[jboss-user] [JBoss Seam] - Re: Advice on Security System
mikepkp17
do-not-reply at jboss.com
Thu Jan 18 08:57:17 EST 2007
ok, I figured out that the classcast exception is thrown if I add the <distributable/> tag to web.xml, this exception is also thrown in the seamspace example if I add this tag (also after I annotate the SFSBs with @Clustered).
So this is another problem I will focus on later...
But I noticed that org.jboss.seam.security.Identity is checking the principals against SimplePrincipal and SimpleGroup and not against the Interfaces.
So I get
| callbacks [org.jboss.seam.intercept.JavaBeanInterceptor at 17f7411]
| class class org.jboss.seam.security.Identity$$EnhancerByCGLIB$$ae5bb089
| loggedIn false
| principal
| subject Betreff: Principal: mike Principal: roles(members:sysadmin,admin)
| toString() org.jboss.seam.security.Identity at 1030eda
|
Note that the principal is empty and loggedIn is therefore false.
I tried to change the methods getPrincipal() and isUserInRole(String role) in Identity.java to check against the Interfaces Group and Principal (instead of SimpleGroup and SimplePrincipal) which resulted in the following Exception in SeamSpace after clicking the login button:
javax.ejb.EJBException: javax.persistence.NoResultException: No entity found for query
| at org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:69)
| at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83)
| at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateful.StatefulInstanceInterceptor.invoke(StatefulInstanceInterceptor.java:83)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.remoting.ReplicantsManagerInterceptor.invoke(ReplicantsManagerInterceptor.java:51)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
| at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateful.StatefulContainer.localInvoke(StatefulContainer.java:203)
| at org.jboss.ejb3.stateful.StatefulLocalProxy.invoke(StatefulLocalProxy.java:98)
| at $Proxy171.display(Unknown Source)
| at org.jboss.seam.example.seamspace.ProfileLocal$$FastClassByCGLIB$$c6d6fe9b.invoke(<generated>)
| at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
| at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:89)
| at org.jboss.seam.intercept.ClientSideInterceptor$1.proceed(ClientSideInterceptor.java:74)
| at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:55)
| at org.jboss.seam.interceptors.RemoveInterceptor.removeIfNecessary(RemoveInterceptor.java:40)
| at sun.reflect.GeneratedMethodAccessor217.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.seam.util.Reflections.invoke(Reflections.java:35)
| at org.jboss.seam.intercept.Interceptor.aroundInvoke(Interceptor.java:337)
| at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:64)
| at org.jboss.seam.interceptors.ExceptionInterceptor.handleExceptions(ExceptionInterceptor.java:39)
| at sun.reflect.GeneratedMethodAccessor177.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.seam.util.Reflections.invoke(Reflections.java:35)
| at org.jboss.seam.intercept.Interceptor.aroundInvoke(Interceptor.java:337)
| at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:64)
| at org.jboss.seam.intercept.RootInterceptor.createSeamInvocationContext(RootInterceptor.java:144)
| at org.jboss.seam.intercept.RootInterceptor.invokeInContexts(RootInterceptor.java:129)
| at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:102)
| at org.jboss.seam.intercept.ClientSideInterceptor.interceptInvocation(ClientSideInterceptor.java:83)
| at org.jboss.seam.intercept.ClientSideInterceptor.intercept(ClientSideInterceptor.java:52)
| at org.jboss.seam.example.seamspace.ProfileLocal$$EnhancerByCGLIB$$81a54d4c.display(<generated>)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.seam.util.Reflections.invoke(Reflections.java:35)
| at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:203)
| at org.jboss.seam.Component.callComponentMethod(Component.java:1797)
| at org.jboss.seam.Component.getInstanceFromFactory(Component.java:1684)
| at org.jboss.seam.Component.getInstance(Component.java:1621)
| at org.jboss.seam.Component.getInstance(Component.java:1598)
| at org.jboss.seam.jsf.SeamVariableResolver.resolveVariable(SeamVariableResolver.java:105)
| at org.apache.myfaces.config.LastVariableResolverInChain.resolveVariable(LastVariableResolverInChain.java:42)
| at com.sun.facelets.el.LegacyELContext$LegacyELResolver.getValue(LegacyELContext.java:134)
| at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:65)
| at com.sun.el.parser.AstEqual.getValue(AstEqual.java:41)
| at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192)
| at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
| at com.sun.facelets.el.LegacyValueBinding.getValue(LegacyValueBinding.java:56)
| at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:1075)
| at com.sun.facelets.tag.jsf.ComponentSupport.encodeRecursive(ComponentSupport.java:241)
| at com.sun.facelets.tag.jsf.ComponentSupport.encodeRecursive(ComponentSupport.java:249)
| at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:573)
| at org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:384)
| at javax.faces.webapp.FacesServlet.service(FacesServlet.java:138)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at org.jboss.seam.servlet.SeamExceptionFilter.doFilter(SeamExceptionFilter.java:91)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at org.jboss.seam.security.filter.SeamSecurityFilter.doFilter(SeamSecurityFilter.java:68)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at org.jboss.seam.servlet.SeamRedirectFilter.doFilter(SeamRedirectFilter.java:63)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
| at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
| at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
| at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
| at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
| at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
| at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
| at java.lang.Thread.run(Thread.java:595)
| Caused by: javax.persistence.NoResultException: No entity found for query
| at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:82)
| at org.jboss.seam.example.seamspace.ProfileAction.display(ProfileAction.java:44)
| at sun.reflect.GeneratedMethodAccessor228.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
| at org.jboss.ejb3.cache.StatefulReplicationInterceptor.invoke(StatefulReplicationInterceptor.java:45)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
| at org.jboss.seam.intercept.EJBInvocationContext.proceed(EJBInvocationContext.java:73)
| at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:55)
| at org.jboss.seam.interceptors.BijectionInterceptor.bijectNonreentrantComponent(BijectionInterceptor.java:79)
| at org.jboss.seam.interceptors.BijectionInterceptor.bijectComponent(BijectionInterceptor.java:58)
| at sun.reflect.GeneratedMethodAccessor215.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.seam.util.Reflections.invoke(Reflections.java:35)
| at org.jboss.seam.intercept.Interceptor.aroundInvoke(Interceptor.java:337)
| at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:64)
| at org.jboss.seam.interceptors.OutcomeInterceptor.interceptOutcome(OutcomeInterceptor.java:21)
| at sun.reflect.GeneratedMethodAccessor180.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.seam.util.Reflections.invoke(Reflections.java:35)
| at org.jboss.seam.intercept.Interceptor.aroundInvoke(Interceptor.java:337)
| at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:64)
| at org.jboss.seam.interceptors.ConversationInterceptor.endOrBeginLongRunningConversation(ConversationInterceptor.java:52)
| at sun.reflect.GeneratedMethodAccessor179.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.seam.util.Reflections.invoke(Reflections.java:35)
| at org.jboss.seam.intercept.Interceptor.aroundInvoke(Interceptor.java:337)
| at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:64)
| at org.jboss.seam.interceptors.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:27)
| at sun.reflect.GeneratedMethodAccessor178.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.seam.util.Reflections.invoke(Reflections.java:35)
| at org.jboss.seam.intercept.Interceptor.aroundInvoke(Interceptor.java:337)
| at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:64)
| at org.jboss.seam.intercept.RootInterceptor.createSeamInvocationContext(RootInterceptor.java:144)
| at org.jboss.seam.intercept.RootInterceptor.invokeInContexts(RootInterceptor.java:129)
| at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:102)
| at org.jboss.seam.intercept.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:50)
| at sun.reflect.GeneratedMethodAccessor214.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
| at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.entity.ExtendedPersistenceContextPropagationInterceptor.invoke(ExtendedPersistenceContextPropagationInterceptor.java:57)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:46)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
| ... 95 more
|
The Changed Methods:
| public Principal getPrincipal()
| {
| if (principal == null)
| {
| Set<Principal> principals = subject.getPrincipals(Principal.class);
| if (!principals.isEmpty())
| principal = principals.iterator().next();
| }
|
| return principal;
| }
|
| public boolean isUserInRole(String role)
| {
| for (Group sg : subject.getPrincipals(Group.class))
| {
| if ("roles".equals(sg.getName()))
| {
| return sg.isMember(new SimplePrincipal(role));
| }
| }
|
| return false;
| }
|
This changes work with the original Jboss DatabaseLoginModule but the SeamSpace example has some problems with it...
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4003314#4003314
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4003314
More information about the jboss-user
mailing list