Re: PrettyFaces inbound rule not working

Splash Forums PrettyFaces Users PrettyFaces inbound rule not working Re: PrettyFaces inbound rule not working

#22645

To be honest, I for myself always implement such security on object level manually. Actually it’s very simply in most cases.

<url-mapping id="organizationHome">
<pattern value="/organization/#{orgPageBean.organizationId}" />
<action>#{orgPageBean.loadData}</action>
<view-id value="/homes/organizationHome.xhtml" />
</url-mapping>

public class OrgPageBean {

/* ... */

private Long organizationId;

public String loadData() {

Organisation organization = organizationDao.getById(organizationId);
if(organization == null || !permissionChecker.canRead(user, organization)) {
PrettyContext.getCurrentInstance().sendError(404);
return null;
}

}

}

BTW: As far as I know Lincoln wrote an enhancement for Seam Security that supports permissions on object level. But I don’t know about details.