[jboss-user] [JBoss Seam] - Help restrict access to pages before login
rmemoria
do-not-reply at jboss.com
Tue Feb 13 14:23:32 EST 2007
Hi all,
I've upgraded SEAM from 1.1.5 to 1.1.6.
All I want is to restrict access to some pages before the user login (in this example, restrict access to /admin.xhtml page). This is my config
components.xml
<security:identity authenticate-method="#{authenticator.login}"/>
|
| <event type="org.jboss.seam.notLoggedIn">
| <action expression="#{redirect.captureCurrentView}"/>
| </event>
| <event type="org.jboss.seam.postAuthenticate">
| <action expression="#{redirect.returnToCapturedView}"/>
| </event>
|
pages.xml
<pages>
|
| <page view-id="/admin.xhtml" >
| <restrict />
| </page>
|
| <page view-id="*">
| <navigation>
| <rule if-outcome="home">
| <redirect view-id="/index.xhtml"/>
| </rule>
| </navigation>
| </page>
|
| <page view-id="/login.xhtml">
| <navigation from-action="#{identity.login}">
| <rule if-outcome="success">
| <redirect view-id="/index.xhtml"/>
| </rule>
| </navigation>
| </page>
|
| <exception class="javax.persistence.EntityNotFoundException">
| <redirect view-id="/error.xhtml">
| <message>Not found</message>
| </redirect>
| </exception>
|
| <exception class="javax.persistence.OptimisticLockException">
| <end-conversation/>
| <redirect view-id="/error.xhtml">
| <message>Another user changed the same data, please try again</message>
| </redirect>
| </exception>
|
| <exception class="org.jboss.seam.security.AuthorizationException">
| <redirect>
| <message>You don't have permission to do this</message>
| </redirect>
| </exception>
|
| <exception class="org.jboss.seam.security.NotLoggedInException">
| <redirect view-id="/pub/login.xhtml">
| <message>Please log in first</message>
| </redirect>
| </exception>
|
| <exception>
| <redirect view-id="/error.xhtml">
| <message>Unexpected error, please try again</message>
| </redirect>
| </exception>
|
| </pages>
and part of my login.xhtml
<tr><td colSpan="2"><h:messages styleClass="erro" layout="table"/> </td></tr>
| <tr>
| <td>#{messages.user_login}: </td>
| <td><h:inputText id="nome" value="#{identity.username}" ></h:inputText></td>
| </tr>
| <tr>
| <td>#{messages.password}: </td>
| <td><h:inputSecret value="#{identity.password}" /></td>
| </tr>
| <tr>
| <td></td>
| <td><h:commandButton id="btnOk" value="#{messages.enter}" action="#{identity.login}"></h:commandButton></td>
| </tr>
If I try to access /admin.xhtml before login, the system redirects to /login.xhtml. That's ok!
After a successful login nothing happens but if I check JBOSS console I see the same exception being raised in an infinite loop forcing me to stop the server:
18:08:04,765 ERROR [SeamPhaseListener] uncaught exception
| org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#{s:hasPermission('/admin.xhtml', 'render', null)}]
| at org.jboss.seam.security.Identity.checkRestriction(Identity.java:174)
| at org.jboss.seam.pages.Page.enter(Page.java:186)
| at org.jboss.seam.core.Pages.enterPage(Pages.java:239)
| at org.jboss.seam.jsf.AbstractSeamPhaseListener.enterPage(AbstractSeamPhaseListener.java:242)
| at org.jboss.seam.jsf.AbstractSeamPhaseListener.beforeRender(AbstractSeamPhaseListener.java:193)
| at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:57)
I guess the reason is the <restrict/ tag inside the /admin.xhtml page in pages.xml, but it was the only way I found to redirect to the login page if the user isn't logged.
Any help????
Ricardo Memória
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4015983#4015983
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4015983
More information about the jboss-user
mailing list