[seam-issues] [JBoss JIRA] (JBSEAM-5139) Attribute login-required="true" is ignored in *.page.xml file with ajax requests
alexey plotnikov (JIRA)
issues at jboss.org
Tue Mar 18 04:12:10 EDT 2014
alexey plotnikov created JBSEAM-5139:
----------------------------------------
Summary: Attribute login-required="true" is ignored in *.page.xml file with ajax requests
Key: JBSEAM-5139
URL: https://issues.jboss.org/browse/JBSEAM-5139
Project: Seam 2
Issue Type: Feature Request
Affects Versions: 2.3.1.Final
Reporter: alexey plotnikov
I use:
Jboss Seam 2.3.1.Final, Richfaces 4.3.5.Final.
# something.xhtml page:
{code}
<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:s="http://jboss.org/schema/seam/taglib"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:rich="http://richfaces.org/rich"
xmlns:a4j="http://richfaces.org/a4j"
template="/layout/wide_template.xhtml">
<ui:define name="content">
<h:form>
<a4j:commandLink execute="@form" status="common_status" render="mainList,pages" value="#{messages['pages.refresh']}"/>
.............................
{code}
# something.page.xml file:
{code}
<?xml version="1.0" encoding="UTF-8"?>
<page xmlns="http://jboss.org/schema/seam/pages"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://jboss.org/schema/seam/pages http://jboss.org/schema/seam/pages-2.3.xsd"
login-required="true" action="#{somethingList.find}">
<restrict>#{permissions.hasPermission('somethingList','list')}</restrict>
<param name="order" value="#{somethingList.order}" required="false"/>
</page>
{code}
# seam component SomethingList.java:
{code}
@Name("somethingList")
@Scope(ScopeType.EVENT)
@BypassInterceptors
public class SomethingList {
.......
@Create
public void onCreate() {
System.out.println("loggedIn="+ Identity.instance().isLoggedIn());
Contexts.getSessionContext().get("obj").toString();
//SOMETHING LOGIC
.........................
}
....
}
{code}
Two situations:
# No ajax, usually GET request for page _something.seam_(in browser http://<server>/something.seam).
## if i logged in - everythings ok, _#\{somethingList.onCreate()\}_ will be called and component will be constructed(in server.log will be printed "_loggedIn=true_")
## if my session expires and i try to get http://<server>/something.seam i will be redirected to my login page(http://<server>/login.seam) and method _#\{somethingList.onCreate()\}_ not will be executed - everythings ok
# With ajax(clicked a4j:commandLink on the page _something.seam_) method _#\{somethingList.onCreate()\}_ always will be called
## if i logged in, _#\{somethingList.onCreate()\}_ will be called and component will be constructed(in server.log will be printed "_loggedIn=true_")
## if my session expires(or called _#\{identity.logout\}_ on another browser tab) and i click on a4j:commandLink method _#\{somethingList.onCreate()\}_ will be called and component *NOT* will be constructed(in server.log will be printed "_loggedIn=false_" and NullPointerException) and i will be redirected to my login page(http://<server>/login.seam).
Why method _#\{somethingList.onCreate()\}_ calling on ajax reguests if user not logged in(in something.page.xml login-required="true")? I think doesn't matter ajax request or get request, in both way seam must redirects user on login page and *DO NOT* call component methods!
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list