3 Replies Latest reply on Nov 6, 2009 8:17 PM by Ingo Jobling

    AuthorizationException = ERROR, why?

    Chris Simons Expert

      When I supply my own permission handler to pages.xml <restrict> tag, I get an ERROR such as:

      org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#{esm.hasPrivilege('viewPersonalProfile')}]

      If the check fails, shouldn't it just fail gracefully?  I don't see why an application ERROR would be thrown for this, since it's quite possible (and expected) that a permission check will fail for obvious reasons.

      I read elsewhere that this might be fixed in Seam 2.1, but I'm running Seam 2.1.2 and this appears to still be an issue.

      Does anyone know how to workaround this exception or if there is a way to demote the severity of the exception?