[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1018) Allow security checks in component lifecycle methds
Christian Bauer (JIRA)
jira-events at lists.jboss.org
Mon Mar 12 12:32:46 EDT 2007
[ http://jira.jboss.com/jira/browse/JBSEAM-1018?page=comments#action_12355835 ]
Christian Bauer commented on JBSEAM-1018:
-----------------------------------------
Looks like the @RequestParameter on my component is responsible. There is a swallowed exception in ExceptionFilter.java, line 113:
private void endWebRequestAfterException(HttpServletRequest request, HttpServletResponse response, Exception e)
throws ServletException, IOException
{
log.debug("ending request");
//the FacesContext is gone - create a fake one for Redirect and HttpError to call
MockFacesContext facesContext = createFacesContext(request, response);
facesContext.setCurrent();
Lifecycle.beginExceptionRecovery( facesContext.getExternalContext() );
try
{
Exceptions.instance().handle(e);
}
catch (ServletException se)
{
throw se;
}
catch (IOException ioe)
{
throw ioe;
}
catch (Exception ehe)
{
throw new ServletException(ehe);
}
finally
{
try
{
Lifecycle.endRequest( facesContext.getExternalContext() );
facesContext.release();
log.debug("ended request");
}
catch (Exception ere)
{
System.out.println("##### THE REAL EXCEPTION ##################");
ere.printStackTrace();
System.out.println("#######################");
log.error("could not destroy contexts", e);
}
}
}
If you print this out, you get:
17:27:22,127 DEBUG [ExceptionFilter] ending request
17:27:22,139 DEBUG [Exceptions] reading exception mappings from /WEB-INF/pages.xml
17:27:22,143 DEBUG [DTDEntityResolver] trying to resolve system-id [http://jboss.com/products/seam/pages-1.2.dtd]
17:27:22,143 DEBUG [DTDEntityResolver] recognized Seam namespace; attempting to resolve on classpath under org/jboss/seam/
17:27:22,145 DEBUG [DTDEntityResolver] located [http://jboss.com/products/seam/pages-1.2.dtd] in classpath
17:27:22,161 DEBUG [Manager] Ending long-running conversation
17:27:22,161 DEBUG [Navigator] redirecting to: /permissionError.xhtml
17:27:22,161 DEBUG [Manager] redirecting to: /wiki/permissionError.seam?cid=2
17:27:22,161 DEBUG [Lifecycle] After render response, destroying contexts
17:27:22,161 DEBUG [Lifecycle] flushing server-side conversation context
17:27:22,162 DEBUG [RootInterceptor] intercepted: documentHome.clearDirty
17:27:22,168 INFO [STDOUT] ##### THE REAL EXCEPTION ##################
17:27:22,168 ERROR [STDERR] java.lang.NullPointerException: uiComponent
17:27:22,169 ERROR [STDERR] at javax.faces.convert.LongConverter.getAsObject(LongConverter.java:44)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.util.Parameters.convertRequestParameter(Parameters.java:26)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.util.Parameters.convertMultiValueRequestParameter(Parameters.java:69)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.Component.injectParameters(Component.java:1228)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.Component.inject(Component.java:1197)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.interceptors.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:46)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:69)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.interceptors.ManagedEntityIdentityInterceptor.aroundInvoke(ManagedEntityIdentityInterceptor.java:37)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:69)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.interceptors.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:34)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:69)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.interceptors.TransactionInterceptor$1.work(TransactionInterceptor.java:32)
17:27:22,169 ERROR [STDERR] at org.jboss.seam.util.Work.workInTransaction(Work.java:37)
17:27:22,170 ERROR [STDERR] at org.jboss.seam.interceptors.TransactionInterceptor.aroundInvoke(TransactionInterceptor.java:27)
17:27:22,170 ERROR [STDERR] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:69)
17:27:22,170 ERROR [STDERR] at org.jboss.seam.interceptors.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:27)
17:27:22,170 ERROR [STDERR] at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:69)
17:27:22,170 ERROR [STDERR] at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:103)
17:27:22,170 ERROR [STDERR] at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:151)
17:27:22,170 ERROR [STDERR] at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:87)
17:27:22,171 ERROR [STDERR] at org.jboss.seam.wiki.core.action.DocumentHome_$$_javassist_43.clearDirty(DocumentHome_$$_javassist_43.java)
17:27:22,171 ERROR [STDERR] at org.jboss.seam.contexts.Lifecycle.isAttributeDirty(Lifecycle.java:525)
17:27:22,171 ERROR [STDERR] at org.jboss.seam.contexts.ServerConversationContext.flush(ServerConversationContext.java:218)
17:27:22,171 ERROR [STDERR] at org.jboss.seam.contexts.Lifecycle.flushAndDestroyContexts(Lifecycle.java:419)
17:27:22,171 ERROR [STDERR] at org.jboss.seam.contexts.Lifecycle.endRequest(Lifecycle.java:315)
17:27:22,172 ERROR [STDERR] at org.jboss.seam.web.ExceptionFilter.endWebRequestAfterException(ExceptionFilter.java:109)
17:27:22,172 ERROR [STDERR] at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:73)
17:27:22,172 ERROR [STDERR] at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
17:27:22,172 ERROR [STDERR] at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:53)
17:27:22,172 ERROR [STDERR] at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:79)
17:27:22,172 ERROR [STDERR] at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
17:27:22,172 ERROR [STDERR] at org.jboss.seam.web.SeamFilter.doFilter(SeamFilter.java:84)
17:27:22,172 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
17:27:22,172 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
17:27:22,172 ERROR [STDERR] at org.ajax4jsf.framework.ajax.xmlfilter.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:96)
17:27:22,172 ERROR [STDERR] at org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.java:220)
17:27:22,172 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
17:27:22,172 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
17:27:22,172 ERROR [STDERR] at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
17:27:22,172 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
17:27:22,172 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
17:27:22,172 ERROR [STDERR] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
17:27:22,172 ERROR [STDERR] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
17:27:22,173 ERROR [STDERR] at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
17:27:22,173 ERROR [STDERR] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
17:27:22,173 ERROR [STDERR] at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
17:27:22,173 ERROR [STDERR] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
17:27:22,173 ERROR [STDERR] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
17:27:22,173 ERROR [STDERR] at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
17:27:22,173 ERROR [STDERR] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
17:27:22,173 ERROR [STDERR] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
17:27:22,173 ERROR [STDERR] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
17:27:22,173 ERROR [STDERR] at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
17:27:22,173 ERROR [STDERR] at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
17:27:22,173 ERROR [STDERR] at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
17:27:22,173 ERROR [STDERR] at java.lang.Thread.run(Thread.java:613)
17:27:22,173 INFO [STDOUT] #######################
17:27:22,173 ERROR [ExceptionFilter] could not destroy contexts
javax.servlet.ServletException: You don't have permission for this operation
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:152)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(A
> Allow security checks in component lifecycle methds
> ---------------------------------------------------
>
> Key: JBSEAM-1018
> URL: http://jira.jboss.com/jira/browse/JBSEAM-1018
> Project: JBoss Seam
> Issue Type: Feature Request
> Components: Core
> Reporter: Christian Bauer
> Assigned To: Gavin King
> Priority: Minor
> Fix For: 1.2.1.GA
>
>
> The Component.java.callComponentMethod() is used for lifecycle method calling, such as @Create methods. It also wraps all exceptions thrown in these methods, or at least casts them into RuntimeException (even if it already is a RuntimeException). So I can't use Identity.instance.checkPermission() in a @Create method and have my exception handling apply to failure. Minimum required: document this.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list