Details
-
Type:
Feature Request
-
Status: Resolved (View Workflow)
-
Priority:
Blocker
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 3.0.0.Final
-
Component/s: Configuration API
-
Labels:None
-
Affects:Documentation (Ref Guide, User Guide, etc.), Release Notes
Description
We need a solution to address consolidated page-flow, transactional control, security constraints, and perhaps URL-rewriting – all in one place.
It has been previously discussed that a type-safe API be possible for this - which is definitely preferred over XML configuration:
http://lists.jboss.org/pipermail/seam-dev/2010-February/002003.html
http://lists.jboss.org/pipermail/seam-dev/2010-March/002053.html
http://lists.jboss.org/pipermail/seam-dev/2010-July/002812.html
Gliffy Diagrams
Activity
- All
- Comments
- Work Log
- History
- Activity
- Links Hierarchy
I like @ViewConfig also, it's less ambiguous than @ViewData. The <f:metadata> idea is great, I really like it. For now though, let's just go with the enum-based configuration and proceed as you suggest Brian by creating a separate JIRA feature request for alternative configuration options.
Shane Bryzak
added a comment - I like @ViewConfig also, it's less ambiguous than @ViewData. The <f:metadata> idea is great, I really like it. For now though, let's just go with the enum-based configuration and proceed as you suggest Brian by creating a separate JIRA feature request for alternative configuration options. Agreed, the "data" part sounds too much like application data. I think the only way to get away from that is to drop the data word altogether - "meta" alone seems sufficient.
I propose we keep the annotation as @ViewConfig, and rename the data structures:
ViewDataStore => ViewMetaStore
ViewDataConfiguration => ViewMetaConfiguration
These ViewMeta* classes aren't going to be visible in your run-of-the mill applications anyway. They'll simply have an enum with the @ViewConfig annotation.
Brian Leathem
added a comment - Agreed, the "data" part sounds too much like application data. I think the only way to get away from that is to drop the data word altogether - "meta" alone seems sufficient.
I propose we keep the annotation as @ViewConfig, and rename the data structures:
ViewDataStore => ViewMetaStore
ViewDataConfiguration => ViewMetaConfiguration
These ViewMeta* classes aren't going to be visible in your run-of-the mill applications anyway. They'll simply have an enum with the @ViewConfig annotation. I had initially thought of creating a Faces @Restrict tag, that would use EL to grant/deny access to a page.
Shane pointed out we should rather be using the typesafe security annotations from Seam security (an optional Dependency). The app dev would build annotations that are annotated with @SecurityBindingType, and put these annotations in the @ViewConfig enum.
Faces will listen for the PostConstructViewMapEvent, retrieve the list of @SecurityBindingType annotations from the @ViewConfig, then throw a CheckSecuredViewEvent. The Seam Security module will observe it, do the security check, and return a boolean.
Not as straightforward as @Restrict(#
{expersionLanguage}), but type safety is definitely a big benefit.
Brian Leathem
added a comment - I had initially thought of creating a Faces @Restrict tag, that would use EL to grant/deny access to a page.
Shane pointed out we should rather be using the typesafe security annotations from Seam security (an optional Dependency). The app dev would build annotations that are annotated with @SecurityBindingType, and put these annotations in the @ViewConfig enum.
Faces will listen for the PostConstructViewMapEvent, retrieve the list of @SecurityBindingType annotations from the @ViewConfig, then throw a CheckSecuredViewEvent. The Seam Security module will observe it, do the security check, and return a boolean.
Not as straightforward as @Restrict(#
{expersionLanguage}
), but type safety is definitely a big benefit.
I recommend putting this code into the "org.jboss.seam.faces.view" package.
Updates for those following along:
- Class Renames. I renamed @ViewData to @ViewPattern, and everything else is named @ViewConfig[Something], all in the "org.jboss.seam.faces.view.config" package. This naming convention is a strawman proposal - I'd like to get the API working, and put it out there for community feedback.
- The @ViewConfig annotation enums wan't being picked up by Weld 1.1, so I switched to using an interface, with @ViewPattern annotations on methods. Slightly more cumbersome - but it works!
- Some ideas for refinements on Security options
- timing for security enforcement is (depending on request type):
initial | postback = AFTER_RESTORE | BEFORE_INVOKE | BEFORE_RENDER
default timing is
initial = BEFORE_RENDER, postback = AFTER_RESTORE - view to redirect to on authentication failure:
- if not logged in, redirect to a login page
- if logged in, and auth fails, redirect to an error page by default, with option of providing an "auth failed view" via anotation or parameter
- timing for security enforcement is (depending on request type):
Brian Leathem
added a comment - - edited Updates for those following along:
Class Renames. I renamed @ViewData to @ViewPattern, and everything else is named @ViewConfig [Something] , all in the "org.jboss.seam.faces.view.config" package. This naming convention is a strawman proposal - I'd like to get the API working, and put it out there for community feedback.
The @ViewConfig annotation enums wan't being picked up by Weld 1.1, so I switched to using an interface, with @ViewPattern annotations on methods. Slightly more cumbersome - but it works!
Some ideas for refinements on Security options
timing for security enforcement is (depending on request type):
initial | postback = AFTER_RESTORE | BEFORE_INVOKE | BEFORE_RENDER
default timing is
initial = BEFORE_RENDER, postback = AFTER_RESTORE
view to redirect to on authentication failure:
if not logged in, redirect to a login page
if logged in, and auth fails, redirect to an error page by default, with option of providing an "auth failed view" via anotation or parameter
This is already in Faces, albeit untested and undocumented.
ViewDataStore provides a method of associating annotation based config data, that can be configured via annotations on an enum. It is also extensible, so other configuration methods could be supported.