1 Reply Latest reply on Jul 19, 2008 10:06 AM by Swen Barth

    s:hasRole works in SFSB but not in pages.xml

    Swen Barth Newbie
      I'm using Seam 2.0.2.SP1 on JBoss 4.2.2.GA.

      I have annotated a method in a SFSB like this:


          @Restrict("#{s:hasRole('Administrator')}")  


      In pages.xml I have the following block:

          <page view-id="/myRestrictedPage.*">
              <restrict>#s:hasRole('Administrator')</restrict>
          </page>

      When I log in with a User with Role "Administrator", I can execute the restricted method.

      But, when I try to access the restricted page with the same user in the same session, I get an AuthorizationException:

      org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#s:hasRole('Administrator')]
           at org.jboss.seam.security.Identity.checkRestriction(Identity.java:190)
           at org.jboss.seam.navigation.Page.checkPermission(Page.java:218)
           at org.jboss.seam.navigation.Page.preRender(Page.java:238)
           at org.jboss.seam.navigation.Pages.preRender(Pages.java:316)
           at org.jboss.seam.jsf.SeamPhaseListener.preRenderPage(SeamPhaseListener.java:560)
           at org.jboss.seam.jsf.SeamPhaseListener.beforeRenderResponse(SeamPhaseListener.java:471)
           at org.jboss.seam.jsf.SeamPhaseListener.beforeServletPhase(SeamPhaseListener.java:144)
           at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:114)
           at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:222)
           at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144)
           at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
           at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:68)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:85)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:141)
           at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:281)
           at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:60)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58)
           at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
           at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
           at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
           at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
           at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
           at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
           at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
           at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
           at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
           at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
           at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
           at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
           at java.lang.Thread.run(Thread.java:595)`

      I double-checked and changed the required role on the restricted method to "foo", and I wasn't allowed to call it, just as expected.

      Does anyone have an idea why the s:hasRole in pages.xml is not working?