5 Replies Latest reply on Feb 21, 2013 11:17 AM by nathan dennis

    Seam 3 Security render restrict page

    paulada Newbie

      Hi,

       

      I started a new project to learn JSF2, and i have two roles Admin and User, i tried to restrict some admin pages, but if a user login and try to access admin pages, the pages are rendered. This is what i've done:

       

      Restrictions:

      import org.jboss.seam.security.Identity;
      import org.jboss.seam.security.annotations.Secures;
      
      
      public class Restricoes
      {
                public @Secures
                @Admin
                boolean isAdmin(Identity identity)
                {
                     return identity.hasRole("admin", "USERS", "GROUP");
                }
        
                public @Secures
                @User
                boolean isUser(Identity identity)
                {
                     return identity.hasRole("user", "USERS", "GROUP");
                }
      }
      
      

       

      Admin:

      @SecurityBindingType
      @Retention(RetentionPolicy.RUNTIME)
      @Target({ElementType.FIELD, ElementType.METHOD, ElementType.TYPE})
      public @interface Admin
      {
      }
      
      

       

      User:

       

      @SecurityBindingType
      @Retention(RetentionPolicy.RUNTIME)
      @Target({ElementType.TYPE, ElementType.METHOD})
      public @interface User
      {
      }
      
      

       

      Pages:

      @ViewConfig
      public interface Pages {
      
          static enum Pages1 {
      
              @FacesRedirect
              @LoggedIn
              @ViewPattern("/pages/*")
              @AccessDeniedView("/accessDenied.xhtml")
              @LoginView("/login.xhtml")
              ALL,
      
              @ViewPattern("/pages/userAdmin/*")
               @Admin
              ADMIN;
          }
      }
      

       

      The loggedIn restriction is working, but i'd like that if a user login and try to access admin pages the pages were not redered. Is there something that i can do or that i misunderstood?

      Thanks.