4 Replies Latest reply on Oct 22, 2006 12:11 PM by texan

    Handling of exception from @RolesAllowed failure

    texan

      Configuration: JBoss 4.0.4GA, Seam 1.0.1, MyFaces 1.1.3 with Facelets. The app itself is working fine.

      I added an @RolesAllowed annotation to a stateless session bean and tried clicking the button that invokes that action (using a user who doesn't have that Role).

      As expected, it throws "SecurityException", which is caught by org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor and wrapped with "EJBAccessException".

      I created my own interceptor to try to catch this exception and return a JSF page name to tell the user that they don't have permission.

      Sadly, even when I catch throwable in my interceptor, the exception seems to go straight by and ends up kicking out a "javax.faces.el.EvaluationException" from MyFaces.

      Some extra information:

      1. I tried single stepping in the debugger, and saw my interceptor invoked. When I executed "invocation.proceed()", it never reached my "catch" clause.

      2. I tried putting my interceptor before the SeamInterceptor and also after it (last in the list), with no effect.

      Let me know if I should attach some code.

      The simple question I have (I'm a novice with many things, including JAAS configuration) is, how do I configure the desitation page for this type of permission problem, or how do I catch the exception before it reaches JSF?