This content has been marked as final.
Show 10 replies
-
1. Re: restricting access using pages.xml
pmuir Feb 1, 2007 4:38 PM (in response to dustismo)"dustismo" wrote:
Hi,
I am trying to restrict access to all files in /clients to logged in users. I added the following pages.xml to no avail:<!DOCTYPE pages PUBLIC "-//JBoss/Seam Pages Configuration DTD 1.1//EN" "http://jboss.com/products/seam/pages-1.1.dtd"> <pages no-conversation-view-id="/index.xhtml"> <page view-id="/clients/*"> <restrict>#{identity.loggedIn}</restrict> </page> </pages>
This was a bug in 1.1.5 - its fixed in CVS -
2. Re: restricting access using pages.xml
gavin.king Feb 1, 2007 4:50 PM (in response to dustismo)Is it? Was it?
Bad. And good.
Guys, I've scheduled a 1.1.6 release for next Wed, to get a few of these bugfixes out there. There will also be a couple of nice enhancements to the security stuff ;-) -
3. Re: restricting access using pages.xml
dustismo Feb 1, 2007 7:38 PM (in response to dustismo)Ok, so now I am running on the cvs version, which seems to help (sort of).. Now when I try to access a page in the clients directory it throws an exception
19:30:22,185 INFO [Lifecycle] starting up: org.jboss.seam.security.identity 19:30:22,193 ERROR [[/Infofilter3-Main]] Session event listener threw exception java.lang.NullPointerException at org.jboss.seam.core.Selector.getCookieValue(Selector.java:60) at org.jboss.seam.security.Identity.initCredentialsFromCookie(Identity.java:84) at org.jboss.seam.security.Identity.create(Identity.java:78) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.seam.util.Reflections.invoke(Reflections.java:18) at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:102) at org.jboss.seam.Component.callComponentMethod(Component.java:1826) at org.jboss.seam.Component.callCreateMethod(Component.java:1774) at org.jboss.seam.Component.newInstance(Component.java:1763) at org.jboss.seam.contexts.Lifecycle.startup(Lifecycle.java:164) at org.jboss.seam.contexts.Lifecycle.beginSession(Lifecycle.java:224) at org.jboss.seam.servlet.SeamListener.sessionCreated(SeamListener.java:41) at org.apache.catalina.session.StandardSession.tellNew(StandardSession.java:384) at org.apache.catalina.session.StandardSession.setId(StandardSession.java:356) at org.apache.catalina.session.ManagerBase.createSession(ManagerBase.java:824) at org.apache.catalina.session.StandardManager.createSession(StandardManager.java:290) at org.apache.catalina.connector.Request.doGetSession(Request.java:2223) at org.apache.catalina.connector.Request.getSession(Request.java:2024) at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:831) at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:842) at com.icesoft.faces.webapp.xmlhttp.PersistentFacesServlet.service(PersistentFacesServlet.java:220) at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.servlet.SeamExceptionFilter.doFilter(SeamExceptionFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595) 19:30:22,311 INFO [Pages] reading pages.xml 19:30:22,548 ERROR [AbstractSeamPhaseListener] Swallowing exception thrown by page action org.jboss.seam.security.NotLoggedInException at org.jboss.seam.security.Identity.checkRestriction(Identity.java:159) at org.jboss.seam.pages.Page.enter(Page.java:186) at org.jboss.seam.core.Pages.enterPage(Pages.java:239) at org.jboss.seam.jsf.AbstractSeamPhaseListener.enterPage(AbstractSeamPhaseListener.java:241) at org.jboss.seam.jsf.AbstractSeamPhaseListener.beforeRender(AbstractSeamPhaseListener.java:192) at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:53) at org.apache.myfaces.lifecycle.PhaseListenerManager.informPhaseListenersBefore(PhaseListenerManager.java:70) at org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:373) at com.icesoft.faces.webapp.xmlhttp.PersistentFacesServlet.service(PersistentFacesServlet.java:402) at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.servlet.SeamExceptionFilter.doFilter(SeamExceptionFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595)
So I tried to catch the NotLoggedInException in exceptions.xml<!DOCTYPE exceptions PUBLIC "-//JBoss/Seam Exceptions Configuration DTD 1.1//EN" "http://jboss.com/products/seam/exceptions-1.1.dtd"> <exceptions> <exception class="org.jboss.seam.security.NotLoggedInException"> <redirect view-id="../login.xhtml">Please Log In</redirect> <end-conversation/> </exception> </exceptions>
Doesn't work.. What am I doing wrong and is this the suggested way to require a login for a directory?
thanks,
Dustin -
4. Re: restricting access using pages.xml
svadu Feb 1, 2007 7:42 PM (in response to dustismo)I fixed that bug locally and the patch is ready to be sent to Gavin.
-
5. Re: restricting access using pages.xml
shane.bryzak Feb 1, 2007 8:42 PM (in response to dustismo)This is fixed in CVS now.
-
6. Re: restricting access using pages.xml
cavani Feb 2, 2007 7:52 AM (in response to dustismo)
I am trying use page restriction with #{identity.loggedIn} but I am getting this (from CVS version):10:36:00,554 ERROR [AbstractSeamPhaseListener] Swallowing exception thrown by page action org.jboss.seam.security.NotLoggedInException at org.jboss.seam.security.Identity.checkRestriction(Identity.java:160) at org.jboss.seam.pages.Page.enter(Page.java:186) at org.jboss.seam.core.Pages.enterPage(Pages.java:239) at org.jboss.seam.jsf.AbstractSeamPhaseListener.enterPage(AbstractSeamPhaseListener.java:241) at org.jboss.seam.jsf.AbstractSeamPhaseListener.beforeRender(AbstractSeamPhaseListener.java:192) at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:53)
Because this in AbstractSeamPhaseListener.beforeRender:try { actionsWereCalled = Pages.instance().enterPage( event.getFacesContext() ); return actionsWereCalled; } catch (RuntimeException re) { //we have to handle exceptions here because of //how JSF defines exception handling from //PhaseListener.beforePhase() log.error("Swallowing exception thrown by page action", re); return actionsWereCalled; } finally { Lifecycle.setPhaseId( PhaseId.RENDER_RESPONSE ); if (actionsWereCalled) { FacesMessages.afterPhase(); handleTransactionsAfterPageActions(event); //TODO: does it really belong in the finally? } }
Then, exceptions.xml seems to be ignored here.... -
7. Re: restricting access using pages.xml
cavani Feb 2, 2007 8:33 AM (in response to dustismo)Well.... this is a dirty fix..... works to me but is very indecent :)
in org.jboss.seam.pages.Page.enter(Page.java:186) from:Identity.instance().checkRestriction(expr);
try { Identity.instance().checkRestriction(expr); } catch (Exception e) { try { Exceptions.instance().handle(e); } catch (Exception ex) { } return true; }
-
8. Re: restricting access using pages.xml
gavin.king Feb 2, 2007 8:39 AM (in response to dustismo)Would you please create an issue in JIRA for this, and assign to me.
Thanks. -
-
10. Re: restricting access using pages.xml
gavin.king Feb 2, 2007 8:49 AM (in response to dustismo)thanks