0 Replies Latest reply on Feb 21, 2011 3:51 PM by Amy Nieves

    Problem securing pages with implied permission

    Amy Nieves Newbie

      I'm trying to secure the pages using the implied permission as it is mentioned in the documentation: 15.6.4. Securing pages.


      I added


      <page view-id="/order.xhtml">
          <restrict/>
      </page>



      The docs mention the 'render' and the 'restore' actions. For the '/settings.xhtml' example it describes:



      This page has an implied permission of /settings.xhtml:render required for non-faces requests and an implied permission of /settings.xhtml:restore for faces requests.


      I added the following to the security.drl.



      rule RepRule
           no-loop
           activation-group "permissions"
      when
           check1: PermissionCheck(name == "/admin/orders.xhtml:render", granted == false)
              check2: PermissionCheck(name == "/admin/orders.xhtml:restore", granted == false)
           //Role(name == "Rep")
      then
           check1.grant();
           check2.grant();
      end



      And the following lines in the pages.xml.



      <page login-required="true" view-id="/admin/orders.xhtml">
          <restrict/>
      </page>




      But I still get the org.jboss.seam.security.AuthorizationException.