小贝子编程

JSF CDI @Named + isAnnotationPresent + @CustomSecurityAnnota



我正在使用此链接中描述的自定义注释安全性。我正在将我的jsf托管bean从@ManagedBean升级到@Named(CDI(。由于CDI不支持作用域@ViewScoped,我使用的是org.omnifaces.CDI.ViewScoped。但是,在这种情况下,此检查无法通过if method.isAnnotationPresent(Permissao.class){}。我应该如何调整我的安全检查以使用来自Omnifaces的CDI+ViewScoped?

编辑

使用@ManagedBean/ViewScoped(jsf(而不是@Named/ViewScoped。此线路if (metodo.isAnnotationPresent(Permissao.class)) {} 出现问题

public void verificaPermissaoAcesso(ActionEvent event) {
    final FacesContext facesContext = FacesContext.getCurrentInstance();
    UIComponent source = event.getComponent();
    ActionSource2 actionSource = (ActionSource2) source;
    MethodExpression methodExpression = actionSource.getActionExpression();
    String expressao = methodExpression.getExpressionString();  // #{nomeManagedBean.nomeMetodo(param)} 
    String nomeManagedBean = expressao.substring(0, expressao.indexOf('.')).substring(2);
    String nomeMetodoComParenteses = expressao.substring(expressao.indexOf('.') + 1);        
    String nomeMetodo = nomeMetodoComParenteses.substring(0, nomeMetodoComParenteses.indexOf("("));
    ELContext elContext = facesContext.getELContext();
    ExpressionFactory factory = facesContext.getApplication().getExpressionFactory();
    ValueExpression ve = factory.createValueExpression(elContext, "#{" + nomeManagedBean + '}', Object.class);
    //Object jsfManagedBean = ve.getValue(elContext);
    Context ctx = bm.getContext(org.omnifaces.cdi.ViewScoped.class);
    Bean bean = bm.resolve(bm.getBeans(nomeManagedBean));
    Object jsfManagedBeanProxy = ctx.get(bean);
    List<Method> listaMetodos = Arrays.asList(jsfManagedBeanProxy.getClass().getMethods());
    for (Method metodo : listaMetodos) {
        if (nomeMetodo.equals(metodo.getName())) {
            if (metodo.isAnnotationPresent(Permissao.class)) {
                Permissao anotacaoSeguranca = metodo.getAnnotation(Permissao.class);
                SegurancaUtil.verificar(anotacaoSeguranca.acoes());
                break;
            } 
        }
    }
}

我的注释类

@Documented
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Permissao {
    String[] acoes();
}

我在jsf托管bean 中的注释方法

@Permissao(acoes={"permission1", "permission2"})
public void myMethod(long id) {}

编辑2-解决方案by@meriten

Context ctx = bm.getContext(org.omnifaces.cdi.ViewScoped.class);
Bean bean = bm.resolve(bm.getBeans(nomeManagedBean));
Object jsfManagedBeanProxy = ctx.get(bean);

CDI并没有注入一个裸CDIBean作为依赖项,而是一个重定向到活动范围的上下文对象的代理。此代理类没有您的注释。

请参阅https://issues.jboss.org/browse/CDI-10了解如何打开代理。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium