Fixing SEAMFACES-209

As near as I can tell, this is the best that we've got. I tested in the viewconfig example and the pages are no longer displaying, instead it shows the denied page.
seam · Dec 14, 2011 · 79d36ac · 79d36ac
1 parent 4aaa929
commit 79d36ac
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/impl/src/main/java/org/jboss/seam/faces/security/SecurityPhaseListener.java b/impl/src/main/java/org/jboss/seam/faces/security/SecurityPhaseListener.java
@@ -31,6 +31,7 @@
 import javax.faces.component.UIViewRoot;
 import javax.faces.context.FacesContext;
 import javax.faces.event.PhaseEvent;
+import javax.faces.event.PhaseId;
 import javax.inject.Inject;
 
 import org.jboss.seam.faces.event.PhaseIdType;
@@ -328,7 +329,8 @@ private void redirectToLoginPage(FacesContext context, UIViewRoot viewRoot) {
      */
     private void redirectToAccessDeniedView(FacesContext context, UIViewRoot viewRoot) {
         // If a user has already done a redirect and rendered the response (possibly in an observer) we cannot do this output
-        if (!(context.getResponseComplete() || context.getRenderResponse())) {
+        final PhaseId currentPhase = context.getCurrentPhaseId();
+        if (!context.getResponseComplete() && !PhaseId.RENDER_RESPONSE.equals(currentPhase)) {
             AccessDeniedView accessDeniedView = viewConfigStore.getAnnotationData(viewRoot.getViewId(), AccessDeniedView.class);
             if (accessDeniedView == null || accessDeniedView.value() == null || accessDeniedView.value().isEmpty()) {
                 log.warn("No AccessDeniedView is configured, returning 401 response (access denied). Please configure an AccessDeniedView in the ViewConfig.");