0 Replies Latest reply on Dec 3, 2008 11:41 AM by John Lennon

    hasRole + login-required doesn't work in Seam 2.1.0.SP1

    John Lennon Newbie


      I've just generated project using seam-gen, now I'm trying use security features.

      I've changed only one file in my project:

          <pages xmlns="http://jboss.com/products/seam/pages"
             xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products    /seam/pages-2.1.xsd"
          <page view-id="/List.xhtml" login-required="true">
          <exception class="org.jboss.seam.security.AuthorizationException">
              <redirect view-id="/error.xhtml">
                  <message severity="error">You don't have permission to access this resource</message>
          <exception class="org.jboss.seam.security.NotLoggedInException">
              <redirect view-id="/login.xhtml">
                  <message severity="warn">#{messages['org.jboss.seam.NotLoggedIn']}</message>

      and there is entry in myproject/resources/WEB-INF/components.xml:

         <security:rule-based-permission-resolver security-rules="#{securityRules}"/>
         <security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true"/>

      My expectation would be that:

      1. when I'm not logged in and try to enter url http://localhost:8080/myproject/List.seam I would be redirected to login screen - this is not happening

      2. only user which is in role ultra-user can access page with address - since I'm not logging in user is not is this role but I can steel open that page

      3. exception should be thrown in log file org.jboss.seam.security.NotLoggedInException or org.jboss.seam.security.AuthorizationException - not of them appears in my log file.

      Is there some special setting that I must to switch after generating project using seam-gen that these security option will work in pages.xml ?