-
1. Re: seam 3.1 security annotations not working
thor-k Apr 11, 2012 10:42 AM (in response to kgoedert)Hi Kelly, currently I have a similar issue and I'm curious about your setup. Have you created a @ViewConfig class?
@ViewConfig
public interface Pages
{
static enum Pages0
{
@ViewPattern("/jsf/test.xhtml")
@UrlMapping(pattern="/test)
@LoginView("/jsf/access/loginRequired.xhtml")
@AccessDeniedView("/jsf/access/accessDenied.xhtml")
@Admin
ADMIN;
}
}
In my setup, the Annotation @Admin (with additionalElementType.FIELD) is placed before the class definition (@Named @ViewScoped @Admin). If I'm not @LoggedIn I'm forwarded to loginRequired.xhtml, but never to accessDenied.xhtml. Actually my Authorizer *is* called, but even when *false* is returned, I have access to the page. Perhaps it's related to this warning:
16:38:38,281 WARN [org.jboss.seam.security.permission.SecurityRuleLoader] (http--127.0.0.1-8080-2) No security rules configured - rule base permissions will be unavailable.
Greetings
Thor
-
2. Re: seam 3.1 security annotations not working
kgoedert Apr 11, 2012 10:45 AM (in response to thor-k)Exact same situation here. If I add the @viewConfig I have the situation you described. If I remove it, I have the situation I described.
Greetings,
Kelly
-
3. Re: seam 3.1 security annotations not working
lightguard Apr 11, 2012 11:00 AM (in response to kgoedert)Do you have the security intercepter enabled?
-
4. Re: seam 3.1 security annotations not working
kgoedert Apr 11, 2012 11:03 AM (in response to lightguard)Like this?
<beans xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:s="urn:java:ee" xmlns:security="urn:java:org.jboss.seam.security"
xmlns:jaas="urn:java:org.jboss.seam.security.jaas"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://jboss.org/schema/cdi/beans_1_0.xsd">
<interceptors>
<class>org.jboss.seam.security.SecurityInterceptor</class>
</interceptors>
</beans>
Yes. As I said, the login works perfectly as does the @LoggedIn annotation. So I presume this interceptor is working.
Kelly
-
5. Re: seam 3.1 security annotations not working
baraber Apr 11, 2012 1:12 PM (in response to thor-k)Thor, you could try that in Pages :
{code}
@ViewConfig
public interface Pages
{
static enum Pages0
{
@ViewPattern("/jsf/test.xhtml")
@UrlMapping(pattern="/test)
@LoginView("/jsf/access/loginRequired.xhtml")
@AccessDeniedView("/jsf/access/accessDenied.xhtml")
@RestrictAtPhase(PhaseIdType.RESTORE_VIEW)
@Admin
ADMIN;
}
}
{code}
Note the line @RestrictAtPhase(PhaseIdType.RESTORE_VIEW)
The reason for this is more or less clear to me in the seam-faces doc, but Jason Porter explain it well in this thread : https://community.jboss.org/message/654232
But that doesn't explain why the Autorizer method is not called for kelly.
-
6. Re: seam 3.1 security annotations not working
thor-k Apr 11, 2012 1:55 PM (in response to baraber)@Richard: Thank you so much, this solved my issue.
@Kelly: Sorry for "hijacking" this thread, but your issue was similar to mine
BTW: I have no interceptors in my bean.xml:
<beans xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:s="urn:java:ee"
xmlns:security="urn:java:org.jboss.seam.security"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://jboss.org/schema/cdi/beans_1_0.xsd">
<security:IdentityImpl>
<s:modifies/>
<security:authenticatorClass>my.securityPaakcage.MyAuthenticator</security:authenticatorClass>
</security:IdentityImpl>
</beans>