6 Replies Latest reply on Apr 23, 2009 11:09 AM by jagin

    Page restrict tag, Ajax call and POST parameter

    jagin Apr 22, 2009 8:59 AM

      Hi,


      I have an issueView.page.xml like this:


      <?xml version="1.0" encoding="UTF-8"?>
<page xmlns="http://jboss.com/products/seam/pages"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.1.xsd"
      login-required="true">
     
        <param name="issueId" value="#{issueHome.issueId}" required="true"/>

        <restrict >#{s:hasPermission(issueHome.instance, 'view')}</restrict>

        <navigation>
        .
        .
        </navigation>

</page>



      The problem is that 'restrict' part is always trigered before the page parameters are properly set with Ajax call on the page, giving me issueHome.instance set to empty Issue object so the permission check doesn't work properly.


      Is this the way 'restrict' should work? Or am I missing something?


      It alsow looks that 'restrict' is triggered before param set on form POST.


      Normally on GET request i have something like this in a log file: 


      09:20:13,296 INFO  [IssueHome] setIssueId id = 1361 (log from issueHome.setIssueId)
09:20:13,437 INFO  [STDOUT] IssueView (log from Drools IssueView rool)



      I've put the form on my IssueView.xhtml like: 


                      <h:form >
                        <h:inputText id="projectId" value="#{projectHome.instance.id}" />
                        <h:commandButton value="OK" />
                </h:form >



      After submission the form i have in the log: 


      org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#{s:hasPermission(issueHome.instance, 'view')}]



      There is no setIssueId.


      I have change Drool rool to always grant the permission and on the POST the log shows:


      It looks 


      09:25:13,237 INFO  [STDOUT] IssueView (log from Drools IssueView rool)
09:25:13,496 INFO  [IssueHome] setIssueId id = 1361 (log from issueHome.setIssueId)



      Why?


      P.S
      I'm using SEAM 2.1.1.GA

        • 1. Re: Page restrict tag, Ajax call and POST parameter
          jagin Apr 22, 2009 12:03 PM (in response to jagin)

          It would be nice to have something like:


          <restrict on-postback="false">

            • Actions
          • 2. Re: Page restrict tag, Ajax call and POST parameter
            jagin Apr 23, 2009 8:10 AM (in response to jagin)

            I have added a JIRA issue:


            https://jira.jboss.org/jira/browse/JBSEAM-4141


            I hope that it will be solved somehow. It's a big blockage in my project.


            restrich tag with some request parameter dependent objects is useless on page with ajax-POST action.


            Regards


            Jarek

              • Actions
            • 3. Re: Page restrict tag, Ajax call and POST parameter
              accless
              accless Apr 23, 2009 9:22 AM (in response to jagin)

              Hi Jarek,


              in your case i would suggest a work around



              First Option


              <h:inputText id="projectId" value="#{projectHome.instance.id}" />
<h:commandButton value="OK">
    <a:actionparam name="projectId" value="$('projectId').value" noEscape="true" assignTo="#{projectHome.instance.id}/>
</h:commandButton>


              the value of the actionparam should be assigned during the apply-request-value phase of the jsf-life-cyble and right before the restriction is evaluated


              Second option


              Just make a dummy method and place the restriction as an annotation on that method and remove it from the page.xml.
              This will ensure the same order as described in the first option



               <h:form >
      <h:inputText id="projectId" value="#{projectHome.instance.id}" />
         <h:commandButton value="OK" action="myDummyRestrictionMethod"/>
  </h:form >



              greetings


                • Actions
              • 4. Re: Page restrict tag, Ajax call and POST parameter
                jagin Apr 23, 2009 9:47 AM (in response to jagin)

                That's ok with some form on the page. Thanx


                But on my IssueView.xhtml i show some issue details and i have


                          <rich:simpleTogglePanel id="auditTogglePanel" opened="false"
               switchType="ajax" label="#{messages['revisionHistory']}"
               action="#{revisionManager.loadRevisionEntries(instance)}">
               .
               .
               .
          </rich:simpleTogglePanel>



                for the issue change history. This panel is closed by default and is opened by ajax call.
                So going to IssueView.xhtml by by GET request like http://localhost:8080/myapp/issue/view/4449
                is OK for restriction. But after ajax opening the toggle panel i got permission exception because
                issueHome is not initialized properly before restriction check.

                  • Actions
                • 5. Re: Page restrict tag, Ajax call and POST parameter
                  accless
                  accless Apr 23, 2009 10:07 AM (in response to jagin)

                  u are using converstions, right?


                  are u sending the conversationId as well?


                  u should put the 


                  <s:conversationId/>



                  to all ajax-components.


                    • Actions
                  • 6. Re: Page restrict tag, Ajax call and POST parameter
                    jagin Apr 23, 2009 11:09 AM (in response to jagin)

                    No, i am not using long term conversation. It is a simple view page with object id param.


                    Where shoud I put 


                    <s:conversationId/>




                    for 


                    <rich:simpleTogglePanel>




                    I tried to put it inside the tag and also to wrap it with h:form and put s:conversationId inside h:form. It's not working.


                      • Actions