[
https://issues.jboss.org/browse/SEAMSECURITY-22?page=com.atlassian.jira.p...
]
Marek Schmidt commented on SEAMSECURITY-22:
-------------------------------------------
The issue in the previous comments is a different one (seam security not picking
security.drl from WEB-INF on glassfish) and has been fixed,
this one is about not having security.drl at all (which should not be necessary to have if
one doesn't use drools nor picketlink)
Basic authentication with no security drools and no picketlink
defined in seam-beans.xml throws exception
---------------------------------------------------------------------------------------------------------
Key: SEAMSECURITY-22
URL:
https://issues.jboss.org/browse/SEAMSECURITY-22
Project: Seam Security
Issue Type: Bug
Affects Versions: 3.0.0.Alpha2
Environment: Jboss 6 AS Final, windows
Reporter: yangju
Assignee: Shane Bryzak
Fix For: Future
Very simple Authentication implementation:
public class LoginService implements Authenticator {
@Inject
Credentials credentials;
@Inject
Logger log;
public boolean authenticate() {
// authentication logic here
log.info("authenticate is called in LoginService");
log.info("userID="+credentials.getUsername());
return true; // if authentication successful
}
}
View (login.xhtml)
<h:form id="loginForm" rendered="#{not identity.loggedIn}">
<h:messages id="messages"
globalOnly="true" />
<div class="loginRow"><h:outputLabel
for="name"
value="Username"
styleClass="loginLabel" /> <h:inputText id="name"
value="#{credentials.username}"
/></div>
<div class="loginRow"><h:outputLabel
for="password"
value="Password"
styleClass="loginLabel" /> <h:inputSecret
id="password"
value="#{credentials.password}" redisplay="true" /></div>
<div class="loginRow"></div>
<div class="buttons"><h:commandButton
id="login" value="LOGIN"
action="#{identity.login}"
styleClass="loginButton" /></div>
I don't define any drools file and I am not using picketlink either. But after I
typed user info in the login page, , the server throws the following exception:
17:18:35,453 ERROR [org.jboss.weld.Bean] WELD-000019 Error destroying an instance Managed
Bean [class org.jboss.seam.security.permission.SecurityRuleProducer] with qualifiers [@Any
@Default] of org.jboss.seam.security.permission.SecurityRuleProducer@de0ad3
17:18:35,453 ERROR [org.jboss.seam.security.IdentityImpl] Login failed for:
Credentials[rich]: java.lang.IllegalArgumentException: stream cannot be null
at org.drools.io.impl.InputStreamResource.<init>(InputStreamResource.java:35)
[:5.1.1]
at
org.drools.io.impl.ResourceFactoryServiceImpl.newInputStreamResource(ResourceFactoryServiceImpl.java:87)
[:5.1.1]
at org.drools.io.ResourceFactory.newInputStreamResource(ResourceFactory.java:87)
[:5.1.1]
at
org.jboss.seam.security.permission.SecurityRuleProducer.createSecurityKnowledgeBase(SecurityRuleProducer.java:43)
[:3.0.0.Alpha2]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_13]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[:1.6.0_13]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[:1.6.0_13]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_13]
at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:305)
[:6.0.0.Final]
at
org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:54)
[:6.0.0.Final]
at
org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:163)
[:6.0.0.Final]
at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:299)
[:6.0.0.Final]
at
org.jboss.weld.introspector.jlr.WeldMethodImpl.invokeOnInstance(WeldMethodImpl.java:188)
[:6.0.0.Final]
at
org.jboss.weld.injection.MethodInjectionPoint.invokeOnInstance(MethodInjectionPoint.java:169)
[:6.0.0.Final]
at org.jboss.weld.bean.ProducerMethod$1.produce(ProducerMethod.java:149) [:6.0.0.Final]
at org.jboss.weld.bean.AbstractProducerBean.create(AbstractProducerBean.java:361)
[:6.0.0.Final]
at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:121) [:6.0.0.Final]
at
org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:99)
[:6.0.0.Final]
at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:124)
[:6.0.0.Final]
at
org.jboss.weld.proxies.org$jboss$weld$beanProducerMethod-org$jboss$seam$security$permission$SecurityRuleProducermethod_createSecurityKnowledgeBase()_$$_WeldClientProxy.newStatefulKnowledgeSession(org$jboss$weld$beanProducerMethod-org$jboss$seam$security$permission$SecurityRuleProducermethod_createSecurityKnowledgeBase()_$$_WeldClientProxy.java)
at
org.jboss.seam.security.permission.RuleBasedPermissionResolver.init(RuleBasedPermissionResolver.java:49)
[:3.0.0.Alpha2]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_13]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[:1.6.0_13]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[:1.6.0_13]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_13]
at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:305)
[:6.0.0.Final]
at
org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:54)
[:6.0.0.Final]
at
org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:163)
[:6.0.0.Final]
at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:299)
[:6.0.0.Final]
at org.jboss.weld.introspector.jlr.WeldMethodImpl.invoke(WeldMethodImpl.java:193)
[:6.0.0.Final]
at org.jboss.weld.injection.MethodInjectionPoint.invoke(MethodInjectionPoint.java:127)
[:6.0.0.Final]
at org.jboss.weld.util.Beans.callInitializers(Beans.java:898) [:6.0.0.Final]
at org.jboss.weld.util.Beans.injectFieldsAndInitializers(Beans.java:885) [:6.0.0.Final]
at
org.jboss.weld.bean.ManagedBean$ManagedBeanInjectionTarget$1$1.proceed(ManagedBean.java:182)
[:6.0.0.Final]
at org.jboss.weld.injection.InjectionContextImpl.run(InjectionContextImpl.java:54)
[:6.0.0.Final]
at
org.jboss.weld.bean.ManagedBean$ManagedBeanInjectionTarget$1.work(ManagedBean.java:176)
[:6.0.0.Final]
at org.jboss.weld.bean.ManagedBean$FixInjectionPoint.run(ManagedBean.java:142)
[:6.0.0.Final]
at
org.jboss.weld.bean.ManagedBean$ManagedBeanInjectionTarget.inject(ManagedBean.java:170)
[:6.0.0.Final]
at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:339) [:6.0.0.Final]
at org.jboss.weld.context.AbstractContext.get(AbstractContext.java:121) [:6.0.0.Final]
at
org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:99)
[:6.0.0.Final]
at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:87)
[:6.0.0.Final]
at
org.jboss.seam.security.permission.org$jboss$weld$bean-jboss$classloader:id="vfs:$$$D:$apps$jboss$jboss-6$0$0$Final$server$epen$deploy$epen-account-setup$war"-ManagedBean-class_org$jboss$seam$security$permission$RuleBasedPermissionResolver_$$_WeldClientProxy.setUserAccountInSecurityContext(org$jboss$weld$bean-jboss$classloader:id="vfs:$$$D:$apps$jboss$jboss-6$0$0$Final$server$epen$deploy$epen-account-setup$war"-ManagedBean-class_org$jboss$seam$security$permission$RuleBasedPermissionResolver_$$_WeldClientProxy.java)
[:3.0.0.Alpha2]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_13]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[:1.6.0_13]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[:1.6.0_13]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_13]
at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:305)
[:6.0.0.Final]
at
org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:54)
[:6.0.0.Final]
at
org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:163)
[:6.0.0.Final]
at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:299)
[:6.0.0.Final]
at
org.jboss.weld.introspector.jlr.WeldMethodImpl.invokeOnInstance(WeldMethodImpl.java:188)
[:6.0.0.Final]
at
org.jboss.weld.introspector.ForwardingWeldMethod.invokeOnInstance(ForwardingWeldMethod.java:59)
[:6.0.0.Final]
at
org.jboss.weld.injection.MethodInjectionPoint.invokeOnInstanceWithSpecialValue(MethodInjectionPoint.java:198)
[:6.0.0.Final]
at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:270)
[:6.0.0.Final]
at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:253)
[:6.0.0.Final]
at org.jboss.weld.event.ObserverMethodImpl.notify(ObserverMethodImpl.java:222)
[:6.0.0.Final]
at org.jboss.weld.manager.BeanManagerImpl.notifyObservers(BeanManagerImpl.java:611)
[:6.0.0.Final]
at org.jboss.weld.manager.BeanManagerImpl.fireEvent(BeanManagerImpl.java:604)
[:6.0.0.Final]
at org.jboss.weld.manager.BeanManagerImpl.fireEvent(BeanManagerImpl.java:598)
[:6.0.0.Final]
at org.jboss.seam.security.IdentityImpl.postAuthenticate(IdentityImpl.java:379)
[:3.0.0.Alpha2]
at org.jboss.seam.security.IdentityImpl.authenticate(IdentityImpl.java:317)
[:3.0.0.Alpha2]
at org.jboss.seam.security.IdentityImpl.login(IdentityImpl.java:203) [:3.0.0.Alpha2]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_13]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[:1.6.0_13]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[:1.6.0_13]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_13]
at org.apache.el.parser.AstValue.invoke(AstValue.java:196) [:6.0.0.Final]
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
[:6.0.0.Final]
at
org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
[:6.0.0.Final]
at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56)
[:6.0.0.Final]
at
org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
[:6.0.0.Final]
at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56)
[:6.0.0.Final]
at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:102)
[:2.0.3-]
at
javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:84)
[:2.0.3-]
at
com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:98)
[:2.0.3-]
at javax.faces.component.UICommand.broadcast(UICommand.java:311) [:2.0.3-]
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:781) [:2.0.3-]
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1246) [:2.0.3-]
at
com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:77)
[:2.0.3-]
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97) [:2.0.3-]
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:114) [:2.0.3-]
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:308) [:2.0.3-]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:324)
[:6.0.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242)
[:6.0.0.Final]
at
org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67)
[:6.0.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:274)
[:6.0.0.Final]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:242)
[:6.0.0.Final]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
[:6.0.0.Final]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[:6.0.0.Final]
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:181)
[:6.0.0.Final]
at
org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285)
[:1.1.0.Final]
at
org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261)
[:1.1.0.Final]
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88)
[:6.0.0.Final]
at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100)
[:6.0.0.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
[:6.0.0.Final]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[:6.0.0.Final]
at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
[:6.0.0.Final]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[:6.0.0.Final]
at
org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53)
[:6.0.0.Final]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362)
[:6.0.0.Final]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
[:6.0.0.Final]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654)
[:6.0.0.Final]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951)
[:6.0.0.Final]
at java.lang.Thread.run(Thread.java:619) [:1.6.0_13]
--
This message is automatically generated by JIRA.
For more information on JIRA, see:
http://www.atlassian.com/software/jira