[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-2719) NotLoggedInException and AuthorizationException handlers defined in pages.xml are ignored on IBM JVM

Bram Gadeyne (JIRA) jira-events at lists.jboss.org
Thu Apr 3 06:13:29 EDT 2008


    [ http://jira.jboss.com/jira/browse/JBSEAM-2719?page=comments#action_12406818 ] 
            
Bram Gadeyne commented on JBSEAM-2719:
--------------------------------------

I'm new to using JBOSS Seam, JSF and EJB3 but I'm having the same problem.

I'm using 

JRE 1.6 update 4 on windows
jboss-4.2.2.GA
jboss-seam-2.0.1.GA 

Is there a posibility to catch these exceptions through another configuration-file than through pages.xml? 

> NotLoggedInException and AuthorizationException handlers defined in pages.xml are ignored on IBM JVM
> ----------------------------------------------------------------------------------------------------
>
>                 Key: JBSEAM-2719
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-2719
>             Project: JBoss Seam
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.0.1.GA
>         Environment: SUSE 10 on s390x, IBM JVM 2.6 (Sun JRE 1.6 update 4 equivalent)
>            Reporter: Jonathan Marston
>         Assigned To: Shane Bryzak
>             Fix For: 2.1.x
>
>
> I have set up a page with restricted authority, and exception handlers for NotLoggedInException and AuthorizationException in pages.xml as follows:
> <?xml version="1.0" encoding="UTF-8"?>
> <pages xmlns="http://jboss.com/products/seam/pages"
>        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>        xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd" login-view-id="/login.xhtml">
>        
>     <page view-id="/restricted.xhtml" login-required="true"/>
>     <page view-id="/noauthority.xhtml" login-required="true">
>     	<restrict>>#{s:hasRole('admin')}</restrict>
>     </page>
>     <!-- Exception pages -->
>     <exception class="org.jboss.seam.security.NotLoggedInException">
>     	<redirect view-id="/error.xhtml">
>       		<message>You need to be logged to view this page.</message>
>     	</redirect>    	
>     </exception>
>     
>     <exception class="org.jboss.seam.security.AuthorizationException">
>     	<redirect view-id="/error.xhtml">
>       		<message>You don't have security permissions</message>      		
>     	</redirect>
>     </exception>       
>     
>     <exception>
>     	<redirect view-id="/error.xhtml">
>       		<message>An exception occured</message>      		
>     	</redirect>
>     </exception>          
> </pages>
> The restricted.xhtml requires you to be logged in, and noauthority.xhtml requires admin authority. Everything works as expected on Sun JVM under Windows, but our s390x mainframe requires us to use the IBM JVM, where it fails to handle the AuthorizationException when accessing noauthority.xhtml. The exception is generated, but uncaught, as can be seen in the log file:
> [ERROR] uncaught exception
> org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [>#{s:hasRole('admin')}]
> Unlike on Sun's JRE, the exception is repeated as being "swallowed":
> [ERROR] swallowing exception
> org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [>#{s:hasRole('admin')}]
> The same happened for the NotLoggedInException, until I added a login-view-id attribute to the <pages> element in pages.xml.
> Other exception types are handled by the catch-all handler I set up - just NotLoggedInException and AuthorizationException are ignored.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        



More information about the seam-issues mailing list