[jboss-user] [JBoss Seam] - Re: Exception for authorization attempt

henrik.lindberg do-not-reply at jboss.com
Sun Feb 4 12:13:27 EST 2007


I tried it - does not work for me. Is it supposed to work for 1.1.5.GA, or does this depends on things only in CVS?

This is what I have done

In security.drl

  | canUserRenderSettings
  |   no-loop
  |   activation-group "permissions"
  | when
  | 	c: PermissionCheck(name == "/settings.xhtml" || "settings", action == "render", granted == false)
  | then
  | 	c.grant();
  | 	modify(c);
  | end;
  | 
I.e. a very lean rule, the user only has to be logged in. I added || "settings" because I wanted to try to check permission explicetly and use "settings" as the tag - have not tried that yet though.

I added the "no-loop", and "activation-group" from the example in CVS. Also added the "modify(c)" at the end. Don't know what they are supposed to do, but I can guess.

Then in pages.xml I have the two exception declarations:

  | <!-- When NotLoggedInException occurs - redirect to login -->
  | <exception class="org.jboss.seam.security.NotLoggedInException">
  | 	<redirect view-id="/login.xhtml">
  | 	<faces-message>You must be a member to use this feature</faces-message>
  | 	</redirect>
  | 	<end-conversation/>
  | </exception>
  | 
  | <!-- When AuthorizationException occurs - redirect to error page -->
  | <exception class="org.jboss.seam.security.AuthorizationException">
  | 	<redirect view-id="/security_error.xhtml">
  | 	<faces-message>You do not have permission to do this</faces-message>
  | 	</redirect>
  | 	<end-conversation/>
  | </exception>
  | </pages>
  | 

(to be continued in the next post...)

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4010910#4010910

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4010910



More information about the jboss-user mailing list