Security integration shows denied pages
---------------------------------------
Key: SEAMFACES-209
URL: https://issues.jboss.org/browse/SEAMFACES-209
Project: Seam Faces
Issue Type: Bug
Components: Security
Affects Versions: 3.1.0.Beta2
Reporter: Nicklas Karlsson
I have a @ViewConfig and security annotated page that fails the auth check but
the code in SecurityPhaseListener
private void redirectToAccessDeniedView(FacesContext context, UIViewRoot
viewRoot) {
// If a user has already done a redirect and rendered the response
(possibly in an observer) we cannot do this output
if (!(context.getResponseComplete() || context.getRenderResponse())) {
quietly fails the check and then proceeds to render the page. It should perhaps
throw an exception or take some other actions to at least deny the page.
In an unrelated note, I can't see where response output would be produced since
I just edited the browser url and pointed it at a forbidden page...
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues
