0 Replies Latest reply on Dec 3, 2008 11:41 AM by John Lennon

    hasRole + login-required doesn't work in Seam 2.1.0.SP1

    John Lennon Newbie

      Hi,


      I've just generated project using seam-gen, now I'm trying use security features.


      I've changed only one file in my project:
      myproject/resources/WEB-INF/pages.xml


      ...
          <pages xmlns="http://jboss.com/products/seam/pages"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:security="http://jboss.com/products/seam/security"
             xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products    /seam/pages-2.1.xsd"
      
             no-conversation-view-id="/home.xhtml"
             login-view-id="/login.xhtml">
      ...
          <page view-id="/List.xhtml" login-required="true">
              <restrict>#security:hasRole('ultra-user')</restrict>
          </page>
      ...
          <exception class="org.jboss.seam.security.AuthorizationException">
              <redirect view-id="/error.xhtml">
                  <message severity="error">You don't have permission to access this resource</message>
              </redirect>
          </exception>
      
          <exception class="org.jboss.seam.security.NotLoggedInException">
              <redirect view-id="/login.xhtml">
                  <message severity="warn">#{messages['org.jboss.seam.NotLoggedIn']}</message>
              </redirect>
          </exception>
      ...



      and there is entry in myproject/resources/WEB-INF/components.xml:




      ...
         <security:rule-based-permission-resolver security-rules="#{securityRules}"/>
      
         <security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true"/>
      ...





      My expectation would be that:



      1. when I'm not logged in and try to enter url http://localhost:8080/myproject/List.seam I would be redirected to login screen - this is not happening

      2. only user which is in role ultra-user can access page with address - since I'm not logging in user is not is this role but I can steel open that page

      3. exception should be thrown in log file org.jboss.seam.security.NotLoggedInException or org.jboss.seam.security.AuthorizationException - not of them appears in my log file.



      Is there some special setting that I must to switch after generating project using seam-gen that these security option will work in pages.xml ?


      Regards.