Andries Ehlers created SEAMFACES-243: ---------------------------------------- Summary: ViewConfig not working unless <f:metadata> specified on page Key: SEAMFACES-243 URL: https://issues.jboss.org/browse/SEAMFACES-243 Project: Seam Faces Issue Type: Bug Components: View Configuration Affects Versions: 3.1.0.Final Environment: Kubuntu Linux Reporter: Andries Ehlers I created a custom SecurityBindingType as follows {code:title=ActiveUser.java|borderStyle=solid} @SecurityBindingType @Retention(RetentionPolicy.RUNTIME) @Target({ElementType.FIELD, ElementType.TYPE, ElementType.METHOD}) @Documented public @interface ActiveUser { } {code} with the following authentication method: {code:title=SecurityRestrictions.java|borderStyle=solid} @Secures @ActiveUser public boolean isActiveUser(Identity identity) { // always returns false just to test that security works... return false; } {code} I then use this type in the following file which is annotated with @ViewConfig {code:title=Bar.java|borderStyle=solid} @ViewConfig public interface Pages { static enum Pages1 { @ViewPattern("/pages/secured/profile/*") @LoginView("/pages/public/login.xhtml?faces-redirect=true") @AccessDeniedView("/pages/secured/home/home.xhtml?faces-redirect=true") @FacesRedirect @LoggedIn @ActiveUser SECURED_PROFILE; } } {code} In the profile folder is a file called UserProfile.xhtml, as follows: {code:xml} <ui:composition xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:forgeview="http://jboss.org/forge/view" xmlns:c="http://java.sun.com/jsp/jstl/core" xmlns:a4j="http://richfaces.org/a4j" xmlns:s="http://jboss.org/seam/faces" xmlns:p="http://primefaces.org/ui" template="/resources/template/master_template.xhtml"> <ui:define name="content"> CONTENT HERE </ui:define> </ui:composition> {code} When running the application, the security for the @LoggedIn seems to work, but security for the @ActiveUser does not work at all. However, when I include the following code above the <ui:define...> tag in the profile page above, it suddenly works (any viewParam makes security magically work - why??). {code:xml} <f:metadata> <f:viewParam name="i_have_no_idea_why_i_should_put_this_here_param" value="" /> </f:metadata> {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira