I found thath in Seam 2.1.1 it isn't possible to specify an exception handler that redirects without adding a faces message.
Here's what I tried:
<exception class="org.jboss.seam.security.AuthorizationException"> <end-conversation/> <redirect view-id="/security.xhtml"> <message/> </redirect> </exception>
However Seam happily ignores the empty <message> tag and adds a default message Authorization check failed for expression [false]
.
Is there a sensible reason to ignore my configuration?
What should an end user make of the message that she is not allowed to expression [false]
?
I still do want other FacesMessage to show on my failed-authorization-page.
After changing the getDisplayMessage in org.jboss.seam.faces.Navigator, so that it does
if ( message == null && e.getMessage()!=null )
instead of
if ( Strings.isEmpty(message) && e.getMessage()!=null )
I get the desired behaviour: A default message if the <message> tag is missing, no message with an empty tag and the configured message else.
Ok to file a Jira issue? Will somebody actually make the proposed change in the code base?
BTW:
This reveals another bug: The exception is created with the correct
message
Authorization check failed for expression [#{s:hasPermission('app', 'editContactData')}]
However StatusMessages.addToControl() interpolates
the EL expression.
Another Jira issue?