[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-1987) <restrict> in pages.xml has no effect

Shane Bryzak (JIRA) jira-events at lists.jboss.org
Thu Sep 27 20:08:40 EDT 2007

     [ http://jira.jboss.com/jira/browse/JBSEAM-1987?page=all ]

Shane Bryzak updated JBSEAM-1987:

    Fix Version/s: 2.0.0.CR2

> <restrict> in pages.xml has no effect
> -------------------------------------
>                 Key: JBSEAM-1987
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-1987
>             Project: JBoss Seam
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.0.0.CR1
>            Reporter: Samuel Mendenhall
>         Assigned To: Shane Bryzak
>            Priority: Critical
>             Fix For: 2.0.0.CR2
> Default seam-gen'd project
> Create a page called restricted.xhtml
> Add to pages.xml:
> <page view-id="/restricted.xhtml" login-required="true">
> 	<restrict>#{s:hasRole('doesNotExist')}</restrict>
> </page>
> Logging in will by default give the user the 'admin' role, but the user can still access the page even without the doesNotExist role.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the seam-issues mailing list