Hi,
Following the Seam reference, I've setup a login page using the identity management
facilities. The log in works fine, and in my Facelets I can use the following
successfully:
<s:div rendered="#{identity.loggedIn}">
| YOU ARE LOGGED IN
| </s:div>
I've also setup the JBoss Rules engine, so the following also works:
<s:div rendered="#{s:hasPermission('customer', 'delete',
null)}">
| YOU HAVE CUSTOMER DELETE
| </s:div>
and;
<s:div rendered="#{s:hasRole('power')}">
| YOU HAVE POWER ROLE
| </s:div>
So far so good. These pages all reference a simple backing bean as follows:
| package au.gov.austrac.ao.prototype;
|
| import org.jboss.seam.annotations.In;
| import org.jboss.seam.annotations.Name;
| import org.jboss.seam.annotations.security.Restrict;
| import org.jboss.seam.security.Identity;
|
| @Name("authenticator")
| public class ExampleAuthenticator {
|
| @In
| Identity identity;
|
| public String name = "bill";
|
| public String getName() {
| tryRulesEngine();
| return name;
| }
|
| public void setName(String name) {
| this.name = name;
| }
|
| @Restrict("#{identity.loggedIn}")
| public void tryRulesEngine() {
| System.out.println("logged in? " + identity.isLoggedIn());
| }
|
| public boolean authenticate() {
| identity.addRole("power");
| return true;
| }
| }
This bean is available under the name "authenticator" in my pages via the @Name
annotation, and the authenticate() method is invoked by the identity code, so it would
seem that the framework knows about this class and the Seam annotations are being invoked
(at least @Name is), yet when I'm not logged in I can still access the
tryRulesEngine() method. Note that the section of the page controlled by the first code
snippet above is not displayed.
It appears that the @Restrict annotation is not working or is not being invoked?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069842#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...