Hi,
I've just generated project using seam-gen, now I'm trying use security features.
I've changed only one file in my project:
myproject/resources/WEB-INF/pages.xml
...
<pages xmlns="http://jboss.com/products/seam/pages"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://jboss.com/products/seam/security"
xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products /seam/pages-2.1.xsd"
no-conversation-view-id="/home.xhtml"
login-view-id="/login.xhtml">
...
<page view-id="/List.xhtml" login-required="true">
<restrict>#security:hasRole('ultra-user')</restrict>
</page>
...
<exception class="org.jboss.seam.security.AuthorizationException">
<redirect view-id="/error.xhtml">
<message severity="error">You don't have permission to access this resource</message>
</redirect>
</exception>
<exception class="org.jboss.seam.security.NotLoggedInException">
<redirect view-id="/login.xhtml">
<message severity="warn">#{messages['org.jboss.seam.NotLoggedIn']}</message>
</redirect>
</exception>
...and there is entry in myproject/resources/WEB-INF/components.xml:
...
<security:rule-based-permission-resolver security-rules="#{securityRules}"/>
<security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true"/>
...My expectation would be that:
- when I'm not logged in and try to enter url http://localhost:8080/myproject/List.seam I would be redirected to login screen - this is not happening
- only user which is in role ultra-user can access page with address - since I'm not logging in user is not is this role but I can steel open that page
- exception should be thrown in log file org.jboss.seam.security.NotLoggedInException or org.jboss.seam.security.AuthorizationException - not of them appears in my log file.
Is there some special setting that I must to switch after generating project using seam-gen that these security option will work in pages.xml ?
Regards.
