Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Programmatic security check is not redirecting user to 403 page #3

Open
rmpestano opened this issue Dec 2, 2018 · 8 comments
Open

Programmatic security check is not redirecting user to 403 page #3

rmpestano opened this issue Dec 2, 2018 · 8 comments
Labels
bug Something isn't working

Comments

@rmpestano
Copy link
Contributor

Issue overview

The programmatic security check here works but doesn't redirect user to 403 page as configured in web.xml here.

Current behavior

The page freezes when a non admin user tries to delete a car in car-form page.

Expected behavior

Users without ADMIN_ROLE should be redirected to 403 page when trying to delete a car in car-form page.
@rmpestano rmpestano added the bug Something isn't working label Dec 2, 2018
@aLeXcBa1990
Copy link

Hi @rmpestano.
I thing I can fix this, but can I give some suggestion?

@rmpestano
Copy link
Contributor Author

Hi, yes any advice is very welcome!

Thank you in advance.

@aLeXcBa1990
Copy link

I think it's unnecessary to redirect to 403, we could:

  1. Hide the button delete to not ADMIN users.
  2. Launch a faces message informing that only ADMIN users can do it.
  3. Both previous for security.

@rmpestano
Copy link
Contributor Author

I prefer to keep the same behavior we have in admin-starter-security, is it possible?

@aLeXcBa1990
Copy link

Ok. I will try to fix that.

@rmpestano
Copy link
Contributor Author

Any idea @persapiens?

@aLeXcBa1990
Copy link

Hi @rmpestano

I've been doing some tests with admin-starter-springboot-security.
After some attempts I built the project almost successfully.
I found some issues at AdminFilter.java , which is handling the session through from AdminSession.java .

There the problems began:

  1. I am almost certain that issu issue3 is related

  2. The project runs in the tests in the IDE but when mounting the war in Tomcat I have the following error:
    com.github.adminfaces.template.exception.CustomExceptionHandler.goToErrorPage
    java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered?

  3. When trying to use SecurityContextHolder.getContext().GetAuthentication().GetName() to verify if the user is registered, I get an error, which I think is related to issue454, since AdminServletContextListener initializes javax.servlet.ServletContextListener instead of org.springframework.web.context.ContextLoaderListener

I would like to contribute admin-starter-springboot-security. with a functional example with a database but this error has been delayed for a few days, I hope you can help me

@aLeXcBa1990
Copy link

Hi again @rmpestano

I tell you that by reviewing adminfaces/admin-starter-springboot-security#4 and following the instructions of this page I can run the project in production

Very soon I will be updating adminfaces/admin-starter-springboot-security with everything I have been able to learn

regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rmpestano @aLeXcBa1990