Hello,

i'm trying to use the built-in security handling. With the pages.xml it works fine. But, if i try to restrict some controller action, no redirect occurs and the application just throws an exception

17:34:57,328 ERROR [[default]] Servlet.service() for servlet default threw exception
org.jboss.seam.security.NotLoggedInException
 at org.jboss.seam.security.Identity.checkRestriction(Identity.java:222)
 at de.rwo.login.Identity.checkRestriction(Identity.java:59)
 at org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:38)
 at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
 at org.jboss.seam.ejb.RemoveInterceptor.aroundInvoke(RemoveInterceptor.java:41)
 at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
 at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:106)
 at org.jboss.seam.intercept.ClientSideInterceptor.invoke(ClientSideInterceptor.java:54)
 at org.javassist.tmp.java.lang.Object_$$_javassist_22.buyNow(Object_$$_javassist_22.java)

The de.rwo.login.Identity.checkRestriction extends the Identity and only wraps the original checkRestriction call. If i catch the NotLoggedInException in such a wrapper and redirect manually (by using Pages.instance()...) to the login page, it works, but expect the correct behavior also/especially in case of NotLoggedInException.

Some application data(configuration as in the docu):

This view should be visible to all, but the only action of the page requires successful login to be proceeded.

Firing action in view

<h:commandButton action="#{buyNowController.buyNow}" styleClass="submit" value="Kaufen" >
 <s:conversationId/>
 </h:commandButton>

The action itself

@Restrict("#{identity.loggedIn}")
 public String buyNow() {...}

Sounds simple but doesn't work :-(

Thanks for any help,

Gena