0 Replies Latest reply on Feb 21, 2011 3:51 PM by dish13

    Problem securing pages with implied permission

    dish13
    dish13 Feb 21, 2011 3:51 PM

      I'm trying to secure the pages using the implied permission as it is mentioned in the documentation: 15.6.4. Securing pages.


      I added 


      <page view-id="/order.xhtml">
    <restrict/>
</page>



      The docs mention the 'render' and the 'restore' actions. For the '/settings.xhtml' example it describes:



      This page has an implied permission of /settings.xhtml:render required for non-faces requests and an implied permission of /settings.xhtml:restore for faces requests.


      I added the following to the security.drl.



      rule RepRule
     no-loop
     activation-group "permissions"
when
     check1: PermissionCheck(name == "/admin/orders.xhtml:render", granted == false)
        check2: PermissionCheck(name == "/admin/orders.xhtml:restore", granted == false)
     //Role(name == "Rep")
then
     check1.grant();
     check2.grant();
end



      And the following lines in the pages.xml.



      <page login-required="true" view-id="/admin/orders.xhtml">
    <restrict/>
</page>




      But I still get the org.jboss.seam.security.AuthorizationException.



      • 165 Views
      • Tags: