@PreAuthorize and JSF Managed Beans for method security

**vtsimoes** · Sep 17th, 2012, 10:17 AM

Hello,

can I use @PreAuthorize or @Secured annotation inside a JSF Managed Bean. I've attempt to do this but I'm not get success. I've insert the code above in applicationContext file:

Code:

<context:component-scan base-package="prpa.athos.MBean" />
<global-method-security  
    pre-post-annotations="enabled"  >
    
</global-method-security>

in faces-config.xml

Code:

<application>
    <el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
</application>

When I put @PreAuthorize or @Secured annotations the method secured don't blocks a user haven't authorization to execute this methos.

Please, someone help me!!

Thanks!

**Marten Deinum** · Sep 18th, 2012, 12:57 AM

You can but it is pretty useless a JSF managed bean isn't proxied or detected by Spring so basically it doesn't do anything. So you will need to have a spring managed bean (not JSF managed) and let the already SpringBeanFacesELResolver retrieve it from the context.

Another solution would be to use compile or loadtimeweaving to modify the class byte code and use AspectJ to apply the security aspects that way it will work in any environment but is a bit more tricky to get working.

Thread: @PreAuthorize and JSF Managed Beans for method security

Thread Tools

Display

@PreAuthorize and JSF Managed Beans for method security

Posting Permissions