-
1. Re: not redirecting to security_error.xhtml
christian.bauer May 12, 2007 3:06 PM (in response to efabiano)
SERV ERROR RENDERING VIEW COR.XTML
?! Is this something you typed in or is it really in the log? My guess is that you need to post the real full log excerpt. -
2. Re: not redirecting to security_error.xhtml
efabiano May 14, 2007 1:03 PM (in response to efabiano)Hi Christian,
The complete stack trace is:SEVERE: Error Rendering View[/Cor.xhtml] org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#{s:hasPermission('corcontroller','selecionar', null)}] at org.jboss.seam.security.Identity.checkRestriction(Identity.java:160) at org.jboss.seam.interceptors.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:35) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:69) at org.jboss.seam.interceptors.RemoveInterceptor.aroundInvoke(RemoveInterceptor.java:40) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:69) at org.jboss.seam.interceptors.SynchronizationInterceptor.aroundInvoke(SynchronizationInterceptor.java:31) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:69) at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:103) at org.jboss.seam.intercept.ClientSideInterceptor.invoke(ClientSideInterceptor.java:50) at org.javassist.tmp.java.lang.Object_$$_javassist_101.selecionar(Object_$$_javassist_101.java) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.jboss.seam.util.Reflections.invoke(Reflections.java:20) at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:123) at org.jboss.seam.Component.callComponentMethod(Component.java:1834) at org.jboss.seam.Component.getInstanceFromFactory(Component.java:1696) at org.jboss.seam.Component.getInstance(Component.java:1633) at org.jboss.seam.Component.getInstance(Component.java:1610) at org.jboss.seam.jsf.SeamVariableResolver.resolveVariable(SeamVariableResolver.java:53) at org.apache.myfaces.config.LastVariableResolverInChain.resolveVariable(LastVariableResolverInChain.java:42) at com.sun.facelets.el.LegacyELContext$LegacyELResolver.getValue(LegacyELContext.java:134) at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:65) at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192) at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71) at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:61) at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192) at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71) at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:61) at com.sun.el.parser.AstEmpty.getValue(AstEmpty.java:49) at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192) at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71) at com.sun.facelets.el.LegacyValueBinding.getValue(LegacyValueBinding.java:56) at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:1075) at org.ajax4jsf.framework.renderer.RendererBase.renderChild(RendererBase.java:246) at org.ajax4jsf.framework.renderer.RendererBase.renderChildren(RendererBase.java:232) at org.ajax4jsf.renderkit.html.AjaxOutputPanelRenderer.encodeChildren(AjaxOutputPanelRenderer.java:79) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:524) at org.ajax4jsf.framework.renderer.RendererBase.renderChild(RendererBase.java:252) at org.ajax4jsf.framework.renderer.RendererBase.renderChildren(RendererBase.java:232) at org.ajax4jsf.framework.renderer.RendererBase.renderChild(RendererBase.java:254) at org.ajax4jsf.framework.renderer.RendererBase.renderChildren(RendererBase.java:232) at org.ajax4jsf.framework.renderer.AjaxContainerRenderer.encodeChildren(AjaxContainerRenderer.java:100) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:524) at org.ajax4jsf.ajax.UIAjaxRegion.encodeChildren(UIAjaxRegion.java:119) at com.sun.facelets.tag.jsf.ComponentSupport.encodeRecursive(ComponentSupport.java:244) at com.sun.facelets.tag.jsf.ComponentSupport.encodeRecursive(ComponentSupport.java:249) at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:573) at org.ajax4jsf.framework.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:108) at org.ajax4jsf.framework.ajax.AjaxViewHandler.renderView(AjaxViewHandler.java:229) at org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:384) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:138) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.java:234) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:57) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:63) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:57) at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:79) at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49) at org.jboss.seam.web.SeamFilter.doFilter(SeamFilter.java:84) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.ajax4jsf.framework.ajax.xmlfilter.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:96) at org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.java:220) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Unknown Source)
This is what apears on my screen (where should be security_error.xhtml):An Error Occurred: Authorization check failed for expression [#{s:hasPermission('corcontroller','selecionar', null)}] +- Stack Trace
An important thing is that the same method I´ve annotated with @Restrict is annotated with @Factory as you can see here:
@Factory("cores") @Restrict public String selecionar() { cores = dao.selecionarTodos(Cor.class); return super.selecionar(); }
tks in advance
emerson fabiano -
3. Re: not redirecting to security_error.xhtml
damianharvey May 17, 2007 6:16 AM (in response to efabiano)Hi,
I'm also seeing this behaviour. As with Efabiano I have annotated a method with@Restrict("#{s:hasPermission('vesselHome','persist',vesselHome.instance)}")
And have the Exception in pages.xml<exception class="org.jboss.seam.security.AuthorizationException"> <redirect view-id="/secure/home.xhtml"> <message>#{messages['org.jboss.seam.security.AuthorizationException']}</message> </redirect> </exception>
Trying to perform that operation with a user without the correct auth results in a org.jboss.seam.security.AuthorizationException, but the redirect never occurs and the browser displays the HTTP Status 500 and stack trace.
This is using a Seam Gen project and the Restriction is in an EntityHome object.
Cheers,
Damian. -
4. Re: not redirecting to security_error.xhtml
carloszaniolo May 18, 2007 8:44 AM (in response to efabiano)Hi,
Seam documentation says that "Redirect does not work for exceptions which occur during the render phase of the JSF lifecycle."
Maybe these errors are occurring in the render phase! -
5. Re: not redirecting to security_error.xhtml
damianharvey May 18, 2007 9:19 AM (in response to efabiano)From IBM's JSF article (http://www-128.ibm.com/developerworks/java/library/j-jsf2/)
The six phases of the JSF application lifecycle are as follows (note the event processing at each phase):
1. Restore view
2. Apply request values; process events
3. Process validations; process events
4. Update model values; process events
5. Invoke application; process events
6. Render response
I should have mentioned that my method is persist(). This puts it in phase #5 I think, so not in the render phase.
I'm sure it's just a config issue as the Wiki example uses something similar in the AdminHome, DirectoryHome, NodeHome and UserHome classes.
Regards,
Damian.[/url] -
6. Re: not redirecting to security_error.xhtml
shane.bryzak May 18, 2007 9:28 AM (in response to efabiano)Can you raise this issue in JIRA and assign it to me, that way it will get looked at.
-
7. Re: not redirecting to security_error.xhtml
damianharvey May 18, 2007 10:12 AM (in response to efabiano)Thanks Shane. JBSEAM-1333
Regards,
Damian. -
8. Re: not redirecting to security_error.xhtml
lowecg2004 Aug 3, 2007 10:57 AM (in response to efabiano)I just came across this issue and managed to figure out a workaround.
I had a class level @Restrict defined for a bean. The bean had two functions: 1) to provide a @DataModel with its associated @Factory; and 2) to define an action method for my persistence logic. From the JIRA reference above it seams that exception trapping does not work if the exception occurs during the RENDER_RESPONSE phase. The button action should be fine since the action would be called as part of the INVOKE_APPLICATION phase.
However, the problem comes from the @DataModel (or any other data binding for that matter) which will only be called during the RENDER_RESPONSE phase. Therefore when the page that uses the data model is first accessed, it is the point when the bindings/data model are first accessed that cause the problem. The workaround comes from the fact that we need to somehow get the bean to be accessed during an earlier phase. Fortunately for us, this is really easy to do in Seam using a page action:Add a dummy method to your bean... @Name("permissionsHome") @Scope(ScopeType.CONVERSATION) @Restrict("#{s:hasRole('administration')}") public class PermissionsHome { ... public void forceEarlySecurityCheck() { // this page action ensures that the class level @Restrict() rules are run before RENDER_RESPONSE } } ...and invoke from your XXX.pages.xml <page ... action="#{permissionsHome.forceEarlySecurityCheck}" > </page>
This results in an invocation attempt against the action before RENDER_RESPONSE thus allows the AuthorizationException be handled correctly by Seam.
I'm sure you lot had already figured this out, but I thought I'd post my solution just in case it's useful to someone else.
Cheers,
Chris.