Hi Jaroslav

> Note, I am using deltaspike 0.4 incubation version. May this be a problem?

Yes, our tool supports 0.3 incubation version. In version 0.4, class implementing Extension interface
is moved from org.apache.deltaspike.security.impl.authorization.SecurityExtension
to org.apache.deltaspike.security.impl.extension.SecurityExtension. That name is registered in META-INF/javax.enterprise.inject.spi.Extension.

Best regards
Slava Kabanovich

On 01/21/2013 12:27 AM, Jaroslav Jankovic wrote:
Hi Slava,

what triggers CDI Validator to work? I have performed all steps you've provided but still no errors nor warnings.

I have CDI enabled project with 4 deltaspike jars on its classpath (core-api/impl, secure model-api/impl). What am I missing?

Note, I am using deltaspike 0.4 incubation version. May this be a problem?

J.J.

On 01/15/2013 06:40 PM, Viacheslav Kabanovich wrote:



-------- Original Message --------
Subject: Re: Deltaspike
Date: Tue, 15 Jan 2013 09:32:03 -0800
From: Viacheslav Kabanovich <scabanovich@exadel.com>
To: Jaroslav Jankovic <jjankovi@redhat.com>


Hi Jaroslav

Please look at test DeltaspikeValidationTest  in plugin org.jboss.tools.cdi.deltaspike.core.test
Method testSecurityValidation() tests all situations that our validation supports. It works with test project located at org.jboss.tools.cdi.deltaspike.core.test/projects/DeltaspikeCoreTest

For example, in the last assert, it checks that error is added at method SecuredBean1.doSomething3() "No matching authorizer found for security binding type deltaspike.security.CustomSecurityBinding on method doSomething3" because there is no authorized method with binding CustomSecurityBinding(1). Class CustomAuthorizer declares five authorizer methods, but they do not match this binding. On the other hand two authorizer methods match SecuredBean1.doSomething2() so that another assert checks that there is error on that method "Ambiguous authorizers found for security binding type deltaspike.security.CustomSecurityBinding on method doSomething2"

So, steps:
1. Annotation type for security binding
@SecurityBindingType
public @interface CustomSecurityBinding {
    int value() default 0;
}

2. Class providing authorizing methods
public class CustomAuthorizer {
   
    @Secures
    @CustomSecurityBinding(4)
    public boolean check() {       
        return true;
    }

    @Secures 
    @CustomSecurityBinding(4)
    public boolean check1() {       
        return true;
    }

    @Secures     // error - authorizer method should return boolean
    @CustomSecurityBinding2
    public void check3() {      
    }

    @Secures //error - authorizer method should have a binding annotation
    public boolean check4() {
        return true;
    }

}

3. Class with security methods
public class SecuredBean1 {

    @CustomSecurityBinding(4) // error - two authorizer methods match
    public SecuredBean1 doSomething2() {
        return null;
    }

    @CustomSecurityBinding(1)  // error - no matching authorizer method
    public SecuredBean1 doSomething3() {
        return null;
    }
}

Best regards
Slava Kabanovich

On 01/15/2013 03:34 AM, Jaroslav Jankovic wrote:
Hi Slava,

I am implementing integration tests for deltaspike. I have only one problem - it is security model.
I cannot figure out circumstances under which specific validation problems appear. I mean I have read all documentation about security model in deltaspike I had found, but with no success. I have also read your comment in https://issues.jboss.org/browse/JBIDE-11552, but also no progress.

Can you please provide me exact steps to simulate all security validations situations supported for deltaspike?

I would really appreciate it.
Thanks

Best regards
Jaroslav Jankovic