6 Replies Latest reply on Apr 23, 2009 11:09 AM by Jarek Gilewski

    Page restrict tag, Ajax call and POST parameter

    Jarek Gilewski Newbie


      I have an issueView.page.xml like this:

      <?xml version="1.0" encoding="UTF-8"?>
      <page xmlns="http://jboss.com/products/seam/pages"
            xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.1.xsd"
              <param name="issueId" value="#{issueHome.issueId}" required="true"/>
              <restrict >#{s:hasPermission(issueHome.instance, 'view')}</restrict>

      The problem is that 'restrict' part is always trigered before the page parameters are properly set with Ajax call on the page, giving me issueHome.instance set to empty Issue object so the permission check doesn't work properly.

      Is this the way 'restrict' should work? Or am I missing something?

      It alsow looks that 'restrict' is triggered before param set on form POST.

      Normally on GET request i have something like this in a log file:

      09:20:13,296 INFO  [IssueHome] setIssueId id = 1361 (log from issueHome.setIssueId)
      09:20:13,437 INFO  [STDOUT] IssueView (log from Drools IssueView rool)

      I've put the form on my IssueView.xhtml like:

                      <h:form >
                              <h:inputText id="projectId" value="#{projectHome.instance.id}" />
                              <h:commandButton value="OK" />
                      </h:form >

      After submission the form i have in the log:

      org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#{s:hasPermission(issueHome.instance, 'view')}]

      There is no setIssueId.

      I have change Drool rool to always grant the permission and on the POST the log shows:

      It looks

      09:25:13,237 INFO  [STDOUT] IssueView (log from Drools IssueView rool)
      09:25:13,496 INFO  [IssueHome] setIssueId id = 1361 (log from issueHome.setIssueId)


      I'm using SEAM 2.1.1.GA