Andries Ehlers created SEAMFACES-243:
----------------------------------------
Summary: ViewConfig not working unless <f:metadata> specified on
page
Key: SEAMFACES-243
URL: https://issues.jboss.org/browse/SEAMFACES-243
Project: Seam Faces
Issue Type: Bug
Components: View Configuration
Affects Versions: 3.1.0.Final
Environment: Kubuntu Linux
Reporter: Andries Ehlers
I created a custom SecurityBindingType as follows
{code:title=ActiveUser.java|borderStyle=solid}
@SecurityBindingType
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.FIELD, ElementType.TYPE, ElementType.METHOD})
@Documented
public @interface ActiveUser {
}
{code}
with the following authentication method:
{code:title=SecurityRestrictions.java|borderStyle=solid}
@Secures
@ActiveUser
public boolean isActiveUser(Identity identity) {
// always returns false just to test that security works...
return false;
}
{code}
I then use this type in the following file which is annotated with @ViewConfig
{code:title=Bar.java|borderStyle=solid}
@ViewConfig
public interface Pages {
static enum Pages1 {
@ViewPattern("/pages/secured/profile/*")
@LoginView("/pages/public/login.xhtml?faces-redirect=true")
@AccessDeniedView("/pages/secured/home/home.xhtml?faces-redirect=true")
@FacesRedirect
@LoggedIn
@ActiveUser
SECURED_PROFILE;
}
}
{code}
In the profile folder is a file called UserProfile.xhtml, as follows:
{code:xml}
<ui:composition xmlns="http://www.w3.org/1999/xhtml";
xmlns:h="http://java.sun.com/jsf/html";
xmlns:f="http://java.sun.com/jsf/core";
xmlns:ui="http://java.sun.com/jsf/facelets";
xmlns:forgeview="http://jboss.org/forge/view";
xmlns:c="http://java.sun.com/jsp/jstl/core";
xmlns:a4j="http://richfaces.org/a4j";
xmlns:s="http://jboss.org/seam/faces";
xmlns:p="http://primefaces.org/ui";
template="/resources/template/master_template.xhtml">
<ui:define name="content">
CONTENT HERE
</ui:define>
</ui:composition>
{code}
When running the application, the security for the @LoggedIn seems to work, but
security for the @ActiveUser does not work at all.
However, when I include the following code above the <ui:define...> tag in the
profile page above, it suddenly works (any viewParam makes security magically
work - why??).
{code:xml}
<f:metadata>
<f:viewParam name="i_have_no_idea_why_i_should_put_this_here_param" value=""
/>
</f:metadata>
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
seam-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/seam-issues
