1 Reply Latest reply on Feb 13, 2008 3:05 PM by Harry Walneck

    Seam generate-ui Security Model

    Harry Walneck Newbie

      Hello, I am using Seam 2.0.1 and utilized seam generate-ui to generate pages for existing entity beans.
      As I browsed to the pages, they allow for search and creation/edit of the entity.
      The search does not require a login. The create/edit does require a login.

      The question is why does the create require a log in and not the search?

      I am wondering what the default plumbing in when using generate-ui to enable this specific security model.

      I am pretty sure I am getting the NotLoggedInException when trying to edit/create, just not sure why.

      Thanks.

        • 1. Re: Seam generate-ui Security Model
          Harry Walneck Newbie

          here is what I have,

          Components.xml,

          <?xml version="1.0" encoding="UTF-8"?>
          <components xmlns="http://jboss.com/products/seam/components"
           xmlns:core="http://jboss.com/products/seam/core"
           xmlns:persistence="http://jboss.com/products/seam/persistence"
           xmlns:drools="http://jboss.com/products/seam/drools"
           xmlns:bpm="http://jboss.com/products/seam/bpm"
           xmlns:security="http://jboss.com/products/seam/security"
           xmlns:mail="http://jboss.com/products/seam/mail"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation=
           "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.0.xsd
           http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.0.xsd
           http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.0.xsd
           http://jboss.com/products/seam/bpm http://jboss.com/products/seam/bpm-2.0.xsd
           http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.0.xsd
           http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-2.0.xsd
           http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.0.xsd">
          
           <core:init debug="@debug@" jndi-pattern="@jndiPattern@"/>
          
           <core:manager concurrent-request-timeout="500"
           conversation-timeout="120000"
           conversation-id-parameter="cid"/>
          
           <persistence:managed-persistence-context name="entityManager"
           auto-create="true"
           persistence-unit-jndi-name="java:/myprojectEntityManagerFactory"/>
          
           <drools:rule-base name="securityRules">
           <drools:rule-files>
           <value>/security.drl</value>
           </drools:rule-files>
           </drools:rule-base>
          
           <security:identity security-rules="#{securityRules}" authenticate-method="#{authenticator.authenticate}" remember-me="true"/>
          
           <event type="org.jboss.seam.security.notLoggedIn">
           <action execute="#{redirect.captureCurrentView}"/>
           </event>
           <event type="org.jboss.seam.security.loginSuccessful">
           <action execute="#{redirect.returnToCapturedView}"/>
           </event>
          
           <mail:mail-session host="localhost" port="2525" username="test" password="test" />
          
           <!-- For use with jBPM pageflow or process management -->
           <!--
           <bpm:jbpm>
           <bpm:process-definitions></bpm:process-definitions>
           <bpm:pageflow-definitions></bpm:pageflow-definitions>
           </bpm:jbpm>
           -->
          
          </components>
          


          facesConfig.xml
          <?xml version='1.0' encoding='UTF-8'?>
          <faces-config version="1.2"
           xmlns="http://java.sun.com/xml/ns/javaee"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_1_2.xsd">
          
           <application>
           <locale-config>
           <default-locale>en</default-locale>
           <supported-locale>bg</supported-locale>
           <supported-locale>de</supported-locale>
           <supported-locale>en</supported-locale>
           <supported-locale>fr</supported-locale>
           <supported-locale>tr</supported-locale>
           </locale-config>
           <view-handler>com.sun.facelets.FaceletViewHandler</view-handler>
           </application>
          
          
          
          </faces-config>
          
          


          pages.xml

          <?xml version="1.0" encoding="UTF-8"?>
          <pages xmlns="http://jboss.com/products/seam/pages"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd"
          
           no-conversation-view-id="/home.xhtml"
           login-view-id="/login.xhtml">
          
           <page view-id="*">
           <navigation>
           <rule if-outcome="home">
           <redirect view-id="/home.xhtml"/>
           </rule>
           </navigation>
           </page>
          
           <exception class="org.jboss.seam.framework.EntityNotFoundException">
           <redirect view-id="/error.xhtml">
           <message>Not found</message>
           </redirect>
           </exception>
          
           <exception class="javax.persistence.EntityNotFoundException">
           <redirect view-id="/error.xhtml">
           <message>Not found</message>
           </redirect>
           </exception>
          
           <exception class="javax.persistence.OptimisticLockException">
           <end-conversation/>
           <redirect view-id="/error.xhtml">
           <message>Another user changed the same data, please try again</message>
           </redirect>
           </exception>
          
           <exception class="org.jboss.seam.security.AuthorizationException">
           <redirect view-id="/error.xhtml">
           <message>You don't have permission to do this</message>
           </redirect>
           </exception>
          
           <exception class="org.jboss.seam.security.NotLoggedInException">
           <redirect view-id="/login.xhtml">
           <message>Please log in first</message>
           </redirect>
           </exception>
          
           <exception class="javax.faces.application.ViewExpiredException">
           <redirect view-id="/error.xhtml">
           <message>Your session has timed out, please try again</message>
           </redirect>
           </exception>
          
           <exception>
           <redirect view-id="/error.xhtml">
           <message>Unexpected error, please try again</message>
           </redirect>
           </exception>
          
          </pages>
          
          



          There are no page restrictions or security rules that apply to the page that I am trying to browse to, so wondering why I am getting returned to the log in page when trying to go to the edit pages that are automatically generated via seam generate-ui

          Thanks.


          Thanks..