alexey plotnikov created JBSEAM-5139: ---------------------------------------- Summary: Attribute login-required="true" is ignored in *.page.xml file with ajax requests Key: JBSEAM-5139 URL: https://issues.jboss.org/browse/JBSEAM-5139 Project: Seam 2 Issue Type: Feature Request Affects Versions: 2.3.1.Final Reporter: alexey plotnikov I use: Jboss Seam 2.3.1.Final, Richfaces 4.3.5.Final. # something.xhtml page: {code} <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <ui:composition xmlns="http://www.w3.org/1999/xhtml" xmlns:s="http://jboss.org/schema/seam/taglib" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:rich="http://richfaces.org/rich" xmlns:a4j="http://richfaces.org/a4j" template="/layout/wide_template.xhtml"> <ui:define name="content"> <h:form> <a4j:commandLink execute="@form" status="common_status" render="mainList,pages" value="#{messages['pages.refresh']}"/> ............................. {code} # something.page.xml file: {code} <?xml version="1.0" encoding="UTF-8"?> <page xmlns="http://jboss.org/schema/seam/pages" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://jboss.org/schema/seam/pages http://jboss.org/schema/seam/pages-2.3.xsd" login-required="true" action="#{somethingList.find}"> <restrict>#{permissions.hasPermission('somethingList','list')}</restrict> <param name="order" value="#{somethingList.order}" required="false"/> </page> {code} # seam component SomethingList.java: {code} @Name("somethingList") @Scope(ScopeType.EVENT) @BypassInterceptors public class SomethingList { ....... @Create public void onCreate() { System.out.println("loggedIn="+ Identity.instance().isLoggedIn()); Contexts.getSessionContext().get("obj").toString(); //SOMETHING LOGIC ......................... } .... } {code} Two situations: # No ajax, usually GET request for page _something.seam_(in browser http://<server>/something.seam). ## if i logged in - everythings ok, _#\{somethingList.onCreate()\}_ will be called and component will be constructed(in server.log will be printed "_loggedIn=true_") ## if my session expires and i try to get http://<server>/something.seam i will be redirected to my login page(http://<server>/login.seam) and method _#\{somethingList.onCreate()\}_ not will be executed - everythings ok # With ajax(clicked a4j:commandLink on the page _something.seam_) method _#\{somethingList.onCreate()\}_ always will be called ## if i logged in, _#\{somethingList.onCreate()\}_ will be called and component will be constructed(in server.log will be printed "_loggedIn=true_") ## if my session expires(or called _#\{identity.logout\}_ on another browser tab) and i click on a4j:commandLink method _#\{somethingList.onCreate()\}_ will be called and component *NOT* will be constructed(in server.log will be printed "_loggedIn=false_" and NullPointerException) and i will be redirected to my login page(http://<server>/login.seam). Why method _#\{somethingList.onCreate()\}_ calling on ajax reguests if user not logged in(in something.page.xml login-required="true")? I think doesn't matter ajax request or get request, in both way seam must redirects user on login page and *DO NOT* call component methods! -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira