2 Replies Latest reply on Apr 26, 2016 6:37 PM by John Ericksen

    Seam 2.3.1.Final <restrict> with 3rd party authentication

    John Ericksen Newbie

      We are upgrading our applications to 2.3.1.Final from 2.2.0.GA.  With 2.2.0.GA we follow a 3rd party (J2EE?) authentication model, leveraging a single signon service.  In order to get this to work, we had to disable the identity filter to access the HTTPRequest.getRemoteUser():


          <web:identity-filter disabled="true"/>


      Along with this we have a series of restrictions in the pages.xml file:

          <page view-id="/home.xhtml">


                  #{user!= null and userAccessAction.isValid()}




      With the upgrade to 2.3.1.Final we followed Dan's advice and set security-enabled="false" in the components.xml instead of disabling the identity-filter.  This works well, as we get access to the HTTPRequest.getRemoteUser() method.  The drawback is <restrict/>s no longer function as expected.  Is there a replacement for <restrict> or should we try a different strategy?