Incorrect AuthorizationException processing
I have a tree viewer in my application which have the following components structure:
PAGE scope component annotated with @BypassIntroceptrs for storing model data. It's just a POJO, This component have root node element which is not a SEAM component at all. This class implements getChildren method in the following way:
public List<CategoryTreeNode> getChildren() {
if ( (children == null || outdated ) && type != NodeType.Course ) {
CategoryTreeActions categoryTreeActions = (CategoryTreeActions)Component.getInstance("categoryTreeActions");
if ( type == NodeType.Root ) {
children = categoryTreeActions.getTopLevelCategories(this);
}
if ( type == NodeType.Category ) {
children = categoryTreeActions.getCategoryChildren(this);
}
}
outdated = false;
return children;
}CategoryTreeActionscategoryTreeActions is STATELESS scoped component which contains only actions to work with this tree and none of its method is annotaded with @BypassIntroceptors. CategoryTreeActions.getTopLevelCategories() and CategoryTreeActions.getCategoryChildren() methods are annotated with @Read(Category.class). If corresponding permission check is failed and AuthorizationException is thrown I get error page with the following error message:
javax.el.ELException: /courses/list.xhtml @39,118 nodes="#{item.children}": Error reading 'children' on type hu.aveverde.edupro.seam.actions.categories.CategoryTreeNodeI have the following statements in my pages.xml:
<exception class="org.jboss.seam.security.AuthorizationException"> <redirect view-id="/home.xhtml"> <message severity="error">You don't have permission to access this resource</message> </redirect> </exception>
I should be redirected to the home view and error message should appear instead of showing such error. It works in another cases and I think the problem here is because exception caught somewhere in the facelets processing function and rethrown as javax.el.ELException. How can I handle this situation correctly?
Here is full exeption stacktrace from the JBOSS log:
10:36:36,678 SEVERE [viewhandler] Error Rendering View[/courses/list.xhtml]
javax.faces.FacesException: javax.el.ELException: /courses/list.xhtml @39,118 nodes="#{item.children}": Error reading 'children' on type hu.aveverde.edupro.seam.actions.categories.CategoryTreeNode
at org.richfaces.component.html.HtmlRecursiveTreeNodesAdaptor.getNodes(HtmlRecursiveTreeNodesAdaptor.java:162)
at org.richfaces.component.UIRecursiveTreeNodesAdaptor$1.getData(UIRecursiveTreeNodesAdaptor.java:74)
at org.richfaces.model.StackingTreeModel.getDataModel(StackingTreeModel.java:80)
at org.richfaces.model.StackingTreeModel.isEmpty(StackingTreeModel.java:107)
at org.richfaces.model.StackingTreeModel.isLeaf(StackingTreeModel.java:264)
at org.richfaces.component.UITree.isLeaf(UITree.java:534)
at org.richfaces.renderkit.NodeRendererBase.initializeLines(NodeRendererBase.java:155)
at org.richfaces.renderkit.html.TreeNodeRenderer.doEncodeBegin(TreeNodeRenderer.java:121)
at org.richfaces.renderkit.html.TreeNodeRenderer.doEncodeBegin(TreeNodeRenderer.java:106)
at org.ajax4jsf.renderkit.RendererBase.encodeBegin(RendererBase.java:100)
at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:813)
at org.ajax4jsf.renderkit.RendererBase.renderChild(RendererBase.java:275)
at org.richfaces.renderkit.TreeRendererBase$DataVisitorWithLastElement.process(TreeRendererBase.java:255)
at org.richfaces.model.AbstractTreeDataModel.processElement(AbstractTreeDataModel.java:111)
at org.richfaces.model.StackingTreeModel.doWalk(StackingTreeModel.java:294)
at org.richfaces.model.StackingTreeModel$Visitor1.process(StackingTreeModel.java:416)
at org.richfaces.model.StackingTreeModel$ShiftingDataVisitor.end(StackingTreeModel.java:461)
at org.richfaces.model.StackingTreeModel.doWalk(StackingTreeModel.java:348)
at org.richfaces.model.StackingTreeModel.walk(StackingTreeModel.java:387)
at org.richfaces.component.UITree.walk(UITree.java:422)
at org.richfaces.renderkit.TreeRendererBase.writeContent(TreeRendererBase.java:672)
at org.richfaces.renderkit.TreeRendererBase.encodeChildren(TreeRendererBase.java:618)
at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:930)
at javax.faces.render.Renderer.encodeChildren(Renderer.java:148)
at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837)
at org.ajax4jsf.renderkit.RendererBase.renderChild(RendererBase.java:277)
at org.ajax4jsf.renderkit.RendererBase.renderChildren(RendererBase.java:258)
at org.richfaces.renderkit.html.ModalPanelRenderer.doEncodeChildren(ModalPanelRenderer.java:387)
at org.richfaces.renderkit.html.ModalPanelRenderer.doEncodeChildren(ModalPanelRenderer.java:382)
at org.ajax4jsf.renderkit.RendererBase.encodeChildren(RendererBase.java:120)
at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:930)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:933)
at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:592)
at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:100)
at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:176)
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
at org.jboss.seam.web.RewriteFilter.doFilter(RewriteFilter.java:63)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178)
at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368)
at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495)
at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.web.HotDeployFilter.doFilter(HotDeployFilter.java:53)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.el.ELException: /courses/list.xhtml @39,118 nodes="#{item.children}": Error reading 'children' on type hu.aveverde.edupro.seam.actions.categories.CategoryTreeNode
at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:76)
at org.richfaces.component.html.HtmlRecursiveTreeNodesAdaptor.getNodes(HtmlRecursiveTreeNodesAdaptor.java:160)
... 85 more
Caused by: org.jboss.seam.security.AuthorizationException: Authorization check failed for permission[class hu.aveverde.edupro.model.entity.Category,read]
at org.jboss.seam.security.Identity.checkPermission(Identity.java:590)
at org.jboss.seam.security.SecurityInterceptor$Restriction.check(SecurityInterceptor.java:120)
at org.jboss.seam.security.SecurityInterceptor.aroundInvoke(SecurityInterceptor.java:160)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
at hu.aveverde.edupro.seam.actions.categories.CategoryTreeActions_$$_javassist_seam_5.getTopLevelCategories(CategoryTreeActions_$$_javassist_seam_5.java)
at hu.aveverde.edupro.seam.actions.categories.CategoryTreeNode.getChildren(CategoryTreeNode.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.el.BeanELResolver.getValue(BeanELResolver.java:62)
at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:54)
at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72)
at org.jboss.el.parser.AstPropertySuffix.getValue(AstPropertySuffix.java:53)
at org.jboss.el.parser.AstValue.getValue(AstValue.java:67)
at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186)
at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
... 86 more