[seam-issues] [JBoss JIRA] Commented: (SEAMFACES-209) Security integration shows denied pages

Thursday, 22 September 2011

    [
https://issues.jboss.org/browse/SEAMFACES-209?page=com.atlassian.jira.plu...
] 

Nicklas Karlsson commented on SEAMFACES-209:
--------------------------------------------

Also, the if-check regarding whether forwarding is possible or not is probably faulty
since I'm able to do a 

	public void bad(@Observes NotAuthorizedEvent e)
	{
		navigationHandler.handleNavigation(facesContext, null,
"/accessdenied?faces-redirect=true");
		facesContext.responseComplete();
	}

and it works.

...
 Security integration shows denied pages
 ---------------------------------------

                 Key: SEAMFACES-209
                 URL: https://issues.jboss.org/browse/SEAMFACES-209
             Project: Seam Faces
          Issue Type: Bug
          Components: Security
    Affects Versions: 3.1.0.Beta2
            Reporter: Nicklas Karlsson

 I have a @ViewConfig and security annotated page that fails the auth check but the code
in SecurityPhaseListener
     private void redirectToAccessDeniedView(FacesContext context, UIViewRoot viewRoot) {
         // If a user has already done a redirect and rendered the response (possibly in
an observer) we cannot do this output
         if (!(context.getResponseComplete() || context.getRenderResponse())) {
 quietly fails the check and then proceeds to render the page. It should perhaps throw an
exception or take some other actions to at least deny the page.
 In an unrelated note, I can't see where response output would be produced since I
just edited the browser url and pointed it at a forbidden page... 
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[seam-issues] [JBoss JIRA] Commented: (SEAMFACES-209) Security integration shows denied pages