[jbosstools-issues] [JBoss JIRA] (JBIDE-23174) Missing validation of @SecuredReturn
Alexey Kazakov (JIRA)
issues at jboss.org
Mon Dec 12 16:48:19 EST 2016
[ https://issues.jboss.org/browse/JBIDE-23174?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexey Kazakov reassigned JBIDE-23174:
--------------------------------------
Assignee: Jeff MAURY (was: Alexey Kazakov)
> Missing validation of @SecuredReturn
> ------------------------------------
>
> Key: JBIDE-23174
> URL: https://issues.jboss.org/browse/JBIDE-23174
> Project: Tools (JBoss Tools)
> Issue Type: Feature Request
> Components: cdi-extensions
> Affects Versions: 4.4.1.Final
> Reporter: Lukáš Valach
> Assignee: Jeff MAURY
> Fix For: 4.5.x
>
> Attachments: SecuredReturn-Log, securedReturn.zip
>
>
> CDI extension DeltaSpike allows to create custom autorizer which decides whether the secured method invocation should proceed. It is possible to base the authorization logic on the result of the secured method - using annotation @SecuredReturn. (See [documentation of Deltaspike/Security Module|https://deltaspike.apache.org/documentation/security.html#Simpleinterceptor-styleauthorization])
> When the return type of the secured method doesn't match the type of authorizer method parameter annotated with @SecuredReturn then application fail with exception "SecurityDefinitionException: No matching authorizer found for security". Validator doesn't detect any problems.
> This issue can be reproduced on attached project [^securedReturn.zip]
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jbosstools-issues
mailing list