[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1018) Allow security checks in component lifecycle methds
Christian Bauer (JIRA)
jira-events at lists.jboss.org
Mon Mar 12 11:59:46 EDT 2007
[ http://jira.jboss.com/jira/browse/JBSEAM-1018?page=comments#action_12355829 ]
Christian Bauer commented on JBSEAM-1018:
-----------------------------------------
This now leads to another problem during redirect, looks like the @Create which has already thrown this exception is executed again in Mutable.clearDirty() when the context is flushed:
16:47:58,526 DEBUG [Exceptions] reading exception mappings from /WEB-INF/pages.xml
16:47:58,528 DEBUG [DTDEntityResolver] trying to resolve system-id [http://jboss.com/products/seam/pages-1.2.dtd]
16:47:58,528 DEBUG [DTDEntityResolver] recognized Seam namespace; attempting to resolve on classpath under org/jboss/seam/
16:47:58,528 DEBUG [DTDEntityResolver] located [http://jboss.com/products/seam/pages-1.2.dtd] in classpath
16:47:58,534 DEBUG [Manager] Ending long-running conversation
16:47:58,534 DEBUG [Navigator] redirecting to: /permissionError.xhtml
16:47:58,535 DEBUG [Manager] redirecting to: /wiki/permissionError.seam?cid=2
16:47:58,535 DEBUG [Lifecycle] After render response, destroying contexts
16:47:58,535 DEBUG [Lifecycle] flushing server-side conversation context
16:47:58,535 DEBUG [RootInterceptor] intercepted: documentHome.clearDirty
16:47:58,539 ERROR [ExceptionFilter] could not destroy contexts
javax.servlet.ServletException: You don't have permission for this operation
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:152)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:130)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:107)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:78)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:383)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:63)
at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:57)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:53)
at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:79)
at org.jboss.seam.web.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:49)
at org.jboss.seam.web.SeamFilter.doFilter(SeamFilter.java:84)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.ajax4jsf.framework.ajax.xmlfilter.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:96)
at org.ajax4jsf.framework.ajax.xmlfilter.BaseFilter.doFilter(BaseFilter.java:220)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:613)
> Allow security checks in component lifecycle methds
> ---------------------------------------------------
>
> Key: JBSEAM-1018
> URL: http://jira.jboss.com/jira/browse/JBSEAM-1018
> Project: JBoss Seam
> Issue Type: Feature Request
> Components: Core
> Reporter: Christian Bauer
> Assigned To: Gavin King
> Priority: Minor
> Fix For: 1.2.1.GA
>
>
> The Component.java.callComponentMethod() is used for lifecycle method calling, such as @Create methods. It also wraps all exceptions thrown in these methods, or at least casts them into RuntimeException (even if it already is a RuntimeException). So I can't use Identity.instance.checkPermission() in a @Create method and have my exception handling apply to failure. Minimum required: document this.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list