Hi, I've encountered quite strange Seam behavior in my project.
I setup security framework and it works great for restricting access to mehods
(in EJB) and to UI elements (in *.xhtml with s:hasRole).
All security exceptions redirected to default security page.
Now I setup page security in page.xml:
| <page view-id="/page1.xhtml" login-required="true">
| <restrict>#{s:hasRole('admin')}</restrict>
| </page>
|
Access to this page granted although I see AuthorizationException in log file.
If I redefine default exception page:
| <exception class="org.jboss.seam.security.AuthorizationException">
| <end-conversation/>
| <redirect view-id="/error.xhtml">
| <message severity="WARN">Access denied</message>
| </redirect>
| </exception>
|
Than access to page1 restricted and I redirected to error.xhtml.
Did I miss something and exception page definition is mandatory for security
configuration in page.xml?
My environment is glassfish-v2 and jboss-seam 2.0.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4097380#4097380
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4097380
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
