[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-1018) Allow security checks in component lifecycle methds

Christian Bauer (JIRA) jira-events at lists.jboss.org
Fri Mar 9 13:07:48 EST 2007

     [ http://jira.jboss.com/jira/browse/JBSEAM-1018?page=all ]

Christian Bauer updated JBSEAM-1018:

    Priority: Minor  (was: Optional)

Upgrading this to minor, I don't see an easy and generic way how else I could check a users permission to create an entity instance. I don't want to defer checking until INSERT and I don't want to only hide the UI button or restrict the page access. I have a single controller method through which all relevant business entities are instantiated, and I need to assert some stuff into rules working memory in @Create before I do that check.

I didn't try @Restrict(<some expressions>) and @Create together, because I don't have the stuff I need to assert in any Seam context at that time.

> Allow security checks in component lifecycle methds
> ---------------------------------------------------
>                 Key: JBSEAM-1018
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-1018
>             Project: JBoss Seam
>          Issue Type: Feature Request
>          Components: Core
>            Reporter: Christian Bauer
>            Priority: Minor
> The Component.java.callComponentMethod() is used for lifecycle method calling, such as @Create methods. It also wraps all exceptions thrown in these methods, or at least casts them into RuntimeException (even if it already is a RuntimeException). So I can't use Identity.instance.checkPermission() in a @Create method and have my exception handling apply to failure. Minimum required: document this.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the seam-issues mailing list