-
1. Re: seam-faces SecurityPhaseListener behaviour?
piklos Jan 27, 2012 6:16 AM (in response to piklos)I forgot to mention that the method i showed is in the SecurityPhaseListener.
I also forgot to mention that application is being deployed to tomcat 7 (I do not beleive that it has anything to do with this).
I use primeface,richfaces,pretyfaces (3.3.2). -
2. Re: seam-faces SecurityPhaseListener behaviour?
blabno Jan 27, 2012 7:26 AM (in response to piklos)I'm having similar problems. As a workaround I add
@RestrictAtPhase(PhaseIdType.RESTORE_VIEW)
to each page I have security binding annotation, but I would prefer not have to do it. I consider this as a bug.
Let's see what Jason says. -
3. Re: seam-faces SecurityPhaseListener behaviour?
piklos Jan 27, 2012 7:57 AM (in response to piklos)Thanks for the hint. Documentation mentions
@RestrictAtView
annotation, but i think that that should be
@RestrictAtPhase
(as you said).
It also seems to say that it is possible to put that annotation on top of the interface, and then all of the pages would be checked at that particular phase.I still wonder why is there a problem redirecting in the render response phase??? And even more so, why is that a problem only with redirection to access denied page, and not login page too?
-
4. Re: seam-faces SecurityPhaseListener behaviour?
lightguard Jan 27, 2012 12:34 PM (in response to piklos)Why it isn't a problem redirecting to the login page: Because I missed it :)
Why it's a problem in the RENDER_RESPONSE phase? Because headers have already been sent to the browser for the page and we can't redirect. At least we shouldn't be able to redirect. If someone has a patch for checking to see if headers have been sent to the browser we could send the redirect if they haven't otherwise it's too late.
-
5. Re: seam-faces SecurityPhaseListener behaviour?
blabno Jan 27, 2012 12:45 PM (in response to piklos)OK, if it's impossible to always restrict access before RENDERRESPONSE then I suggest that by default RestrictAtPhase is RESTOREVIEW.
-
6. Re: seam-faces SecurityPhaseListener behaviour?
lightguard Jan 27, 2012 12:58 PM (in response to piklos)I think there's a JIRA for that actually.