Details
-
Type:
Enhancement
-
Status: Resolved (View Workflow)
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 3.1.0.Beta2
-
Component/s: Exception Handling, Security, View Configuration
-
Labels:None
Description
If authorization fails, and the user is not logged in, Faces looks for a @LoginViewId to redirect to, and returns a 401 response if none is found. A similar story applies for the @AccessDeniedViewId
It would be better to instead throw an exception, that Seam Catch can intercept. If not intercepted, this exception would eventually lead to a 401 response.
Gliffy Diagrams
Activity
- All
- Comments
- Work Log
- History
- Activity
- Links Hierarchy
I think throwing the exception to catch is a really good idea, the users can create their own handlers and do custom actions as they need. We'd create a handler in Faces with a low priority so it's one of the last things to handle the exception.
Jason Porter
added a comment - I think throwing the exception to catch is a really good idea, the users can create their own handlers and do custom actions as they need. We'd create a handler in Faces with a low priority so it's one of the last things to handle the exception. No suitable java., javax. exception seems to exist, so Faces should create one. Possibly extending:
javax.security.auth.message.AuthException
http://download.oracle.com/javaee/6/api/javax/security/auth/message/AuthException.html
Brian Leathem
added a comment - No suitable java. , javax. exception seems to exist, so Faces should create one. Possibly extending:
javax.security.auth.message.AuthException
http://download.oracle.com/javaee/6/api/javax/security/auth/message/AuthException.html 
Sounds like it's something in the security model, throwing the exception, and having a packaged catch handler for this would work just fine.