[jboss-user] [JBoss Seam] - Seam security working in Facelets but not via annotations

Wed, 01 Aug 2007 16:55:46 -0700 

Hi,

Following the Seam reference, I've setup a login page using the identity 
management facilities. The log in works fine, and in my Facelets I can use the 
following successfully:

<s:div rendered="#{identity.loggedIn}">
  |     YOU ARE LOGGED IN
  | </s:div>

I've also setup the JBoss Rules engine, so the following also works:

<s:div rendered="#{s:hasPermission('customer', 'delete', null)}">
  |     YOU HAVE CUSTOMER DELETE
  | </s:div>

and;

<s:div rendered="#{s:hasRole('power')}">
  |     YOU HAVE POWER ROLE
  | </s:div>

So far so good. These pages all reference a simple backing bean as follows:

  | package au.gov.austrac.ao.prototype;
  | 
  | import org.jboss.seam.annotations.In;
  | import org.jboss.seam.annotations.Name;
  | import org.jboss.seam.annotations.security.Restrict;
  | import org.jboss.seam.security.Identity;
  | 
  | @Name("authenticator")
  | public class ExampleAuthenticator {
  | 
  |     @In
  |     Identity identity;
  | 
  |     public String name = "bill";
  | 
  |     public String getName() {
  |             tryRulesEngine();
  |             return name;
  |     }
  | 
  |     public void setName(String name) {
  |             this.name = name;
  |     }
  | 
  |     @Restrict("#{identity.loggedIn}")
  |     public void tryRulesEngine() {
  |             System.out.println("logged in? " + identity.isLoggedIn());
  |     }
  | 
  |     public boolean authenticate() {
  |             identity.addRole("power");
  |             return true;
  |     }
  | }

This bean is available under the name "authenticator" in my pages via the @Name 
annotation, and the authenticate() method is invoked by the identity code, so 
it would seem that the framework knows about this class and the Seam 
annotations are being invoked (at least @Name is), yet when I'm not logged in I 
can still access the tryRulesEngine() method. Note that the section of the page 
controlled by the first code snippet above is not displayed. 

It appears that the @Restrict annotation is not working or is not being invoked?


View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069842#4069842

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4069842
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to