5 Replies Latest reply on Feb 13, 2007 9:13 PM by Ricardo Memoria

    Help restrict access to pages before login

    Ricardo Memoria Novice

      Hi all,

      I've upgraded SEAM from 1.1.5 to 1.1.6.

      All I want is to restrict access to some pages before the user login (in this example, restrict access to /admin.xhtml page). This is my config

      components.xml

      <security:identity authenticate-method="#{authenticator.login}"/>
      
       <event type="org.jboss.seam.notLoggedIn">
       <action expression="#{redirect.captureCurrentView}"/>
       </event>
       <event type="org.jboss.seam.postAuthenticate">
       <action expression="#{redirect.returnToCapturedView}"/>
       </event>
      


      pages.xml

      <pages>
      
       <page view-id="/admin.xhtml" >
       <restrict />
       </page>
      
       <page view-id="*">
       <navigation>
       <rule if-outcome="home">
       <redirect view-id="/index.xhtml"/>
       </rule>
       </navigation>
       </page>
      
       <page view-id="/login.xhtml">
       <navigation from-action="#{identity.login}">
       <rule if-outcome="success">
       <redirect view-id="/index.xhtml"/>
       </rule>
       </navigation>
       </page>
      
       <exception class="javax.persistence.EntityNotFoundException">
       <redirect view-id="/error.xhtml">
       <message>Not found</message>
       </redirect>
       </exception>
      
       <exception class="javax.persistence.OptimisticLockException">
       <end-conversation/>
       <redirect view-id="/error.xhtml">
       <message>Another user changed the same data, please try again</message>
       </redirect>
       </exception>
      
       <exception class="org.jboss.seam.security.AuthorizationException">
       <redirect>
       <message>You don't have permission to do this</message>
       </redirect>
       </exception>
      
       <exception class="org.jboss.seam.security.NotLoggedInException">
       <redirect view-id="/pub/login.xhtml">
       <message>Please log in first</message>
       </redirect>
       </exception>
      
       <exception>
       <redirect view-id="/error.xhtml">
       <message>Unexpected error, please try again</message>
       </redirect>
       </exception>
      
      </pages>


      and part of my login.xhtml

      <tr><td colSpan="2"><h:messages styleClass="erro" layout="table"/> </td></tr>
      <tr>
      <td>#{messages.user_login}: </td>
      <td><h:inputText id="nome" value="#{identity.username}" ></h:inputText></td>
      </tr>
      <tr>
      <td>#{messages.password}: </td>
      <td><h:inputSecret value="#{identity.password}" /></td>
      </tr>
      <tr>
      <td></td>
      <td><h:commandButton id="btnOk" value="#{messages.enter}" action="#{identity.login}"></h:commandButton></td>
      </tr>


      If I try to access /admin.xhtml before login, the system redirects to /login.xhtml. That's ok!

      After a successful login nothing happens but if I check JBOSS console I see the same exception being raised in an infinite loop forcing me to stop the server:

      18:08:04,765 ERROR [SeamPhaseListener] uncaught exception
      org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#{s:hasPermission('/admin.xhtml', 'render', null)}]
       at org.jboss.seam.security.Identity.checkRestriction(Identity.java:174)
       at org.jboss.seam.pages.Page.enter(Page.java:186)
       at org.jboss.seam.core.Pages.enterPage(Pages.java:239)
       at org.jboss.seam.jsf.AbstractSeamPhaseListener.enterPage(AbstractSeamPhaseListener.java:242)
       at org.jboss.seam.jsf.AbstractSeamPhaseListener.beforeRender(AbstractSeamPhaseListener.java:193)
       at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:57)


      I guess the reason is the <restrict/ tag inside the /admin.xhtml page in pages.xml, but it was the only way I found to redirect to the login page if the user isn't logged.

      Any help????

      Ricardo Memória