[jboss-user] [JBoss Seam] - restrict tag in pages.xml
slavach
do-not-reply at jboss.com
Mon Oct 22 05:49:31 EDT 2007
Hi, I've encountered quite strange Seam behavior in my project.
I setup security framework and it works great for restricting access to mehods
(in EJB) and to UI elements (in *.xhtml with s:hasRole).
All security exceptions redirected to default security page.
Now I setup page security in page.xml:
| <page view-id="/page1.xhtml" login-required="true">
| <restrict>#{s:hasRole('admin')}</restrict>
| </page>
|
Access to this page granted although I see AuthorizationException in log file.
If I redefine default exception page:
| <exception class="org.jboss.seam.security.AuthorizationException">
| <end-conversation/>
| <redirect view-id="/error.xhtml">
| <message severity="WARN">Access denied</message>
| </redirect>
| </exception>
|
Than access to page1 restricted and I redirected to error.xhtml.
Did I miss something and exception page definition is mandatory for security configuration in page.xml?
My environment is glassfish-v2 and jboss-seam 2.0.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4097380#4097380
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4097380
More information about the jboss-user
mailing list