NullPointerException instead of AuthorizationException
------------------------------------------------------
Key: JBSEAM-4586
URL:
https://jira.jboss.org/jira/browse/JBSEAM-4586
Project: Seam
Issue Type: Bug
Affects Versions: 2.2.0.GA
Reporter: Konstantin Larionov
I am using Seam 2.2.0.GA and I have both rule-based (Drools) and JPA entity security
enabled. It works, until I try to persist a new entity without having permission for this
operation.
In this case Seam throws unexpected NullPointerException instead of
AuthorizationException. Namely, it is thrown by the
org.jboss.seam.security.permission.EntityIdentifierStrategy.getIdentifier(Object target)
method.
I debug this code and found that exception is thrown when trying to get identifier for new
entity, which is not yet persisted and thus have no ID assigned!
The most interesting part of stack trace is below.
...
Caused by: java.lang.NullPointerException
at
org.jboss.seam.security.permission.EntityIdentifierStrategy.getIdentifier(EntityIdentifierStrategy.java:48)
at
org.jboss.seam.security.permission.IdentifierPolicy.getIdentifier(IdentifierPolicy.java:85)
at
org.jboss.seam.security.permission.JpaPermissionStore.createPermissionQuery(JpaPermissionStore.java:234)
at
org.jboss.seam.security.permission.JpaPermissionStore.listPermissions(JpaPermissionStore.java:622)
at
org.jboss.seam.security.permission.JpaPermissionStore.listPermissions(JpaPermissionStore.java:607)
at
org.jboss.seam.security.permission.PersistentPermissionResolver.hasPermission(PersistentPermissionResolver.java:80)
at
org.jboss.seam.security.permission.PermissionMapper.resolvePermission(PermissionMapper.java:80)
at org.jboss.seam.security.Identity.hasPermission(Identity.java:632)
at org.jboss.seam.security.Identity.checkPermission(Identity.java:580)
at
org.jboss.seam.security.EntityPermissionChecker.checkEntityPermission(EntityPermissionChecker.java:115)
at
org.jboss.seam.security.EntitySecurityListener.prePersist(EntitySecurityListener.java:30)
at sun.reflect.GeneratedMethodAccessor499.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.hibernate.ejb.event.ListenerCallback.invoke(ListenerCallback.java:31)
at org.hibernate.ejb.event.EntityCallbackHandler.callback(EntityCallbackHandler.java:80)
at
org.hibernate.ejb.event.EntityCallbackHandler.preCreate(EntityCallbackHandler.java:49)
at
org.hibernate.ejb.event.EJB3PersistEventListener.saveWithGeneratedId(EJB3PersistEventListener.java:48)
at
org.hibernate.event.def.DefaultPersistEventListener.entityIsTransient(DefaultPersistEventListener.java:154)
at
org.hibernate.event.def.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:110)
at
org.hibernate.event.def.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:61)
at org.hibernate.impl.SessionImpl.firePersist(SessionImpl.java:645)
at org.hibernate.impl.SessionImpl.persist(SessionImpl.java:619)
at org.hibernate.impl.SessionImpl.persist(SessionImpl.java:623)
at
org.hibernate.ejb.AbstractEntityManagerImpl.persist(AbstractEntityManagerImpl.java:220)
at org.jboss.seam.persistence.EntityManagerProxy.persist(EntityManagerProxy.java:137)
at com.ims.ipat.web.editor.OrganizationEditorBean.save(OrganizationEditorBean.java:47)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira