2 Replies Latest reply on Feb 16, 2009 9:30 AM by jagin

    Page request parameters and 'restrict'

    jagin Feb 16, 2009 8:11 AM

      Hi,


      I have an issueView.page.xml like this


      <?xml version="1.0" encoding="UTF-8"?>
<page xmlns="http://jboss.com/products/seam/pages"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.1.xsd"
      login-required="true">
     
     <param name="issueId" value="#{issueHome.issueId}" required="true"/>

    <restrict >#{s:hasPermission(issueHome.instance, 'view')}</restrict>

        <navigation>
        .
        .
     </navigation>

</page>



      The problem is that 'restrict' part is always trigered before the page parameters are properly set, giving me issueHome.instance set to empty Issue object so the permission check doesn't work properly.


      Is this the way 'restrict' should work? Or am I missing something?


      Regards


      Jarek

      • 147 Views
      • Tags:
        • 1. Re: Page request parameters and 'restrict'
          jagin Feb 16, 2009 8:26 AM (in response to jagin)

          After more investigation i was partly wrong.


          With GET request it works properly but I have some Ajax action (rich:simpleTogglePanel with switchType set to 'ajax') and i don't know how to set issueHome.issueId before restriction check?


          Any hints?

            • Actions
          • 2. Re: Page request parameters and 'restrict'
            jagin Feb 16, 2009 9:30 AM (in response to jagin)

            It alsow looks that 'restrict' is triggered before param set on form POST.


            Normally on GET request i have something like this in a log file:


            09:20:13,296 INFO  [IssueHome] setIssueId id = 1361 (log from issueHome.setIssueId)
09:20:13,437 INFO  [STDOUT] IssueView (log from Drools IssueView rool)



            I've put the form on my IssueView.xhtml like:


                            <h:form >
                        <h:inputText id="projectId" value="#{projectHome.instance.id}" />
                        <h:commandButton value="OK" />
                </h:form >



            After submission the form i have in the log:


            org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#{s:hasPermission(issueHome.instance, 'view')}]



            There is no setIssueId.


            I have change Drool rool to always grant the permission and on the POST the log shows:




            It looks 


            09:25:13,237 INFO  [STDOUT] IssueView (log from Drools IssueView rool)
09:25:13,496 INFO  [IssueHome] setIssueId id = 1361 (log from issueHome.setIssueId)



            Why?

              • Actions