I forgot to add, I want to have @Authorized annotated enums (in Viewconfig) apply to non logged in users. I understand @AccessDeniedView only works for logged in users.

So my use case is this: for non logged in users, they can access a page, depending on how security is setup for an object used in this page users will be allowed to access the page or not. If the user cannot access the page they need to be redirected to a home page. This is where I'm stuck. I might not have been clear enough in my original post.

Thanks!

Thank you Juan and Jason, please keep this thread updated. This issue is blocking me. I see some strange behavior especially when using PrettyFaces URL Mapping in ViewConfig.

Juan, Can you please send me your sample project? I want to run it and check few things in it.  hamzah0 at fastmail.us

Thanks for the update.

I'll try with the snapshot of Faces.

I get strange behavior on AS7.1 beta. It works on first deployment but not on redeployment when URL mapping annotation is used in ViewConfig. I have to delete my AS empty, data, and standalone config history, and deploy a clean build for things to work. Something iffy.

I have posted my config on prettyface forum, Lincol said my config look ok, mostly a Seam/security issue. I'm blocked on this. Also, what complicates this more, in my project we don't use a context root, the app is accessed as http://localhost:8080
so URL mapping and security are broken in Seam.

Is this an AS7 or a Seam issue?

To reproduce, If you just make a simple Seam project with one xhtml page, backed by an action class, use a security annotation to access from UI on action class, and use URLMapping in Viewconfig. you should reproduce the issue that way.  Don't use a context root in AS7.

Try to access the app via the mapped url defined in URLMapping. You'll not be able to hit the page.

Jason, your fix helped with redeploy issue. But I'm still having issues with URL mapping and security.

In pretty-config.xml I have:

        <url-mapping id="eventHome">
                <pattern value="/event/#{eventHomepage.eventId}" />
                <view-id value="/homes/eventHome.xhtml" />
        </url-mapping>

in @ViewConfig annotated enum:

                @FacesRedirect
                @ViewPattern("/homes/eventHome.xhtml")
                @Authorized
                @AccessDeniedView("/home.xhtml")
                @LoginView("/login.xhtml")
                EVENT

In viewPattern above, should I use /event or /homes/eventHome.xhtml? I think it should be  /event/ because that's the URL users will be using. is any event's Id.

/event does not work. When I use /homes/eventHome.xhtml, security gets invoked, but I get redirected to login view, which is right, but after that I should be redirected to access denied view. Seam security is not working or am I doing something wrong?

My workflow is the following: a user needs to access an event's page.

The event can be private or public. if private, the user needs to be in event's allowed group, if a user not logged in, needs to login, then user is checked to be in event's allowed group, if true grant access, else redirect to access denied view. How to accomplish this with seam security and mapped URLs with pretty faces?

An event object has a flag for isPrivate, and a list of allowed users to access it.

No, just in pretty-config.xml. I got strange behaviour when I put URL mappings in ViewConfig so I took them out and kept them in pretty-config.xml

Jason Porter wrote on Dec 19, 2011 15:59:


You have mappings in both pretty-config.xml and in @ViewConfig?

Click HELP for text formatting instructions. Then edit this text and check the preview.