[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-2719) NotLoggedInException and AuthorizationException handlers defined in pages.xml are ignored on IBM JVM
[ http://jira.jboss.com/jira/browse/JBSEAM-2719?page=comments#action_12418269 ]
Rob van Oostrum commented on JBSEAM-2719:
-----------------------------------------
I'm having a similar issue.
- Seam EAR project created in Eclipse
- Windows Vista
- JBoss 4.2.2.GA
- java version "1.6.0_05"
- Seam 2.0.2.CR2
I have @Restrict on my *List components, and the NotLoggedInException and
AuthorizationException are being rethrown as "org.jboss.seam.InstantiationException:
Could not instantiate Seam component" and not caught by the exception listeners
configured for my project out of the box.
NotLoggedInException and AuthorizationException handlers defined in
pages.xml are ignored on IBM JVM
----------------------------------------------------------------------------------------------------
Key: JBSEAM-2719
URL: http://jira.jboss.com/jira/browse/JBSEAM-2719
Project: Seam
Issue Type: Bug
Components: Core
Affects Versions: 2.0.1.GA
Environment: SUSE 10 on s390x, IBM JVM 2.6 (Sun JRE 1.6 update 4 equivalent)
Reporter: Jonathan Marston
Assigned To: Shane Bryzak
Fix For: The future
I have set up a page with restricted authority, and exception handlers for
NotLoggedInException and AuthorizationException in pages.xml as follows:
<?xml version="1.0" encoding="UTF-8"?>
<pages xmlns="http://jboss.com/products/seam/pages"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://jboss.com/products/seam/pages
http://jboss.com/products/seam/pages-2.0.xsd"
login-view-id="/login.xhtml">
<page view-id="/restricted.xhtml" login-required="true"/>
<page view-id="/noauthority.xhtml" login-required="true">
<restrict>>#{s:hasRole('admin')}</restrict>
</page>
<!-- Exception pages -->
<exception class="org.jboss.seam.security.NotLoggedInException">
<redirect view-id="/error.xhtml">
<message>You need to be logged to view this page.</message>
</redirect>
</exception>
<exception class="org.jboss.seam.security.AuthorizationException">
<redirect view-id="/error.xhtml">
<message>You don't have security permissions</message>
</redirect>
</exception>
<exception>
<redirect view-id="/error.xhtml">
<message>An exception occured</message>
</redirect>
</exception>
</pages>
The restricted.xhtml requires you to be logged in, and noauthority.xhtml requires admin
authority. Everything works as expected on Sun JVM under Windows, but our s390x mainframe
requires us to use the IBM JVM, where it fails to handle the AuthorizationException when
accessing noauthority.xhtml. The exception is generated, but uncaught, as can be seen in
the log file:
[ERROR] uncaught exception
org.jboss.seam.security.AuthorizationException: Authorization check failed for expression
[>#{s:hasRole('admin')}]
Unlike on Sun's JRE, the exception is repeated as being "swallowed":
[ERROR] swallowing exception
org.jboss.seam.security.AuthorizationException: Authorization check failed for expression
[>#{s:hasRole('admin')}]
The same happened for the NotLoggedInException, until I added a login-view-id attribute
to the <pages> element in pages.xml.
Other exception types are handled by the catch-all handler I set up - just
NotLoggedInException and AuthorizationException are ignored.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira