[jboss-user] [JBoss Seam] - Re: not redirecting to security_error.xhtml

lowecg2004 do-not-reply at jboss.com
Fri Aug 3 10:57:24 EDT 2007 

I just came across this issue and managed to figure out a workaround.

I had a class level @Restrict defined for a bean.  The bean had two functions: 1) to provide a @DataModel with its associated @Factory; and 2) to define an action method for my persistence logic.  From the JIRA reference above it seams that exception trapping does not work if the exception occurs during the RENDER_RESPONSE phase.  The button action should be fine since the action would be called as part of the  INVOKE_APPLICATION phase.

However, the problem comes from the @DataModel (or any other data binding for that matter) which will only be called during the RENDER_RESPONSE phase.  Therefore when the page that uses the data model is first accessed, it is the point when the bindings/data model are first accessed that cause the problem.  The workaround comes from the fact that we need to somehow get the bean to be accessed during an earlier phase.  Fortunately for us, this is really easy to do in Seam using a page action:

Add a dummy method to your bean...
  | 
  | @Name("permissionsHome")
  | @Scope(ScopeType.CONVERSATION)
  | @Restrict("#{s:hasRole('administration')}")
  | public class PermissionsHome {
  | 
  |   ...
  | 
  |   public void forceEarlySecurityCheck() {
  |     // this page action ensures that the class level @Restrict() rules are run before RENDER_RESPONSE
  |   }
  | }
  | 
  | 
  | ...and invoke from your XXX.pages.xml
  | 
  | <page ... action="#{permissionsHome.forceEarlySecurityCheck}" >
  | </page>

This results in an invocation attempt against the action before RENDER_RESPONSE thus allows the AuthorizationException be handled correctly by Seam.

I'm sure you lot had already figured this out, but I thought I'd post my solution just in case it's useful to someone else.

Cheers,

Chris.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4070650#4070650

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4070650

More information about the jboss-user mailing list