[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-888) Various security/login-related issues

Christian Bauer (JIRA) jira-events at lists.jboss.org
Tue Feb 20 09:03:41 EST 2007 

    [ http://jira.jboss.com/jira/browse/JBSEAM-888?page=comments#action_12353627 ] 
            
Christian Bauer commented on JBSEAM-888:
----------------------------------------

About 4: I found a hack:

<pages view-login-id="/fakeLogin.xhtml">
    <page view-id="/fakeLogin.xhtml" action="#{browser.redirectToLastBrowsedPageWithConversation()}"/>

And this method does redirect.execute() to _my_ last browsed page, so I can show the message there. It's simply not letting the user "forward".



> Various security/login-related issues
> -------------------------------------
>
>                 Key: JBSEAM-888
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-888
>             Project: JBoss Seam
>          Issue Type: Bug
>          Components: Security
>            Reporter: Christian Bauer
>            Priority: Minor
>
> Various issues I found while using the new security stuff:
> 1. NPE in RuleBasedIdentity, line 155: getSecurityContext().assertObject(new Role(role)); if the security-rules.drl can't be found.
> 2. Do we need to call modify(c) on the RHS after c.grant() or not? The 12.5.3 example doesn't have it.
> 3. The copy/pasted seamspace example in the "Securing Entities" section is very cryptic. Please don't use variable names such as "nm" and "mbr" in examples. Good documentation also means that every code snippet is explained after the code block.
> 4. The exception handling doesn't allow me to simply re-render the page, I need to do a redirect. I don't want this if my default page template has a login box always present (so I don't need login.xhtml) and if my default template can show global faces messages ("You don't have permission to do this"). In fact, the whole redirect/captureView stuff conflicts with my application because I'm already using it to keep my own navigation history. I can't use it to redirect/return from and to some login page.
> Example of the last issue: User browses documents, clicks on EDIT, is redirected to the Login page, is redirected to the EDIT page. Now I've lost my history and can't redirect the user back to browsing the document when he exists the EDIT page.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list