bwilly created SEAMSECURITY-140:
-----------------------------------
Summary: View Restriction does not seem to execute on
PhaseIdType.RENDERRESPONSE
Key: SEAMSECURITY-140
URL: https://issues.jboss.org/browse/SEAMSECURITY-140
Project: Seam Security
Issue Type: Bug
Affects Versions: 3.1.0.Final
Environment: JBoss AS 7
Reporter: bwilly
The first request for a restricted view will always render. But actions on that
page will result in a @AccessDeniedView outcome -- the proper outcome.
And the cycle is endless. For example, if in,say, the nav, I have a link to
myRestrictedView.xhtml and I click it, the restricted view will render (when it
should not). But, now that I am on the restricted view page, if I click from
the nav myRestrictedView.xhtml, I will be routed to a denied view page. Now
that I am no longer on a restricted view, if i click the very same link in the
nav, the myRestrictedView.xhtml will render.
I have a theory the the PhaseIdType.RESTOREVIEW is honoring the authorization
restricted view, but not the PhaseIdType.RENDERRESPONSE. Thus, when on the
restricted page and an action is clicked, I am bounced from the page b/c
PhaseIdType.RESTOREVIEW kicks me out, but when PhaseIdType.RESTOREVIEW does not
execute for this page, then the view is rendered.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues
