JSF CDI @Named + isAnnotationPresent + @CustomSecurityAnnotation

时间:2014-04-30 11:30:48

标签: jsf reflection cdi omnifaces

我使用自定义注释安全as described in this link。我将jsf托管bean从@ManagedBean升级到@Named(CDI)。由于CDI不支持@ViewScoped范围,我使用org.omnifaces.cdi.ViewScoped。但是,在这种情况下,此检查失败if method.isAnnotationPresent(Permissao.class){}。我应该如何调整我的安全检查以使用Omnifaces的CDI + ViewScoped?

修改

使用@ ManagedBean / ViewScoped(jsf)代替@ Named / ViewScoped(cdi + omnifaces)。 问题出现在这一行if (metodo.isAnnotationPresent(Permissao.class)) {} 

public void verificaPermissaoAcesso(ActionEvent event) {

    final FacesContext facesContext = FacesContext.getCurrentInstance();

    UIComponent source = event.getComponent();
    ActionSource2 actionSource = (ActionSource2) source;
    MethodExpression methodExpression = actionSource.getActionExpression();
    String expressao = methodExpression.getExpressionString();  // #{nomeManagedBean.nomeMetodo(param)} 

    String nomeManagedBean = expressao.substring(0, expressao.indexOf('.')).substring(2);
    String nomeMetodoComParenteses = expressao.substring(expressao.indexOf('.') + 1);        
    String nomeMetodo = nomeMetodoComParenteses.substring(0, nomeMetodoComParenteses.indexOf("("));

    ELContext elContext = facesContext.getELContext();
    ExpressionFactory factory = facesContext.getApplication().getExpressionFactory();
    ValueExpression ve = factory.createValueExpression(elContext, "#{" + nomeManagedBean + '}', Object.class);
    //Object jsfManagedBean = ve.getValue(elContext);

    Context ctx = bm.getContext(org.omnifaces.cdi.ViewScoped.class);
    Bean bean = bm.resolve(bm.getBeans(nomeManagedBean));
    Object jsfManagedBeanProxy = ctx.get(bean);

    List<Method> listaMetodos = Arrays.asList(jsfManagedBeanProxy.getClass().getMethods());

    for (Method metodo : listaMetodos) {
        if (nomeMetodo.equals(metodo.getName())) {
            if (metodo.isAnnotationPresent(Permissao.class)) {
                Permissao anotacaoSeguranca = metodo.getAnnotation(Permissao.class);
                SegurancaUtil.verificar(anotacaoSeguranca.acoes());
                break;
            } 
        }
    }
}

我的注释类

@Documented
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Permissao {
    String[] acoes();
}

我在jsf托管bean中的注释方法

@Permissao(acoes={"permission1", "permission2"})
public void myMethod(long id) {}

编辑2 - @meriton解决方案 

Context ctx = bm.getContext(org.omnifaces.cdi.ViewScoped.class);
Bean bean = bm.resolve(bm.getBeans(nomeManagedBean));
Object jsfManagedBeanProxy = ctx.get(bean);

1 个答案:

答案 0 :(得分:2)

CDI不会将裸CDI bean作为依赖项注入,而是将代码重定向到活动范围的上下文对象。此代理类没有您的注释。

有关如何打开代理的信息,请参阅https://issues.jboss.org/browse/CDI-10

相关问题
最新问题