[jboss-user] [JBoss Seam] - Re: not redirecting to security_error.xhtml
I just came across this issue and managed to figure out a workaround.
I had a class level @Restrict defined for a bean. The bean had two functions:
1) to provide a @DataModel with its associated @Factory; and 2) to define an
action method for my persistence logic. From the JIRA reference above it seams
that exception trapping does not work if the exception occurs during the
RENDER_RESPONSE phase. The button action should be fine since the action would
be called as part of the INVOKE_APPLICATION phase.
However, the problem comes from the @DataModel (or any other data binding for
that matter) which will only be called during the RENDER_RESPONSE phase.
Therefore when the page that uses the data model is first accessed, it is the
point when the bindings/data model are first accessed that cause the problem.
The workaround comes from the fact that we need to somehow get the bean to be
accessed during an earlier phase. Fortunately for us, this is really easy to
do in Seam using a page action:
Add a dummy method to your bean...
|
| @Name("permissionsHome")
| @Scope(ScopeType.CONVERSATION)
| @Restrict("#{s:hasRole('administration')}")
| public class PermissionsHome {
|
| ...
|
| public void forceEarlySecurityCheck() {
| // this page action ensures that the class level @Restrict() rules are
run before RENDER_RESPONSE
| }
| }
|
|
| ...and invoke from your XXX.pages.xml
|
|
|
This results in an invocation attempt against the action before RENDER_RESPONSE
thus allows the AuthorizationException be handled correctly by Seam.
I'm sure you lot had already figured this out, but I thought I'd post my
solution just in case it's useful to someone else.
Cheers,
Chris.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4070650#4070650
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4070650
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: not redirecting to security_error.xhtml
Thanks Shane. JBSEAM-1333 Regards, Damian. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046826#4046826 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4046826 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: not redirecting to security_error.xhtml
Can you raise this issue in JIRA and assign it to me, that way it will get looked at. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046813#4046813 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4046813 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: not redirecting to security_error.xhtml
>From IBM's JSF article >(http://www-128.ibm.com/developerworks/java/library/j-jsf2/) The six phases of the JSF application lifecycle are as follows (note the event processing at each phase): 1. Restore view 2. Apply request values; process events 3. Process validations; process events 4. Update model values; process events 5. Invoke application; process events 6. Render response I should have mentioned that my method is persist(). This puts it in phase #5 I think, so not in the render phase. I'm sure it's just a config issue as the Wiki example uses something similar in the AdminHome, DirectoryHome, NodeHome and UserHome classes. Regards, Damian.[/url] View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046809#4046809 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4046809 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: not redirecting to security_error.xhtml
Hi, Seam documentation says that "Redirect does not work for exceptions which occur during the render phase of the JSF lifecycle." Maybe these errors are occurring in the render phase! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046793#4046793 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4046793 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: not redirecting to security_error.xhtml
Hi,
I'm also seeing this behaviour. As with Efabiano I have annotated a method with
@Restrict("#{s:hasPermission('vesselHome','persist',vesselHome.instance)}")
And have the Exception in pages.xml
|
|
#{messages['org.jboss.seam.security.AuthorizationException']}
|
|
|
Trying to perform that operation with a user without the correct auth results
in a org.jboss.seam.security.AuthorizationException, but the redirect never
occurs and the browser displays the HTTP Status 500 and stack trace.
This is using a Seam Gen project and the Restriction is in an EntityHome object.
Cheers,
Damian.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046420#4046420
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4046420
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: not redirecting to security_error.xhtml
Hi Christian,
The complete stack trace is:
SEVERE: Error Rendering View[/Cor.xhtml]
| org.jboss.seam.security.AuthorizationException: Authorization check failed
for expression [#{s:hasPermission('corcontroller','selecionar', null)}]
| at org.jboss.seam.security.Identity.checkRestriction(Identity.java:160)
| at
org.jboss.seam.interceptors.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:35)
| at
org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:69)
| at
org.jboss.seam.interceptors.RemoveInterceptor.aroundInvoke(RemoveInterceptor.java:40)
| at
org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:69)
| at
org.jboss.seam.interceptors.SynchronizationInterceptor.aroundInvoke(SynchronizationInterceptor.java:31)
| at
org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:69)
| at
org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:103)
| at
org.jboss.seam.intercept.ClientSideInterceptor.invoke(ClientSideInterceptor.java:50)
| at
org.javassist.tmp.java.lang.Object_$$_javassist_101.selecionar(Object_$$_javassist_101.java)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
| at java.lang.reflect.Method.invoke(Unknown Source)
| at org.jboss.seam.util.Reflections.invoke(Reflections.java:20)
| at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:123)
| at org.jboss.seam.Component.callComponentMethod(Component.java:1834)
| at org.jboss.seam.Component.getInstanceFromFactory(Component.java:1696)
| at org.jboss.seam.Component.getInstance(Component.java:1633)
| at org.jboss.seam.Component.getInstance(Component.java:1610)
| at
org.jboss.seam.jsf.SeamVariableResolver.resolveVariable(SeamVariableResolver.java:53)
| at
org.apache.myfaces.config.LastVariableResolverInChain.resolveVariable(LastVariableResolverInChain.java:42)
| at
com.sun.facelets.el.LegacyELContext$LegacyELResolver.getValue(LegacyELContext.java:134)
| at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:65)
| at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192)
| at
com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
| at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:61)
| at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192)
| at
com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
| at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:61)
| at com.sun.el.parser.AstEmpty.getValue(AstEmpty.java:49)
| at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192)
| at
com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
| at
com.sun.facelets.el.LegacyValueBinding.getValue(LegacyValueBinding.java:56)
| at
javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:1075)
| at
org.ajax4jsf.framework.renderer.RendererBase.renderChild(RendererBase.java:246)
| at
org.ajax4jsf.framework.renderer.RendererBase.renderChildren(RendererBase.java:232)
| at
org.ajax4jsf.renderkit.html.AjaxOutputPanelRenderer.encodeChildren(AjaxOutputPanelRenderer.java:79)
| at
javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:524)
| at
org.ajax4jsf.framework.renderer.RendererBase.renderChild(RendererBase.java:252)
| at
org.ajax4jsf.framework.renderer.RendererBase.renderChildren(RendererBase.java:232)
| at
org.ajax4jsf.framework.renderer.RendererBase.renderChild(RendererBase.java:254)
| at
org.ajax4jsf.framework.renderer.RendererBase.renderChildren(RendererBase.java:232)
| at
org.ajax4jsf.framework.renderer.AjaxContainerRenderer.encodeChildren(AjaxContainerRenderer.java:100)
| at
javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:524)
| at org.ajax4jsf.ajax.UIAjaxRegion.encodeChildren(UIAjaxRegion.java:119)
| at
com.sun.facelets.tag.jsf.ComponentSupport.encodeRecursive(ComponentSupport.java:244)
| at
com.sun.facelets.tag.jsf.ComponentSupport.encodeRecursive(ComponentSupport.java:249)
| at
com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:573)
| at
org.ajax4jsf.framework.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:108)
| at
org.ajax4jsf.framework.ajax.AjaxViewHandler.renderView(AjaxViewHandler.java:229)
| at
org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:384)
| at javax.faces.webapp.FacesServlet.service(FacesServlet.java:138)
| at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterC
[jboss-user] [JBoss Seam] - Re: not redirecting to security_error.xhtml
anonymous wrote : | SERV ERROR RENDERING VIEW COR.XTML | ?! Is this something you typed in or is it really in the log? My guess is that you need to post the real full log excerpt. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4045220#4045220 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4045220 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
