[JBoss Portal] - security-constraints not working at the page level (*-object
by joe_the_quick
hi there,
If I add the Authenticated-role to a page (using Jboss Portal 2.6.2 GA), it seems to simply get ignored:
test-object.xml:
<?xml version="1.0" encoding="UTF-8"?>
<if-exists>overwrite</if-exists>
<parent-ref>default</parent-ref>
<page-name>HelloWorld</page-name>
<window-name>HelloWorldPortletWindow</window-name>
<instance-ref>HelloWorldPortletInstance</instance-ref>
center
0
<security-constraint>
<policy-permission>
<role-name>Authenticated</role-name>
<action-name>view</action-name>
</policy-permission>
</security-constraint>
The role is added to portlet.xml and can be verified using request.isUserInRole("Authenticated").
If I add the same role to the portlet-instances.xml, then it works immediately:
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<!DOCTYPE deployments PUBLIC
"-//JBoss Portal//DTD Portlet Instances 2.6//EN"
"http://www.jboss.org/portal/dtd/portlet-instances_2_6.dtd">
<if-exists>overwrite</if-exists>
<instance-id>HelloWorldPortletInstance</instance-id>
<portlet-ref>HelloWorldPortlet</portlet-ref>
<security-constraint>
<policy-permission>
<role-name>Authenticated</role-name>
<action-name>view</action-name>
</policy-permission>
</security-constraint>
Environment info:
Jboss 4.0.5 GA
Jboss Portal 2.6.2 GA
JDK 1.5
Could it be that the page-level security is no longer working with Jboss Portal 2.6.2 GA?
I read in an earlier post, that the unchecked access using "read recursive" has to be disabled from the default-portal, but I believe that the role security should be way stronger than any default configuration.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4103906#4103906
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4103906
18 years, 8 months
[JBoss Seam] - EntityQuery Restrictions/SG problems with Integer Field in q
by griffitm
Hello All,
I am having a problem with a component generated from SeamGen. I have a query form that allows the user to search the resultList as such:
<h:form id="sectionSearch" styleClass="edit">
|
| <rich:simpleTogglePanel label="Section search parameters" switchType="ajax">
|
| <s:decorate template="layout/display.xhtml">
| <ui:define name="label">Number</ui:define>
| <h:inputText id="number" value="#{sectionList.section.number}"/>
| </s:decorate>
| ...
|
The SectionList Entity Query has a restriction as such:
| private static final String[] RESTRICTIONS = {
| "lower(section.description) like concat('%',concat(lower(#{sectionList.section.description}),'%'))",
| "lower(section.number) like concat('%',concat(lower(#{sectionList.section.number}),'%'))",};
| "lower(section.subsection) like concat('%',concat(lower(#{sectionList.section.subsection}),'%'))",};
|
The problem is that when I display the form the query field is bound to the current section, and which returns 0 for the section # -- and my query results only show sections where the section # has a Zero in it. I tried to dynamically inspect the query value in the overridden getRestrictions method as such:
| @Override
| public List<String> getRestrictions() {
| List<String> restrictions= Arrays.asList(RESTRICTIONS);
| if(section.getNumber() > 0){
| restrictions.add("lower(section.number) like concat('%',concat(lower(#{"+ section.getNumber() +"}),'%'))");
| }
| return restrictions;
| }
But that throws an this exception:
| javax.el.ELException: /SectionList.xhtml: Error reading 'resultList' on type gov.hhs.fda.ocio.fdaaa.entity.SectionList_
| $_javassist_0
| at com.sun.facelets.compiler.TextInstruction.write(TextInstruction.java:48)
| at com.sun.facelets.compiler.UIInstructions.encodeBegin(UIInstructions.java:39)
| at org.ajax4jsf.renderkit.RendererBase.renderChild(RendererBase.java:280)
| at org.richfaces.renderkit.html.PanelRenderer.doEncodeBegin(PanelRenderer.java:168)
| at org.richfaces.renderkit.html.PanelRenderer.doEncodeBegin(PanelRenderer.java:128)
| at org.ajax4jsf.renderkit.RendererBase.encodeBegin(RendererBase.java:101)
| at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:788)
| at javax.faces.component.UIComponent.encodeAll(UIComponent.java:884)
| at javax.faces.component.UIComponent.encodeAll(UIComponent.java:892)
| at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:577)
| at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:108)
| at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:216)
| at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:106)
| at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251)
| at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144)
| at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
| at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:68)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)
| at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:85)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
| at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
| at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:44)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
| at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:141)
| at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:281)
| at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:60)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
| at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58)
| at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
| at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:150)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
| at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
| at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
| at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
| at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
| at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:853)
| at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
| at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1513)
| at java.lang.Thread.run(Thread.java:595)
| Caused by: java.lang.UnsupportedOperationException
Is there any easy way to fix this other than writing my own session bean to manage the query?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4103903#4103903
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4103903
18 years, 8 months