[seam-issues] [JBoss JIRA] Created: (SEAMFACES-209) Security integration shows denied pages
Nicklas Karlsson (JIRA)
jira-events at lists.jboss.org
Thu Sep 22 05:25:26 EDT 2011
Security integration shows denied pages
---------------------------------------
Key: SEAMFACES-209
URL: https://issues.jboss.org/browse/SEAMFACES-209
Project: Seam Faces
Issue Type: Bug
Components: Security
Affects Versions: 3.1.0.Beta2
Reporter: Nicklas Karlsson
I have a @ViewConfig and security annotated page that fails the auth check but the code in SecurityPhaseListener
private void redirectToAccessDeniedView(FacesContext context, UIViewRoot viewRoot) {
// If a user has already done a redirect and rendered the response (possibly in an observer) we cannot do this output
if (!(context.getResponseComplete() || context.getRenderResponse())) {
quietly fails the check and then proceeds to render the page. It should perhaps throw an exception or take some other actions to at least deny the page.
In an unrelated note, I can't see where response output would be produced since I just edited the browser url and pointed it at a forbidden page...
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list