Yes, I'm using Jetspeed 2.1.3; I'm actually in the process of an upgrade from
2.0.
No, my class isn't deployed inside j2-admin. It's deployed inside my main
web application so it can have access to other classes there.
I don't know if what I just told you renders this irrelevant but here's my
stack trace:
javax.portlet.PortletException: Failed to find the Security Access
Controller on portlet initialization
at
org.apache.jetspeed.portlets.selector.PortletSelector.init(PortletSelector.java:87)
at
org.fake.web.service.portletSelector.DashboardPortletSelector.init(DashboardPortletSelector.java:241)
at
org.apache.jetspeed.factory.JetspeedPortletInstance.init(JetspeedPortletInstance.java:85)
at
org.apache.jetspeed.factory.JetspeedPortletFactory.getPortletInstance(JetspeedPortletFactory.java:283)
at
org.apache.jetspeed.aggregator.impl.HeaderAggregatorImpl.renderHeaderFragment(HeaderAggregatorImpl.java:1119)
at
org.apache.jetspeed.aggregator.impl.HeaderAggregatorImpl.aggregateAndRender(HeaderAggregatorImpl.java:1100)
at
org.apache.jetspeed.aggregator.impl.HeaderAggregatorImpl.aggregateAndRender(HeaderAggregatorImpl.java:1092)
at
org.apache.jetspeed.aggregator.impl.HeaderAggregatorImpl.build(HeaderAggregatorImpl.java:1070)
at
org.apache.jetspeed.aggregator.HeaderAggregatorValve.invoke(HeaderAggregatorValve.java:46)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.decoration.DecorationValve.invoke(DecorationValve.java:144)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.resource.ResourceValveImpl.invoke(ResourceValveImpl.java:130)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.pipeline.valve.impl.ActionValveImpl.invoke(ActionValveImpl.java:207)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.container.ContainerValve.invoke(ContainerValve.java:109)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.container.PageHistoryValve.invoke(PageHistoryValve.java:108)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.profiler.impl.ProfilerValveImpl.invoke(ProfilerValveImpl.java:248)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.security.impl.LoginValidationValveImpl.invoke(LoginValidationValveImpl.java:159)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.security.impl.PasswordCredentialValveImpl.invoke(PasswordCredentialValveImpl.java:150)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.localization.impl.LocalizationValveImpl.invoke(LocalizationValveImpl.java:170)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.security.impl.AbstractSecurityValve$1.run(AbstractSecurityValve.java:138)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
at
org.apache.jetspeed.security.JSSubject.doAsPrivileged(JSSubject.java:179)
at
org.apache.jetspeed.security.impl.AbstractSecurityValve.invoke(AbstractSecurityValve.java:132)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.container.url.impl.PortalURLValveImpl.invoke(PortalURLValveImpl.java:67)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.capabilities.impl.CapabilityValveImpl.invoke(CapabilityValveImpl.java:126)
at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
at
org.apache.jetspeed.pipeline.JetspeedPipeline.invoke(JetspeedPipeline.java:146)
at
org.apache.jetspeed.engine.JetspeedEngine.service(JetspeedEngine.java:227)
at
org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java:242)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.fake.web.filter.JetspeedFilter.doFilter(JetspeedFilter.java:135)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.jetspeed.engine.servlet.XXSUrlAttackFilter.doFilter(XXSUrlAttackFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Unknown Source)
Thanks for the help,
B.J.
David Sean Taylor-3 wrote:
>
> On Thu, Jul 15, 2010 at 2:09 PM, bhardage <[email protected]> wrote:
>>
>> This is actually a duplicate of another post I made as a reply to another
>> question, but I decided it deserved its own post:
>>
>> First, let me say that I know fairly little about how Jetspeed's security
>> works, and I'm hoping that there's a simple solution such as adding a
>> <security-constraint> tag somewhere.
>>
>> Basically, I have a class that extends the
>> org.apache.jetspeed.portlets.selector.PortletSelector class (one of the
>> classes in j2-admin). It overrides the init() function, and calls
>> PortletSelector's init() on the first line.
>>
>> What's happening is PortletSelector is throwing an exception because it
>> can't find a securityAccessController in the context.
>>
>> My user-portlet-selector.psml file just has a standard oneColumn fragment
>> in
>> it, and the definition in the portlet.xml looks like this:
>>
>> <portlet id="DashboardSelector">
>> <init-param>
>> <description>This parameter sets the template used in view
>> mode.</description>
>> <name>ViewPage</name>
>> <value>/WEB-INF/view/selectors/user-portlet-selector.vm</value>
>> </init-param>
>> <portlet-name>DashboardSelector</portlet-name>
>> <display-name>DashboardSelector</display-name>
>> <description>DashboardSelector</description>
>>
>> <portlet-class>org.fake.portletSelector.DashboardPortletSelector</portlet-class>
>> <expiration-cache>-1</expiration-cache>
>> <supports>
>> <mime-type>text/html</mime-type>
>> <portlet-mode>VIEW</portlet-mode>
>> <portlet-mode>EDIT</portlet-mode>
>> <portlet-mode>HELP</portlet-mode>
>> </supports>
>> <supported-locale>en</supported-locale>
>> <portlet-preferences>
>> <preference>
>> <name>WindowSize</name>
>> <value>100</value>
>> </preference>
>> <preference>
>> <name>parallel</name>
>> <value>true</value>
>> <read-only>true</read-only>
>> </preference>
>> </portlet-preferences>
>> </portlet>
>>
>> I guess the real problem is that I don't really know what a
>> securityAccessController is.
>>
> The securityAccessController is a Jetspeed service. From the service
> interface javadocs, here is a description:
>
> This component abstracts access to security checks.
> Jetspeed supports two kinds of secured access:
> * Permissions
> * Constraints
>
> Permissions are checked via Java Security. Jetspeed implements its
> own security policy.
> Constrainted are checked via the Page Manager's constraints.
> Either way, the implicit Jetspeed Security Subject is applied to the
> security access check.
>
> There are two methods on this interface:
>
> boolean checkPortletAccess(PortletDefinitionComposite portlet, int
> mask);
>
> * Checks access for the implicit active subject's access to the
> resource protected by the portlet permission
> * This is an abstraction introduced in 2.1 for Permission Manager
> implementations NOT
> * founded upon the a Java security policy. If the Permission
> Manager is configured to
> * run with Security Constraints, then a security constraint check
> is made. Otherwise,
> * a standard Java Security permission check is made.</p>
> *
> * @param portlet The portlet to be checked
> * @param mask A mask <code>JetspeedActions</code> such as view, edit
> * @return true if access is granted, false if access denied based
> on policy or constraints
>
>
> int getSecurityMode();
>
> * Returns the configured security mode for this accessor
> * This component can be configured to make Java Security Policy
> permission checks
> * or Jetspeed Security Constraint checks
> * @return either PERMISSIONS or CONSTRAINTS
>
>
> You said you are extending the
> org.apache.jetspeed.portlets.selector.PortletSelector class from the
> j2-admin application. (It sounds like you are using version 2.1.3). Im
> not sure why it would fail to find the securityAccessController
> service on init. Is your class deployed inside the j2-admin web
> application? Could you send the stack trace?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
>
--
View this message in context:
http://old.nabble.com/No-securityAccessController-in-custom-PortletSelector-tp29173424p29177337.html
Sent from the Jetspeed - Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
