I have now upgraded to 1.1.6.GA and this works fine.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4015512#4015512
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4015512
___
jb
Yes, the authentication method changed. You now need to provide a method that
takes no parameters (instead of the three it expected before) but still returns
a boolean. The parameters were removed in favor of directly manipulating the
identity instead - here's the example from the docs:
|
Thanks,
I tried that. It sort of worked, but I ran into problems since there was some
change in how Indentity.authorize is used - I think I read something about that
in a forum topic, but then I ran out of time.
Will get back to that a little later.
View the original post :
http://www.jboss.co
"henrik.lindberg" wrote :
| Any pointer or suggestion on how to "build from CVS and get it into your
project so you can test the latest and greates against your code" ?
It should just be a matter of replacing the seam jars with the ones that you
build from cvs.
View the original post :
ht
ok thanks - I wondered about that - now I know. Will add that.
Also made an attempt to build from CVS (which worked fine), but I did not
figure out how to use what was built instead of the 1.1.5.GA I am using in my
project. So, I continued with other things for the time being.
Any pointer or su
One other important thing to note - the following rule doesn't require the user
to be logged in (there is no role check in the conditions) - the permission
will be granted no matter what:
| canUserRenderSettings
| no-loop
| activation-group "permissions"
| when
| c: Permissio
Sounds like an idea worth trying :-)
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4010952#4010952
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4010952
___
jboss-user mailing
I tried it - does not work for me. Is it supposed to work for 1.1.5.GA, or does
this depends on things only in CVS?
This is what I have done
In security.drl
| canUserRenderSettings
| no-loop
| activation-group "permissions"
| when
| c: PermissionCheck(name == "/settings.xhtml"
Then, when I actually restrict the settings page (in pages.xml) like this:
|
|
|
|
Then I get
| 18:00:36,890 ERROR [AbstractSeamPhaseListener] Swallowing exception thrown
by page action
| org.jboss.seam.security.AuthorizationException: Authorization check failed
for expres
Which was the exception that I thought the declaration in pages.xml should
handle.
But... maybe I am confused, and what Gavin said about "fixing the exception"
actually ment that this (restricting a page as in the example) has no chance of
working until the problem with this exception is fixed
Why don't you just try using current CVS, the docs in current CVS, and the
example in current CVS, since we have fixed bugs and redesigned Seam exception
handling.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4010927#4010927
Reply to the post :
http://www.
Thanks, I will try that. It is different than what was said in the manual (in
CVS) about putting the exceptions in exceptions.xml
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4010876#4010876
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=p
"henrik.lindberg" wrote : What I don't understand is how anyone can protect a
page using the rules...
I've updated the seamspace example in CVS to include a default page restriction
- take a look at the entry for /comment.xhtml in pages.xml, and the
RestrictCommentPage rule in security-rules.dr
The files are not opened by some other application (that I know of).
Basically the things running/using/producing these files are Eclipse (JBoss
IDE), and JBoss app server.
At the moment, I can not trigger the problem on purpose - but I have a
suspicion that it may have to do with having an au
Gavin mentioned that he would be working on the exception handling to fix this
behaviour. I'm not sure why your files are locked - are they opened by any
other application?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4010611#4010611
Reply to the post :
h
I added the exception handling as suggested, but still have the same problem.
I can see that if I am not logged in I get a NotLoggedInException, and if
logged in I get an Authorization exception.
I am not redirected, there is no error page being shown, the exception is
simply swallowed by Abstr
Thanks, looked at what was in CVS. That was helpful.
If you want to improve on the text, maybe point out that the exceptions.xml
file should be under WEB-INF. (It is mentioned in the handling exceptions
section thoug - that is how I figured out where to put the file.
View the original post :
h
Your rule looks right. For security exception handling you need to configure
exceptions.xml to redirect to a login or error page. I've added a section to
the security docs (in CVS only) that briefly describes how to do this.
View the original post :
http://www.jboss.com/index.html?module=bb&o
ok...
I am really confused about what is going on.
I have this in my rules:
canUserRenderSettings
when
c: PermissionCheck(name == "/settings.xhtml", action == "render")
then
c.grant()
end;
Which if I have understood things correctly should always grant access for
everyone that wants to r
Its a problem in Seam's exception handling stuff, which I am right now in the
process of rewriting.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4010557#4010557
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4010557
__
20 matches
Mail list logo
