Sometimes you could have some facelets, which are no entry-sites and which should never be called directly by the user. Typical types are template-files.
Seam provides here an easy function to restrict the access to such pages. You can define this restriction in the pages.xml or the associated *.page.xml.
For the pages.xml you have to add:
1 2 3 4 5 6 7 8 | < ?xml version="1.0" encoding="UTF-8"?> <pages xmlns="http://jboss.com/products/seam/pages" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> ... <page view-id="/templates/template.xhtml"> <restrict /> </page> ... </pages> |
Because you also can use wildcards, it is also possible to restrict a whole directory:
1 2 3 4 5 6 7 8 | < ?xml version="1.0" encoding="UTF-8"?> <pages xmlns="http://jboss.com/products/seam/pages" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> ... <page view-id="/templates/*"> <restrict /> </page> ... </pages> |
Seam will now throw an exception, if a user will access this page, but instead we want to send the typical HTTP-error 403. So we have to define some more rules in pages.xml:
1 2 3 4 5 6 7 8 9 10 11 | < ?xml version="1.0" encoding="UTF-8"?> <pages xmlns="http://jboss.com/products/seam/pages" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> ... <exception class="org.jboss.seam.security.NotLoggedInException"> <http -error error-code="403" /> </exception> <exception class="org.jboss.seam.security.AuthorizationException"> <http -error error-code="403" /> </exception> ... </pages> |
Another way would be an own Servlet or Servlet-Filter, which would send the errorcode directly.