-
1. Re: Seam vs Spring Security - How to restrict http path without using pages xml
shane.bryzak Mar 5, 2009 10:49 PM (in response to infinity2heaven)You can set the restrictions programatically using Page.setRestriction(). To get the page, use Pages.getPage().
-
2. Re: Seam vs Spring Security - How to restrict http path without using pages xml
infinity2heaven Mar 6, 2009 6:49 AM (in response to infinity2heaven)getPage() is not a static method. How do I get hold of the
Pages
reference loaded at startup? -
3. Re: Seam vs Spring Security - How to restrict http path without using pages xml
zergspirit Mar 6, 2009 10:13 AM (in response to infinity2heaven)Well, try Pages.instance().getPage() I'd say.
-
4. Re: Seam vs Spring Security - How to restrict http path without using pages xml
infinity2heaven Mar 6, 2009 4:23 PM (in response to infinity2heaven)this doesn't work. (added in seam jpa hotel booking example)
@Name("initHttp") @Scope(ScopeType.APPLICATION) @Startup public class InitHttpPathRoles { public void init() { Pages pages = Pages.instance(); Page page = pages.getPage("//main.xhtml"); page.setRestriction("#{s:hasRole('rewardsuser')"); } }
Suggestions
-
5. Re: Seam vs Spring Security - How to restrict http path without using pages xml
zergspirit Mar 6, 2009 5:00 PM (in response to infinity2heaven)Try that:
@Startup(depends="org.jboss.seam.navigation.pages")
So your Component wait for the Pages to be created first.
-
6. Re: Seam vs Spring Security - How to restrict http path without using pages xml
infinity2heaven Mar 6, 2009 6:55 PM (in response to infinity2heaven)I did the same. init() method never gets called (checked with my logger)
Any suggestions?
-
7. Re: Seam vs Spring Security - How to restrict http path without using pages xml
zergspirit Mar 7, 2009 1:21 PM (in response to infinity2heaven)Well, as far as I can see on your code, this can't work, you'd need to annotate your init() method with @Create if you want it to be called automatically at Component's creation.
-
8. Re: Seam vs Spring Security - How to restrict http path without using pages xml
infinity2heaven Mar 9, 2009 7:45 PM (in response to infinity2heaven)component is created now, however this line - page.setRestriction("#{s:hasRole('rewardsuser')"); doesn't seem to restrict the page main.html.
What am I missing?
-
9. Re: Seam vs Spring Security - How to restrict http path without using pages xml
3du4rd Sep 25, 2009 4:53 PM (in response to infinity2heaven)Hi, Priya
Have you able to resolve this error?
I have the same problem and I have tried several things but ever with the same results..:(
I see that sharp symbol don't works correctly in the restriction string.
Thanks for some help!!!
-
10. Re: Seam vs Spring Security - How to restrict http path without using pages xml
luxspes Sep 25, 2009 9:16 PM (in response to infinity2heaven)
Priya M wrote on Mar 05, 2009 22:02:
I need to restrict http paths via database rather than an xml file since its so much easier to test, develop and manage. Currently Seam's page restriction seems to be tied <restrict/> tags all over pages.xml. How do I override this default behavior by adding my own database lookup?
What's the alternative in Seam?It is really quite simple, the <restrict/> tag does not really restrict things, it just means that you want seam to verify if the currently logged-in user has permission to access the resources. You can
restrict
every page under a folder by writing:<page view-id="/restrictedArea/*" login-required="true" > <restrict/> </page>
But actual restriction happens at the permission resolver components when the particular pages inside that folder are accessed, if you want to check against the database (like me) just define your own permission resolver, Seam will automatically detect it and it will automatically call its methods to verify if the current user has access:
@Name("myPermissionResolver ") public class MyPermissionResolver implements org.jboss.seam.security.permission.PermissionResolver { public void filterSetByAction(Set<Object> targets, String action) { Identity identity = Identity.instance(); if (!identity.isLoggedIn()) return; Iterator<Object> iter = targets.iterator(); while (iter.hasNext()) { Object target = iter.next(); if (hasPermission(target, action)) { iter.remove(); } } } public boolean hasPermission(Object target, String action) { //Write here the code to check access against the database } }
-
11. Re: Seam vs Spring Security - How to restrict http path without using pages xml
3du4rd Sep 28, 2009 6:23 PM (in response to infinity2heaven)Thanks Francisco!
Another favor, could you tell me how to define Custom Permission Resolver in Components.xml or in Seam app?
-
12. Re: Seam vs Spring Security - How to restrict http path without using pages xml
luxspes Sep 28, 2009 7:37 PM (in response to infinity2heaven)
Eduard Leandro Correa A. wrote on Sep 28, 2009 18:23:
Thanks Francisco!
Another favor, could you tell me how to define Custom Permission Resolver in Components.xml or in Seam app?Alredy told you how, there is no need to add anything into components.xml, all you have to have is a class in your project that is a Seam component (has a @Name annotation) and inherits from org.jboss.seam.security.permission.PermissionResolver like the one I posted in my previous post...
-
13. Re: Seam vs Spring Security - How to restrict http path without using pages xml
bemar Oct 15, 2010 6:49 AM (in response to infinity2heaven)Tried your example with
return true
at the hasPermission() function and got these errorException sending context initialized event to listener instance of class org.jboss.seam.servlet.SeamListener java.lang.RuntimeException: Could not create Component: myPermissionResolver at org.jboss.seam.init.Initialization.addComponent(Initialization.java:1202) at org.jboss.seam.init.Initialization.installComponents(Initialization.java:1118) at org.jboss.seam.init.Initialization.init(Initialization.java:733) at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:36) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3910) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4393) at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:310) at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:142) at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461) at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118) at org.jboss.web.deployers.WebModule.start(WebModule.java:97) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668) at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206) at $Proxy38.start(Unknown Source) at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42) at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37) at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62) at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71) at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51) at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348) at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631) at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984) at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822) at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553) at org.jboss.system.ServiceController.doChange(ServiceController.java:688) at org.jboss.system.ServiceController.start(ServiceController.java:460) at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163) at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99) at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46) at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62) at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50) at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171) at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439) at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157) at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178) at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1210) at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098) at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631) at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984) at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822) at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553) at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781) at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:702) at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117) at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:362) at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:255) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.util.concurrent.FutureTask$Sync.innerRunAndReset(Unknown Source) at java.util.concurrent.FutureTask.runAndReset(Unknown Source) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(Unknown Source) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(Unknown Source) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.IllegalStateException: not a valid Seam component name: myPermissionResolver at org.jboss.seam.Component.checkName(Component.java:266) at org.jboss.seam.Component.<init>(Component.java:220) at org.jboss.seam.Component.<init>(Component.java:205) at org.jboss.seam.init.Initialization.addComponent(Initialization.java:1186) ... 68 more 12:42:28,171 ERROR [StandardContext] Error listenerStart
My Class
package ch.bemar.creditfriend.action.helper.permission; import java.util.Iterator; import java.util.Set; import org.jboss.seam.annotations.Name; import org.jboss.seam.security.Identity; @Name("myPermissionResolver ") public class MyPermissionResolver implements org.jboss.seam.security.permission.PermissionResolver { public void filterSetByAction(Set<Object> targets, String action) { Identity identity = Identity.instance(); if (!identity.isLoggedIn()) return; Iterator<Object> iter = targets.iterator(); while (iter.hasNext()) { Object target = iter.next(); if (hasPermission(target, action)) { iter.remove(); } } } public boolean hasPermission(Object target, String action) { System.out.println("Checking target: " + target.toString()); return true; } }
Any idea what the reason could be?
Thx for your help
Ben
-
14. Re: Seam vs Spring Security - How to restrict http path without using pages xml
lvdberg Oct 15, 2010 7:13 AM (in response to infinity2heaven)Hi,
The Permission resolver should have a Session or Application scope (Seam documentation
Writing your own permission resolver
)Leo