[jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-1987) <restrict> in pages.xml has no effect
[ http://jira.jboss.com/jira/browse/JBSEAM-1987?page=all ]
Shane Bryzak closed JBSEAM-1987.
--------------------------------
Resolution: Cannot Reproduce Bug
I can only reproduce this behaviour when I don't configure a view to redirect to for
an AuthorizationException, which is expected behaviour.
<exception class="org.jboss.seam.security.AuthorizationException">
<redirect view-id="/home.xhtml">
<message>You don't have permission to do this</message>
</redirect>
</exception>
<restrict> in pages.xml has no effect
-------------------------------------
Key: JBSEAM-1987
URL: http://jira.jboss.com/jira/browse/JBSEAM-1987
Project: JBoss Seam
Issue Type: Bug
Components: Security
Affects Versions: 2.0.0.CR1
Reporter: Samuel Mendenhall
Assigned To: Shane Bryzak
Priority: Critical
Fix For: 2.0.0.CR2
Default seam-gen'd project
Create a page called restricted.xhtml
Add to pages.xml:
<page view-id="/restricted.xhtml" login-required="true">
<restrict>#{s:hasRole('doesNotExist')}</restrict>
</page>
Logging in will by default give the user the 'admin' role, but the user can still
access the page even without the doesNotExist role.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira