bwilly created SEAMSECURITY-140: ----------------------------------- Summary: View Restriction does not seem to execute on PhaseIdType.RENDERRESPONSE Key: SEAMSECURITY-140 URL: https://issues.jboss.org/browse/SEAMSECURITY-140 Project: Seam Security Issue Type: Bug Affects Versions: 3.1.0.Final Environment: JBoss AS 7 Reporter: bwilly The first request for a restricted view will always render. But actions on that page will result in a @AccessDeniedView outcome -- the proper outcome. And the cycle is endless. For example, if in,say, the nav, I have a link to myRestrictedView.xhtml and I click it, the restricted view will render (when it should not). But, now that I am on the restricted view page, if I click from the nav myRestrictedView.xhtml, I will be routed to a denied view page. Now that I am no longer on a restricted view, if i click the very same link in the nav, the myRestrictedView.xhtml will render. I have a theory the the PhaseIdType.RESTOREVIEW is honoring the authorization restricted view, but not the PhaseIdType.RENDERRESPONSE. Thus, when on the restricted page and an action is clicked, I am bounced from the page b/c PhaseIdType.RESTOREVIEW kicks me out, but when PhaseIdType.RESTOREVIEW does not execute for this page, then the view is rendered. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira