1 Reply Latest reply on Feb 13, 2008 3:05 PM by daboxe

Seam generate-ui Security Model

daboxe Feb 12, 2008 10:29 PM

Hello, I am using Seam 2.0.1 and utilized seam generate-ui to generate pages for existing entity beans.
As I browsed to the pages, they allow for search and creation/edit of the entity.
The search does not require a login. The create/edit does require a login.

The question is why does the create require a log in and not the search?

I am wondering what the default plumbing in when using generate-ui to enable this specific security model.

I am pretty sure I am getting the NotLoggedInException when trying to edit/create, just not sure why.

Thanks.

1. Re: Seam generate-ui Security Model

daboxe Feb 13, 2008 3:05 PM (in response to daboxe)

here is what I have,

Components.xml,

<?xml version="1.0" encoding="UTF-8"?>
<components xmlns="http://jboss.com/products/seam/components"
 xmlns:core="http://jboss.com/products/seam/core"
 xmlns:persistence="http://jboss.com/products/seam/persistence"
 xmlns:drools="http://jboss.com/products/seam/drools"
 xmlns:bpm="http://jboss.com/products/seam/bpm"
 xmlns:security="http://jboss.com/products/seam/security"
 xmlns:mail="http://jboss.com/products/seam/mail"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation=
 "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.0.xsd
 http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.0.xsd
 http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.0.xsd
 http://jboss.com/products/seam/bpm http://jboss.com/products/seam/bpm-2.0.xsd
 http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.0.xsd
 http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-2.0.xsd
 http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.0.xsd">

 <core:init debug="@debug@" jndi-pattern="@jndiPattern@"/>

 <core:manager concurrent-request-timeout="500"
 conversation-timeout="120000"
 conversation-id-parameter="cid"/>

 <persistence:managed-persistence-context name="entityManager"
 auto-create="true"
 persistence-unit-jndi-name="java:/myprojectEntityManagerFactory"/>

 <drools:rule-base name="securityRules">
 <drools:rule-files>
 <value>/security.drl</value>
 </drools:rule-files>
 </drools:rule-base>

 <security:identity security-rules="#{securityRules}" authenticate-method="#{authenticator.authenticate}" remember-me="true"/>

 <event type="org.jboss.seam.security.notLoggedIn">
 <action execute="#{redirect.captureCurrentView}"/>
 </event>
 <event type="org.jboss.seam.security.loginSuccessful">
 <action execute="#{redirect.returnToCapturedView}"/>
 </event>

 <mail:mail-session host="localhost" port="2525" username="test" password="test" />

 <!-- For use with jBPM pageflow or process management -->
 <!--
 <bpm:jbpm>
 <bpm:process-definitions></bpm:process-definitions>
 <bpm:pageflow-definitions></bpm:pageflow-definitions>
 </bpm:jbpm>
 -->

</components>

facesConfig.xml

<?xml version='1.0' encoding='UTF-8'?>
<faces-config version="1.2"
 xmlns="http://java.sun.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_1_2.xsd">

 <application>
 <locale-config>
 <default-locale>en</default-locale>
 <supported-locale>bg</supported-locale>
 <supported-locale>de</supported-locale>
 <supported-locale>en</supported-locale>
 <supported-locale>fr</supported-locale>
 <supported-locale>tr</supported-locale>
 </locale-config>
 <view-handler>com.sun.facelets.FaceletViewHandler</view-handler>
 </application>



</faces-config>

pages.xml

<?xml version="1.0" encoding="UTF-8"?>
<pages xmlns="http://jboss.com/products/seam/pages"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd"

 no-conversation-view-id="/home.xhtml"
 login-view-id="/login.xhtml">

 <page view-id="*">
 <navigation>
 <rule if-outcome="home">
 <redirect view-id="/home.xhtml"/>
 </rule>
 </navigation>
 </page>

 <exception class="org.jboss.seam.framework.EntityNotFoundException">
 <redirect view-id="/error.xhtml">
 <message>Not found</message>
 </redirect>
 </exception>

 <exception class="javax.persistence.EntityNotFoundException">
 <redirect view-id="/error.xhtml">
 <message>Not found</message>
 </redirect>
 </exception>

 <exception class="javax.persistence.OptimisticLockException">
 <end-conversation/>
 <redirect view-id="/error.xhtml">
 <message>Another user changed the same data, please try again</message>
 </redirect>
 </exception>

 <exception class="org.jboss.seam.security.AuthorizationException">
 <redirect view-id="/error.xhtml">
 <message>You don't have permission to do this</message>
 </redirect>
 </exception>

 <exception class="org.jboss.seam.security.NotLoggedInException">
 <redirect view-id="/login.xhtml">
 <message>Please log in first</message>
 </redirect>
 </exception>

 <exception class="javax.faces.application.ViewExpiredException">
 <redirect view-id="/error.xhtml">
 <message>Your session has timed out, please try again</message>
 </redirect>
 </exception>

 <exception>
 <redirect view-id="/error.xhtml">
 <message>Unexpected error, please try again</message>
 </redirect>
 </exception>

</pages>

There are no page restrictions or security rules that apply to the page that I am trying to browse to, so wondering why I am getting returned to the log in page when trying to go to the edit pages that are automatically generated via seam generate-ui

Thanks.

Thanks..