[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1018) Allow security checks in component lifecycle methds

Christian Bauer (JIRA) jira-events at lists.jboss.org
Mon Mar 12 04:30:46 EDT 2007 

    [ http://jira.jboss.com/jira/browse/JBSEAM-1018?page=comments#action_12355787 ] 
            
Christian Bauer commented on JBSEAM-1018:
-----------------------------------------

The good news is that it is rolling back my transaction after this RENDER RESPONSE :) The bad news is that my log fills up with ERRORS from em.joinTransaction():

09:20:38,446 DEBUG [SeamPhaseListener] before phase: RENDER_RESPONSE(6)
09:20:38,446 DEBUG [AbstractSeamPhaseListener] beginning transaction prior to phase: RENDER_RESPONSE(6)
09:20:38,447 DEBUG [RootInterceptor] intercepted: globalPrefs.getThemeName
09:20:38,451 DEBUG [RootInterceptor] intercepted: wikiUtil.POST_CONSTRUCT
09:20:38,451 DEBUG [RootInterceptor] intercepted: wikiUtil.getDatatable
09:20:38,451 DEBUG [RootInterceptor] intercepted: wikiUtil.setDatatable
09:20:38,453 DEBUG [RootInterceptor] intercepted: documentHome.POST_CONSTRUCT
09:20:38,453 DEBUG [RootInterceptor] intercepted: documentHome.create
09:20:38,453 DEBUG [RootInterceptor] intercepted: nodeDAO.POST_CONSTRUCT
09:20:38,453 DEBUG [RootInterceptor] intercepted: userDAO.POST_CONSTRUCT
09:20:38,453 DEBUG [RootInterceptor] intercepted: nodeDAO.findDirectory
09:20:38,454 INFO  [STDOUT] Hibernate: select directory0_.NODE_ID as NODE2_81_, directory0_.NODE_REVISION as NODE3_81_, directory0_.OBJ_VERSION as OBJ4_81_, directory0_.NAME as NAME81_, directory0_.WIKINAME as WIKINAME81_, directory0_.MENU_ITEM as MENU7_81_, directory0_.AREA_NR as AREA8_81_, directory0_.PARENT_NODE_ID as PARENT24_81_, directory0_.CREATED_ON as CREATED9_81_, directory0_.CREATED_BY_USER_ID as CREATED23_81_, directory0_.LAST_MODIFIED_ON as LAST10_81_, directory0_.LAST_MODIFIED_BY_USER_ID as LAST21_81_, directory0_.WRITE_ACCESS_LEVEL as WRITE11_81_, directory0_.READ_ACCESS_LEVEL as READ12_81_, directory0_.DEFAULT_DOCUMENT_ID as DEFAULT22_81_ from NODE directory0_ where directory0_.NODE_TYPE='DIRECTORY' and directory0_.NODE_ID=?
09:20:38,456 INFO  [STDOUT] ############### CHECKING CREATE PERMISSION: 1
09:20:38,456 INFO  [STDOUT] ###### GUEST IS NOT ALLOWED, TROWING EXCEPTION
09:20:38,458 ERROR [STDERR] Mar 12, 2007 9:20:38 AM com.sun.facelets.FaceletViewHandler handleRenderException
SEVERE: Error Rendering View[/docEdit.xhtml]
org.jboss.seam.security.AuthorizationException: Please register an account to execute this operation
        at org.jboss.seam.wiki.core.action.NodeHome.create(NodeHome.java:78)
        at org.jboss.seam.wiki.core.action.DocumentHome.create(DocumentHome.java:26)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.jboss.seam.util.Reflections.invoke(Reflections.java:20)
        at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:31)
        at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:57)
...
09:20:38,462 DEBUG [RootInterceptor] intercepted: globalPrefs.getThemeName
09:20:38,462 DEBUG [RootInterceptor] intercepted: globalPrefs.getThemeName
09:20:38,462 DEBUG [RootInterceptor] intercepted: documentHome.isManaged
09:20:38,463 DEBUG [RootInterceptor] intercepted: documentHome.isManaged
09:20:38,464 DEBUG [RootInterceptor] intercepted: documentHome.isManaged
09:20:38,464 DEBUG [RootInterceptor] intercepted: documentHome.isManaged
09:20:38,472 DEBUG [RootInterceptor] intercepted: menu.POST_CONSTRUCT
09:20:38,472 DEBUG [RootInterceptor] intercepted: menu.getItems
09:20:38,472 DEBUG [RootInterceptor] intercepted: wikiRoot.getWikiRoot
09:20:38,473 WARN  [JDBCExceptionReporter] SQL Error: 0, SQLState: null
09:20:38,473 ERROR [JDBCExceptionReporter] Transaction is not active: tx=TransactionImpl:XidImpl[FormatId=257, GlobalId=Fast.local/121, BranchQual=, localId=121]; - nested throwable: (javax.resource.ResourceException: Transaction is not active: tx=TransactionImpl:XidImpl[FormatId=257, GlobalId=Fast.local/121, BranchQual=, localId=121])
...
09:20:38,497 DEBUG [SeamPhaseListener] after phase: RENDER_RESPONSE(6)
09:20:38,498 DEBUG [AbstractSeamPhaseListener] rolling back transaction after phase: RENDER_RESPONSE(6)

I've never understood why JSF (or Seam) keeps trucking on when an exception has been thrown. It's not like the exception means "ignore me, everything is going to be fine, just try harder".


> Allow security checks in component lifecycle methds
> ---------------------------------------------------
>
>                 Key: JBSEAM-1018
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-1018
>             Project: JBoss Seam
>          Issue Type: Feature Request
>          Components: Core
>            Reporter: Christian Bauer
>         Assigned To: Gavin King
>            Priority: Minor
>             Fix For: 1.2.1.GA
>
>
> The Component.java.callComponentMethod() is used for lifecycle method calling, such as @Create methods. It also wraps all exceptions thrown in these methods, or at least casts them into RuntimeException (even if it already is a RuntimeException). So I can't use Identity.instance.checkPermission() in a @Create method and have my exception handling apply to failure. Minimum required: document this.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list