[jboss-user] [JBoss Seam] - Security Problem
Eethyo
do-not-reply at jboss.com
Tue Sep 11 06:46:04 EDT 2007
Hi, i get an exception and I dont know why when i want to set up a rule in the security.drl.
Drools are fine configured and other rules are working fine.
Security.drl
| package Permissions;
|
| import java.security.Principal;
|
| import org.jboss.seam.security.PermissionCheck;
| import org.jboss.seam.security.Role;
| import com.testSeam.session.User;
|
| rule canUserEditProfile
| when
| c: PermissionCheck(name == 'userProfil', action=='editUserProfil")
| Principal(principalName : name)
| User(username == principalName)
| or
| Role(name == "Admin")
| then
| c.grant();
| end
|
Accessed by:
| <rich:tab label="Edit Details" rendered="#{s:hasPermission('userProfil', 'editUserProfil', user)}">
| <ui:include src="userEdit.xhtml"/>
| </rich:tab>
|
User class:
@Entity
| @Name("User")
| @Table(name = "USERTABELLE")
| @Scope(SESSION)
| public class User implements Serializable {
|
| private String username;
|
| private List<UserRole> userRoles;
|
|
| @Id
| @NotNull
| public String getUsername() {
| return username;
| }
|
| public void setUsername(String username) {
| this.username = username;
| }
|
| @ManyToMany
| @JoinTable(name="USERTOROLLE", joinColumns=@JoinColumn(name="username"),
| inverseJoinColumns=@JoinColumn(name="ROLENAME"))
| public List<UserRole> getUserRoles()
| {
| return userRoles;
| }
|
| public void setUserRoles(List<UserRole> userRoles)
| {
| this.userRoles = userRoles;
| }
|
|
| }
Process:
User logs in.
User clicks on user list and wants to edit a user.
LoggedIn User just may edit his own user!
Exception if i want to render my userEdit.xhtml:
javax.faces.FacesException: javax.el.ELException: /userShow.xhtml @19,97 rendered="#{s:hasPermission('userProfil', 'editUserProfil', user)}": java.lang.ClassCastException: org.jboss.seam.security.PermissionCheckShadowProxy
| at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:373)
| at org.richfaces.renderkit.TabPanelRendererBase.encodeTabs(TabPanelRendererBase.java:240)
| at org.richfaces.renderkit.html.TabPanelRenderer.doEncodeBegin(TabPanelRenderer.java:224)
| at org.richfaces.renderkit.html.TabPanelRenderer.doEncodeBegin(TabPanelRenderer.java:180)
| at org.ajax4jsf.framework.renderer.RendererBase.encodeBegin(RendererBase.java:101)
| at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:788)
| at javax.faces.component.UIComponent.encodeAll(UIComponent.java:884)
| at javax.faces.component.UIComponent.encodeAll(UIComponent.java:892)
| at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:577)
| at org.ajax4jsf.framework.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:108)
| at org.ajax4jsf.framework.ajax.AjaxViewHandler.renderView(AjaxViewHandler.java:233)
| at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:106)
| at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251)
| at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144)
| at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
| at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:63)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
| at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:87)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
| at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:63)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
| at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:46)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
| at org.ajax4jsf.framework.ajax.xmlfilter.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:127)
| at org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.java:277)
| at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:40)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
| at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:140)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
| at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
| at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
| at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
| at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
| at java.lang.Thread.run(Thread.java:595)
| Caused by: javax.el.ELException: /userShow.xhtml @19,97 rendered="#{s:hasPermission('editProfil', 'editProfil', User)}": java.lang.ClassCastException: org.jboss.seam.security.PermissionCheckShadowProxy
| at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:76)
| at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:370)
| ... 49 more
| Caused by: java.lang.ClassCastException: org.jboss.seam.security.PermissionCheckShadowProxy
| at org.drools.base.java.security.Principal$getName.getValue(Unknown Source)
| at org.drools.base.extractors.BaseObjectClassFieldExtractor.getHashCode(BaseObjectClassFieldExtractor.java:136)
| at org.drools.base.ClassFieldExtractor.getHashCode(ClassFieldExtractor.java:160)
| at org.drools.rule.Declaration.getHashCode(Declaration.java:192)
| at org.drools.util.AbstractHashTable$SingleIndex.hashCodeOf(AbstractHashTable.java:459)
| at org.drools.util.TupleIndexHashTable.getOrCreate(TupleIndexHashTable.java:259)
| at org.drools.util.TupleIndexHashTable.add(TupleIndexHashTable.java:171)
| at org.drools.reteoo.JoinNode.assertTuple(JoinNode.java:109)
| at org.drools.reteoo.CompositeTupleSinkAdapter.propagateAssertTuple(CompositeTupleSinkAdapter.java:30)
| at org.drools.reteoo.JoinNode.assertTuple(JoinNode.java:117)
| at org.drools.reteoo.SingleTupleSinkAdapter.createAndPropagateAssertTuple(SingleTupleSinkAdapter.java:55)
| at org.drools.reteoo.LeftInputAdapterNode.assertObject(LeftInputAdapterNode.java:144)
| at org.drools.reteoo.SingleObjectSinkAdapter.propagateAssertObject(SingleObjectSinkAdapter.java:20)
| at org.drools.reteoo.AlphaNode.assertObject(AlphaNode.java:147)
| at org.drools.reteoo.SingleObjectSinkAdapter.propagateAssertObject(SingleObjectSinkAdapter.java:20)
| at org.drools.reteoo.ObjectTypeNode.assertObject(ObjectTypeNode.java:183)
| at org.drools.reteoo.Rete.assertObject(Rete.java:121)
| at org.drools.reteoo.ReteooRuleBase.assertObject(ReteooRuleBase.java:201)
| at org.drools.reteoo.ReteooWorkingMemory.doAssertObject(ReteooWorkingMemory.java:70)
| at org.drools.common.AbstractWorkingMemory.assertObject(AbstractWorkingMemory.java:724)
| at org.drools.common.AbstractWorkingMemory.assertObject(AbstractWorkingMemory.java:548)
| at org.jboss.seam.security.RuleBasedIdentity.hasPermission(RuleBasedIdentity.java:123)
| at org.jboss.seam.security.SecurityFunctions.hasPermission(SecurityFunctions.java:19)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:325)
| at org.jboss.el.parser.AstFunction.getValue(AstFunction.java:84)
| at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186)
| at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
| ... 50 more
|
Using seam 2 beta.
Using drools: 4.0.0 MR2
any ideas?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4082945#4082945
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4082945
More information about the jboss-user
mailing list