NullPointerException instead of AuthorizationException ------------------------------------------------------ Key: JBSEAM-4586 URL: https://jira.jboss.org/jira/browse/JBSEAM-4586 Project: Seam Issue Type: Bug Affects Versions: 2.2.0.GA Reporter: Konstantin Larionov I am using Seam 2.2.0.GA and I have both rule-based (Drools) and JPA entity security enabled. It works, until I try to persist a new entity without having permission for this operation. In this case Seam throws unexpected NullPointerException instead of AuthorizationException. Namely, it is thrown by the org.jboss.seam.security.permission.EntityIdentifierStrategy.getIdentifier(Object target) method. I debug this code and found that exception is thrown when trying to get identifier for new entity, which is not yet persisted and thus have no ID assigned! The most interesting part of stack trace is below. ... Caused by: java.lang.NullPointerException at org.jboss.seam.security.permission.EntityIdentifierStrategy.getIdentifier(EntityIdentifierStrategy.java:48) at org.jboss.seam.security.permission.IdentifierPolicy.getIdentifier(IdentifierPolicy.java:85) at org.jboss.seam.security.permission.JpaPermissionStore.createPermissionQuery(JpaPermissionStore.java:234) at org.jboss.seam.security.permission.JpaPermissionStore.listPermissions(JpaPermissionStore.java:622) at org.jboss.seam.security.permission.JpaPermissionStore.listPermissions(JpaPermissionStore.java:607) at org.jboss.seam.security.permission.PersistentPermissionResolver.hasPermission(PersistentPermissionResolver.java:80) at org.jboss.seam.security.permission.PermissionMapper.resolvePermission(PermissionMapper.java:80) at org.jboss.seam.security.Identity.hasPermission(Identity.java:632) at org.jboss.seam.security.Identity.checkPermission(Identity.java:580) at org.jboss.seam.security.EntityPermissionChecker.checkEntityPermission(EntityPermissionChecker.java:115) at org.jboss.seam.security.EntitySecurityListener.prePersist(EntitySecurityListener.java:30) at sun.reflect.GeneratedMethodAccessor499.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.hibernate.ejb.event.ListenerCallback.invoke(ListenerCallback.java:31) at org.hibernate.ejb.event.EntityCallbackHandler.callback(EntityCallbackHandler.java:80) at org.hibernate.ejb.event.EntityCallbackHandler.preCreate(EntityCallbackHandler.java:49) at org.hibernate.ejb.event.EJB3PersistEventListener.saveWithGeneratedId(EJB3PersistEventListener.java:48) at org.hibernate.event.def.DefaultPersistEventListener.entityIsTransient(DefaultPersistEventListener.java:154) at org.hibernate.event.def.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:110) at org.hibernate.event.def.DefaultPersistEventListener.onPersist(DefaultPersistEventListener.java:61) at org.hibernate.impl.SessionImpl.firePersist(SessionImpl.java:645) at org.hibernate.impl.SessionImpl.persist(SessionImpl.java:619) at org.hibernate.impl.SessionImpl.persist(SessionImpl.java:623) at org.hibernate.ejb.AbstractEntityManagerImpl.persist(AbstractEntityManagerImpl.java:220) at org.jboss.seam.persistence.EntityManagerProxy.persist(EntityManagerProxy.java:137) at com.ims.ipat.web.editor.OrganizationEditorBean.save(OrganizationEditorBean.java:47) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira