I'm trying to secure the pages using the implied permission as it is mentioned in the documentation: 15.6.4. Securing pages.
<page view-id="/order.xhtml"> <restrict/> </page>
The docs mention the 'render' and the 'restore' actions. For the '/settings.xhtml' example it describes:
This page has an implied permission of /settings.xhtml:render required for non-faces requests and an implied permission of /settings.xhtml:restore for faces requests.
I added the following to the security.drl.
rule RepRule no-loop activation-group "permissions" when check1: PermissionCheck(name == "/admin/orders.xhtml:render", granted == false) check2: PermissionCheck(name == "/admin/orders.xhtml:restore", granted == false) //Role(name == "Rep") then check1.grant(); check2.grant(); end
And the following lines in the pages.xml.
<page login-required="true" view-id="/admin/orders.xhtml"> <restrict/> </page>
But I still get the org.jboss.seam.security.AuthorizationException.