Help restrict access to pages before login
Hi all,
I've upgraded SEAM from 1.1.5 to 1.1.6.
All I want is to restrict access to some pages before the user login (in this example, restrict access to /admin.xhtml page). This is my config
components.xml
<security:identity authenticate-method="#{authenticator.login}"/>
<event type="org.jboss.seam.notLoggedIn">
<action expression="#{redirect.captureCurrentView}"/>
</event>
<event type="org.jboss.seam.postAuthenticate">
<action expression="#{redirect.returnToCapturedView}"/>
</event>
pages.xml
<pages>
<page view-id="/admin.xhtml" >
<restrict />
</page>
<page view-id="*">
<navigation>
<rule if-outcome="home">
<redirect view-id="/index.xhtml"/>
</rule>
</navigation>
</page>
<page view-id="/login.xhtml">
<navigation from-action="#{identity.login}">
<rule if-outcome="success">
<redirect view-id="/index.xhtml"/>
</rule>
</navigation>
</page>
<exception class="javax.persistence.EntityNotFoundException">
<redirect view-id="/error.xhtml">
<message>Not found</message>
</redirect>
</exception>
<exception class="javax.persistence.OptimisticLockException">
<end-conversation/>
<redirect view-id="/error.xhtml">
<message>Another user changed the same data, please try again</message>
</redirect>
</exception>
<exception class="org.jboss.seam.security.AuthorizationException">
<redirect>
<message>You don't have permission to do this</message>
</redirect>
</exception>
<exception class="org.jboss.seam.security.NotLoggedInException">
<redirect view-id="/pub/login.xhtml">
<message>Please log in first</message>
</redirect>
</exception>
<exception>
<redirect view-id="/error.xhtml">
<message>Unexpected error, please try again</message>
</redirect>
</exception>
</pages>and part of my login.xhtml
<tr><td colSpan="2"><h:messages styleClass="erro" layout="table"/> </td></tr>
<tr>
<td>#{messages.user_login}: </td>
<td><h:inputText id="nome" value="#{identity.username}" ></h:inputText></td>
</tr>
<tr>
<td>#{messages.password}: </td>
<td><h:inputSecret value="#{identity.password}" /></td>
</tr>
<tr>
<td></td>
<td><h:commandButton id="btnOk" value="#{messages.enter}" action="#{identity.login}"></h:commandButton></td>
</tr>If I try to access /admin.xhtml before login, the system redirects to /login.xhtml. That's ok!
After a successful login nothing happens but if I check JBOSS console I see the same exception being raised in an infinite loop forcing me to stop the server:
18:08:04,765 ERROR [SeamPhaseListener] uncaught exception
org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#{s:hasPermission('/admin.xhtml', 'render', null)}]
at org.jboss.seam.security.Identity.checkRestriction(Identity.java:174)
at org.jboss.seam.pages.Page.enter(Page.java:186)
at org.jboss.seam.core.Pages.enterPage(Pages.java:239)
at org.jboss.seam.jsf.AbstractSeamPhaseListener.enterPage(AbstractSeamPhaseListener.java:242)
at org.jboss.seam.jsf.AbstractSeamPhaseListener.beforeRender(AbstractSeamPhaseListener.java:193)
at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:57)I guess the reason is the <restrict/ tag inside the /admin.xhtml page in pages.xml, but it was the only way I found to redirect to the login page if the user isn't logged.
Any help????
Ricardo Memória
