.CustomSecurityBinding on method
doSomething2"<br>
<br>
So, steps:<br>
1. Annotation type for security binding<br>
@SecurityBindingType<br>
public @interface CustomSecurityBinding {<br>
int value() default 0;<br>
}<br>
<br>
2. Class providing authorizing methods<br>
public class CustomAuthorizer {<br>
<br>
@Secures <br>
@CustomSecurityBinding(4)<br>
public boolean check() { <br>
return true;<br>
}<br>
<br>
@Secures <br>
@CustomSecurityBinding(4)<br>
public boolean check1() { <br>
return true;<br>
}<br>
<br>
@Secures // error - authorizer method should return
boolean<br>
@CustomSecurityBinding2<br>
public void check3() { <br>
}<br>
<br>
@Secures //error - authorizer method should have a
binding annotation<br>
public boolean check4() { <br>
return true;<br>
}<br>
<br>
}<br>
<br>
3. Class with security methods<br>
public class SecuredBean1 {<br>
<br>
@CustomSecurityBinding(4) // error - two authorizer
methods match<br>
public SecuredBean1 doSomething2() {<br>
return null;<br>
}<br>
<br>
@CustomSecurityBinding(1) // error - no matching
authorizer method<br>
public SecuredBean1 doSomething3() { <br>
return null;<br>
}<br>
}<br>
<br>
Best regards<br>
Slava Kabanovich<br>
<br>
On 01/15/2013 03:34 AM, Jaroslav Jankovic wrote:<br>
</div>
<blockquote cite="mid:50F53EE0.2090703@redhat.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Hi Slava,<br>
<br>
I am implementing integration tests for deltaspike. I have
only one problem - it is security model.<br>
I cannot figure out circumstances under which specific
validation problems appear. I mean I have read all
documentation about security model in deltaspike I had
found, but with no success. I have also read your comment in
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a moz-do-not-send="true"
href="https://issues.jboss.org/browse/JBIDE-11552">https://issues.jboss.org/browse/JBIDE-11552</a>,
but also no progress.<br>
<br>
Can you please provide me exact steps to simulate all
security validations situations supported for deltaspike?<br>
<br>
I would really appreciate it.<br>
Thanks<br>
<br>
Best regards<br>
Jaroslav Jankovic<br>
</blockquote>
<br>
<br>
</div>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>