我通过以下几个例子创建了我的安全检查:
但不幸的是,在检查失败的情况下,我无法看到如何添加FacesMesagges异常。
我的档案:
CheckAction
@Inherited
@InterceptorBinding
@Retention(RetentionPolicy.RUNTIME)
@Target({ ElementType.METHOD, ElementType.TYPE })
public @interface CheckAction {
@Nonbinding public ESysObject object() default ESysObject.NONE;
@Nonbinding public EAction action() default EAction.NONE;
}
CheckActionInterceptor
@Interceptor
@CheckAction
public class CheckActionInterceptor implements Serializable {
private static final long serialVersionUID = 1L;
@AroundInvoke
public Object checkPermissions(InvocationContext context) throws Exception {
final CheckAction annotation = context.getMethod().getAnnotation(CheckAction.class);
if (!isActionAllowed(annotation.object(), annotation.action())) {
throw new PermissionException("Sorry you don't have needed permissions");
}
return context.proceed();
}
为myBean
@Named
@ViewScoped
@Logged
public class PageController implements Serializable {
private static final long serialVersionUID = 1L;
@CheckAction(object = ESysObject.Dictionary, action = EAction.WRITE)
public String save() {
switch (action) {
case "create":
case "edit":
service.saveOrUpdate(cursor);
break;
}
return "page?faces-redirect=true";
}
这一切都有效。
但是如何处理PermissionException呢?如何FacesContext.getCurrentInstance().addMessage("security check", new FacesMessage("Permission Error", "you don't have needed permissions"));
答案 0 :(得分:0)
所以,我已经完成了我的问题。
就我而言,我发现了这个问题:
CheckActionInterceptor
class A{
protected:
int n;
};
class B:protected A{
public:
using A::n;
};
int main(){
B obj;
obj.n=0;
}
我没有错误,我返回null。我的程序更进一步,但不允许执行所需的操作/方法。