March 2008 - seam-issues - Jboss List Archives

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2325) ejb3/seam-gwt-remoting/gwt security integration

by darren hartford (JIRA)

ejb3/seam-gwt-remoting/gwt security integration ----------------------------------------------- Key: JBSEAM-2325 URL: http://jira.jboss.com/jira/browse/JBSEAM-2325 Project: JBoss Seam Issue Type: Task Components: Remoting, Security Affects Versions: 2.0.0.GA Environment: jboss 4.2.1 seam 2.0.0.GA win2k Any security-domain will work with name 'SpringPoweredRealm' with a user having 'security_role' role. Reporter: darren hartford Assigned To: Shane Bryzak Attachments: ejb3-gwt-security-sample.zip Attached is a sample project showing a problem related to Seam-GWT-Remoting integration with a GWT app, and security integration challenge. Error is detailed in forum link, top level server-side error is "[[/sample-ejb3-gwt-client]] Exception while dispatching incoming RPC call org.jboss.seam.security.NotLoggedInException " Not sure what integration method would be the best approach for secured methods for Seam-GWT-Remoting on the server side to the GWT client side. Expectations: *Once logged into web application, use of secured method/services to succeed automatically with appropriate roles without additional login (role based security assumed with Seam @Restrict annotation). *Once logged into web application, use of secured method/services to fail for insufficient role authorization, with sufficient information to determine it was a security failure instead of a service failure. *Anonymous web application login with a GWT widget requesting a secured Seam Remoting service/method would require either re-routing to web-app login page, or login to ONLY use the requested secured Seam service/method. This could be managed with GWT code to meet this expectation. thanks, learning as best as I can with available documentation. Permission given under LGPL license to use as an example in future documentation/examples. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

17 years, 9 months

2
5
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2062) Consider changing s:link default to propagation=none

by Stuart Douglas (JIRA)

Consider changing s:link default to propagation=none ---------------------------------------------------- Key: JBSEAM-2062 URL: http://jira.jboss.com/jira/browse/JBSEAM-2062 Project: JBoss Seam Issue Type: Feature Request Reporter: Stuart Douglas Priority: Minor the reason to consider this change is that foo?cid=123 links are confusing for search engine crawlers. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

17 years, 9 months

3
3
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2390) fileUpload doesn't work with Trinidad

by Robert Morse (JIRA)

fileUpload doesn't work with Trinidad ------------------------------------- Key: JBSEAM-2390 URL: http://jira.jboss.com/jira/browse/JBSEAM-2390 Project: JBoss Seam Issue Type: Bug Affects Versions: 2.0.1.CR1, 2.0.0.GA Environment: Mac OS X 10.5, Java 1.5 Reporter: Robert Morse fileUpload stops working when Trinidad is integrated with a project. See: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=120188&postdays=... for further details and discussion. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

17 years, 9 months

5
7
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1052) seam-dev.properties, seam-prod.properties

by Pete Muir (JIRA)

seam-dev.properties, seam-prod.properties ----------------------------------------- Key: JBSEAM-1052 URL: http://jira.jboss.com/jira/browse/JBSEAM-1052 Project: JBoss Seam Issue Type: Feature Request Components: Tools Affects Versions: 1.2.0.GA Reporter: Pete Muir Priority: Optional In the same way you have persistence-dev.xml, there should be seam-dev.properties to allow you to configure your application differently when in dev/prod (e.g. disable random password generation). AFAICS seam.properties must be in WEB-INF/classes/seam.properties for it to be read (it isn't read in ejb-jar/seam.properties as it's not in the classloader) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

17 years, 9 months

2
3
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2662) Map Spring transaction status codes back to JTA status codes in SpringTransaction.JtaSpringSynchronizationAdapter

by Michael Youngstrom (JIRA)

Map Spring transaction status codes back to JTA status codes in SpringTransaction.JtaSpringSynchronizationAdapter ----------------------------------------------------------------------------------------------------------------- Key: JBSEAM-2662 URL: http://jira.jboss.com/jira/browse/JBSEAM-2662 Project: JBoss Seam Issue Type: Bug Components: Spring Affects Versions: 2.1.0.A1 Reporter: Michael Youngstrom Assigned To: Michael Youngstrom Fix For: 2.1.x SpringTransaction.JtaSpringSynchronizationAdapter doesn't map SpringTransaction status codes back to JTA codes when adapting Spring synchronization to JTA Synchornization -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

17 years, 9 months

2
6
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1844) @Raise event does not work with @Observer in the same bean

by Ilya Doe (JIRA)

@Raise event does not work with @Observer in the same bean ---------------------------------------------------------- Key: JBSEAM-1844 URL: http://jira.jboss.com/jira/browse/JBSEAM-1844 Project: JBoss Seam Issue Type: Bug Reporter: Ilya Doe If the method that is annotated with @RaiseEvent is in the same stateful bean (conversation scoped) with the method annotated @Observer; when the observer method is called all to-be injected fields are null. See details in the forum post: http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4074789 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

17 years, 9 months

3
2
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2148) Support for SelectItemGroup

by Pete Muir (JIRA)

Support for SelectItemGroup --------------------------- Key: JBSEAM-2148 URL: http://jira.jboss.com/jira/browse/JBSEAM-2148 Project: JBoss Seam Issue Type: Feature Request Components: JSF Affects Versions: 2.0.0.CR2 Reporter: Pete Muir Assigned To: Pete Muir Fix For: 2.0.2.GA We can do something like <s:selectItemGroup label="#{foo.bar}"> <s:selectItems .../> <s:selectItems .../> </s:selectItemGroup> and, as a shorthand to put each list in a distinct group <s:selectItems group="Foo"/> I don't understand why this isn't in JSF core. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

17 years, 9 months

3
16
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1696) EmptyStackException in Transaction.java

by Matt Drees (JIRA)

EmptyStackException in Transaction.java --------------------------------------- Key: JBSEAM-1696 URL: http://jira.jboss.com/jira/browse/JBSEAM-1696 Project: JBoss Seam Issue Type: Bug Affects Versions: 2.0.0.BETA1 Environment: Seam cvs 20070717.1711 Reporter: Matt Drees Priority: Minor I occasionally get the following stacktrace. I believe it happens when the SeamPhaseListener tries to begin a transaction, but an exception is thrown, so the stack is never pushed. Later, when it tries to commitOrRollback, the following happens. 2007-07-18 15:29:55,229 ERROR () SeamPhaseListener: uncaught exception java.lang.IllegalStateException: Could not commit transaction at org.jboss.seam.jsf.SeamPhaseListener.commitOrRollback(SeamPhaseListener.java:589) at org.jboss.seam.jsf.SeamPhaseListener.handleTransactionsAfterPhase(SeamPhaseListener.java:325) at org.jboss.seam.jsf.SeamPhaseListener.afterServletPhase(SeamPhaseListener.java:226) at org.jboss.seam.jsf.SeamPhaseListener.afterPhase(SeamPhaseListener.java:184) at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:280) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:244) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:82) at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:68) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:68) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:85) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:68) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:61) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:68) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:44) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:68) at org.ajax4jsf.framework.ajax.xmlfilter.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:127) at org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.java:277) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:60) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:68) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:68) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:149) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) Caused by: java.util.EmptyStackException at java.util.Stack.peek(Stack.java:79) at org.jboss.seam.transaction.Transaction.beforeCommit(Transaction.java:64) at org.jboss.seam.transaction.UTTransaction.commit(UTTransaction.java:44) at org.jboss.seam.jsf.SeamPhaseListener.commitOrRollback(SeamPhaseListener.java:579) You'd probably just need a simple "if (!synchronizations.isEmpty())" check before peek()ing or pop()ing. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

17 years, 9 months

3
7
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2079) CLONE -Remember-Me automatic authentication

by Eugene Kisly (JIRA)

CLONE -Remember-Me automatic authentication ------------------------------------------- Key: JBSEAM-2079 URL: http://jira.jboss.com/jira/browse/JBSEAM-2079 Project: JBoss Seam Issue Type: Feature Request Components: Security Reporter: Eugene Kisly Fix For: 1.1.7.CR1 Extend the behaviour of Remember-Me to automatically authenticate the user after they have selected the "Remember Me" service rather than have him or her re-enter their password each time. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

17 years, 9 months

6
7
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2719) NotLoggedInException and AuthorizationException handlers defined in pages.xml are ignored on IBM JVM

by Jonathan Marston (JIRA)

NotLoggedInException and AuthorizationException handlers defined in pages.xml are ignored on IBM JVM ---------------------------------------------------------------------------------------------------- Key: JBSEAM-2719 URL: http://jira.jboss.com/jira/browse/JBSEAM-2719 Project: JBoss Seam Issue Type: Bug Affects Versions: 2.0.1.GA Environment: SUSE 10 on s390x, IBM JVM 2.6 (Sun JRE 1.6 update 4 equivalent) Reporter: Jonathan Marston I have set up a page with restricted authority, and exception handlers for NotLoggedInException and AuthorizationException in pages.xml as follows: <?xml version="1.0" encoding="UTF-8"?> <pages xmlns="http://jboss.com/products/seam/pages" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd" login-view-id="/login.xhtml"> <page view-id="/restricted.xhtml" login-required="true"/> <page view-id="/noauthority.xhtml" login-required="true"> <restrict>>#{s:hasRole('admin')}</restrict> </page>  <exception class="org.jboss.seam.security.NotLoggedInException"> <redirect view-id="/error.xhtml"> <message>You need to be logged to view this page.</message> </redirect> </exception> <exception class="org.jboss.seam.security.AuthorizationException"> <redirect view-id="/error.xhtml"> <message>You don't have security permissions</message> </redirect> </exception> <exception> <redirect view-id="/error.xhtml"> <message>An exception occured</message> </redirect> </exception> </pages> The restricted.xhtml requires you to be logged in, and noauthority.xhtml requires admin authority. Everything works as expected on Sun JVM under Windows, but our s390x mainframe requires us to use the IBM JVM, where it fails to handle the AuthorizationException when accessing noauthority.xhtml. The exception is generated, but uncaught, as can be seen in the log file: [ERROR] uncaught exception org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [>#{s:hasRole('admin')}] Unlike on Sun's JRE, the exception is repeated as being "swallowed": [ERROR] swallowing exception org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [>#{s:hasRole('admin')}] The same happened for the NotLoggedInException, until I added a login-view-id attribute to the <pages> element in pages.xml. Other exception types are handled by the catch-all handler I set up - just NotLoggedInException and AuthorizationException are ignored. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

17 years, 9 months

5
5
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

seam-issues March 2008