[seam-issues] [JBoss JIRA] Created: (JBSEAM-4586) NullPointerException instead of AuthorizationException

Fri Mar 5 06:50:10 EST 2010

NullPointerException instead of AuthorizationException
------------------------------------------------------

                 Key: JBSEAM-4586
                 URL: https://jira.jboss.org/jira/browse/JBSEAM-4586
             Project: Seam
          Issue Type: Bug
    Affects Versions: 2.2.0.GA
            Reporter: Konstantin Larionov

I am using Seam 2.2.0.GA and I have both rule-based (Drools) and JPA entity security enabled. It works, until I try to persist a new entity without having permission for this operation.

In this case Seam throws unexpected NullPointerException instead of AuthorizationException. Namely, it is thrown by the org.jboss.seam.security.permission.EntityIdentifierStrategy.getIdentifier(Object target) method.

I debug this code and found that exception is thrown when trying to get identifier for new entity, which is not yet persisted and thus have no ID assigned!

The most interesting part of stack trace is below. 
...
Caused by: java.lang.NullPointerException
	at org.jboss.seam.security.permission.EntityIdentifierStrategy.getIdentifier(EntityIdentifierStrategy.java:48)
	at org.jboss.seam.security.permission.IdentifierPolicy.getIdentifier(IdentifierPolicy.java:85)
	at org.jboss.seam.security.permission.JpaPermissionStore.createPermissionQuery(JpaPermissionStore.java:234)
	at org.jboss.seam.security.permission.JpaPermissionStore.listPermissions(JpaPermissionStore.java:622)
	at org.jboss.seam.security.permission.JpaPermissionStore.listPermissions(JpaPermissionStore.java:607)
	at org.jboss.seam.security.permission.PersistentPermissionResolver.hasPermission(PersistentPermissionResolver.java:80)
	at org.jboss.seam.security.permission.PermissionMapper.resolvePermission(PermissionMapper.java:80)
	at org.jboss.seam.security.Identity.hasPermission(Identity.java:632)
	at org.jboss.seam.security.Identity.checkPermission(Identity.java:580)
	at org.jboss.seam.security.EntityPermissionChecker.checkEntityPermission(EntityPermissionChecker.java:115)
	at org.jboss.seam.security.EntitySecurityListener.prePersist(EntitySecurityListener.java:30)
	at sun.reflect.GeneratedMethodAccessor499.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.hibernate.ejb.event.ListenerCallback.invoke(ListenerCallback.java:31)
	at org.hibernate.ejb.event.EntityCallbackHandler.callback(EntityCallbackHandler.java:80)
	at org.hibernate.ejb.event.EntityCallbackHandler.preCreate(EntityCallbackHandler.java:49)
	at org.hibernate.ejb.event.EJB3PersistEventListener.saveWithGeneratedId(EJB3PersistEventListener.java:48)
	at org.hibernate.event.def.DefaultPersistEventListener.entityIsTransient(DefaultPersistEventListener.java:154)
	at org.hibernate.event.def.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:110)
	at org.hibernate.event.def.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:61)
	at org.hibernate.impl.SessionImpl.firePersist(SessionImpl.java:645)
	at org.hibernate.impl.SessionImpl.persist(SessionImpl.java:619)
	at org.hibernate.impl.SessionImpl.persist(SessionImpl.java:623)
	at org.hibernate.ejb.AbstractEntityManagerImpl.persist(AbstractEntityManagerImpl.java:220)
	at org.jboss.seam.persistence.EntityManagerProxy.persist(EntityManagerProxy.java:137)
	at com.ims.ipat.web.editor.OrganizationEditorBean.save(OrganizationEditorBean.java:47)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira