0 Replies Latest reply on Oct 22, 2007 5:49 AM by slavach

    restrict tag in pages.xml

      Hi, I've encountered quite strange Seam behavior in my project.
      I setup security framework and it works great for restricting access to mehods
      (in EJB) and to UI elements (in *.xhtml with s:hasRole).
      All security exceptions redirected to default security page.
      Now I setup page security in page.xml:

       <page view-id="/page1.xhtml" login-required="true">
       <restrict>#{s:hasRole('admin')}</restrict>
       </page>
      


      Access to this page granted although I see AuthorizationException in log file.
      If I redefine default exception page:

       <exception class="org.jboss.seam.security.AuthorizationException">
       <end-conversation/>
       <redirect view-id="/error.xhtml">
       <message severity="WARN">Access denied</message>
       </redirect>
       </exception>
      


      Than access to page1 restricted and I redirected to error.xhtml.

      Did I miss something and exception page definition is mandatory for security configuration in page.xml?

      My environment is glassfish-v2 and jboss-seam 2.0.