[jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-2846) Seamspace example - fileupload causes security exception
Shane Bryzak (JIRA)
jira-events at lists.jboss.org
Mon Apr 7 21:23:02 EDT 2008
[ http://jira.jboss.com/jira/browse/JBSEAM-2846?page=all ]
Shane Bryzak closed JBSEAM-2846.
--------------------------------
Fix Version/s: (was: 2.1.0.BETA1)
Resolution: Done
Fixed.
> Seamspace example - fileupload causes security exception
> --------------------------------------------------------
>
> Key: JBSEAM-2846
> URL: http://jira.jboss.com/jira/browse/JBSEAM-2846
> Project: JBoss Seam
> Issue Type: Bug
> Components: Examples
> Affects Versions: 2.0.2.CR1
> Reporter: Jay Balunas
> Assigned To: Shane Bryzak
> Priority: Minor
> Fix For: 2.0.2.CR2
>
>
> Create a new user in seamspace and one of the pages lets you upload an image. When pointing to a file and clicking upload the error below is displayed and a JSF error page shows. By clicking back I was able to see that the image did upload and the user was logged in.
> 10:37:53,194 ERROR [STDERR] Apr 2, 2008 10:37:53 AM com.sun.facelets.FaceletViewHandler handleRenderException
> SEVERE: Error Rendering View[/friendcomment.xhtml]
> org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [#{s:hasPermission('friendComment', 'create', friends)}]
> at org.jboss.seam.security.Identity.checkRestriction(Identity.java:190)
> at org.jboss.seam.example.seamspace.FriendAction.createComment(FriendAction.java:52)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
> at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
> at org.jboss.seam.intercept.EJBInvocationContext.proceed(EJBInvocationContext.java:44)
> at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
> at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:46)
> at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
> at org.jboss.seam.persistence.ManagedEntityIdentityInterceptor.aroundInvoke(ManagedEntityIdentityInterceptor.java:48)
> at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
> at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:31)
> at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
> at org.jboss.seam.core.ConversationInterceptor.aroundInvoke(ConversationInterceptor.java:56)
> at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
> at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:42)
> at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
> at org.jboss.seam.persistence.EntityManagerProxyInterceptor.aroundInvoke(EntityManagerProxyInterceptor.java:26)
> at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
> at org.jboss.seam.persistence.HibernateSessionProxyInterceptor.aroundInvoke(HibernateSessionProxyInterceptor.java:27)
> at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
> at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
> at org.jboss.seam.intercept.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:50)
> at sun.reflect.GeneratedMethodAccessor152.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
> at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
> at org.jboss.ejb3.entity.ExtendedPersistenceContextPropagationInterceptor.invoke(ExtendedPersistenceContextPropagationInterceptor.java:57)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
> at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
> at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
> at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(TxPolicy.java:126)
> at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:195)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
> at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
> at org.jboss.ejb3.stateful.StatefulInstanceInterceptor.invoke(StatefulInstanceInterceptor.java:83)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
> at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
> at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
> at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
> at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
> at org.jboss.ejb3.stateful.StatefulContainer.localInvoke(StatefulContainer.java:206)
> at org.jboss.ejb3.stateful.StatefulLocalProxy.invoke(StatefulLocalProxy.java:119)
> at $Proxy112.createComment(Unknown Source)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.jboss.seam.util.Reflections.invoke(Reflections.java:21)
> at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:31)
> at org.jboss.seam.intercept.ClientSideInterceptor$1.proceed(ClientSideInterceptor.java:76)
> at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
> at org.jboss.seam.ejb.RemoveInterceptor.aroundInvoke(RemoveInterceptor.java:41)
> at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
> at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
> at org.jboss.seam.intercept.ClientSideInterceptor.invoke(ClientSideInterceptor.java:54)
> at org.javassist.tmp.java.lang.Object_$$_javassist_7.createComment(Object_$$_javassist_7.java)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.jboss.seam.util.Reflections.invoke(Reflections.java:21)
> at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:125)
> at org.jboss.seam.Component.callComponentMethod(Component.java:2082)
> at org.jboss.seam.Component.getInstanceFromFactory(Component.java:1926)
> at org.jboss.seam.Component.getInstance(Component.java:1863)
> at org.jboss.seam.Component.getInstance(Component.java:1840)
> at org.jboss.seam.Namespace.getComponentInstance(Namespace.java:55)
> at org.jboss.seam.Namespace.getComponentInstance(Namespace.java:50)
> at org.jboss.seam.el.SeamELResolver.resolveBase(SeamELResolver.java:166)
> at org.jboss.seam.el.SeamELResolver.getValue(SeamELResolver.java:53)
> at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:53)
> at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:64)
> at org.jboss.el.parser.AstIdentifier.getValue(AstIdentifier.java:44)
> at org.jboss.el.parser.AstEqual.getValue(AstEqual.java:21)
> at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186)
> at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
> at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:370)
> at javax.faces.component.UIComponent.encodeAll(UIComponent.java:880)
> at javax.faces.component.UIComponent.encodeAll(UIComponent.java:892)
> at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:592)
> at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:108)
> at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:216)
> at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:106)
> at com.sun.fa
> 10:37:53,194 ERROR [STDERR] ces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251)
> at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144)
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)
> at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:85)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
> at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
> at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
> at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:141)
> at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:281)
> at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:60)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
> at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
> at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179)
> at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
> at java.lang.Thread.run(Thread.java:595)
> 10:37:53,213 WARN [JDBCExceptionReporter] SQL Error: 0, SQLState: null
> 10:37:53,213 ERROR [JDBCExceptionReporter] Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >; - nested throwable: (javax.resource.ResourceException: Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >)
> 10:37:53,225 WARN [JDBCExceptionReporter] SQL Error: 0, SQLState: null
> 10:37:53,225 ERROR [JDBCExceptionReporter] Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >; - nested throwable: (javax.resource.ResourceException: Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >)
> 10:37:53,238 WARN [JDBCExceptionReporter] SQL Error: 0, SQLState: null
> 10:37:53,238 ERROR [JDBCExceptionReporter] Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >; - nested throwable: (javax.resource.ResourceException: Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >)
> 10:37:53,249 WARN [JDBCExceptionReporter] SQL Error: 0, SQLState: null
> 10:37:53,250 ERROR [JDBCExceptionReporter] Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >; - nested throwable: (javax.resource.ResourceException: Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >)
> 10:37:53,263 WARN [JDBCExceptionReporter] SQL Error: 0, SQLState: null
> 10:37:53,264 ERROR [JDBCExceptionReporter] Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >; - nested throwable: (javax.resource.ResourceException: Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >)
> 10:37:53,276 WARN [JDBCExceptionReporter] SQL Error: 0, SQLState: null
> 10:37:53,276 ERROR [JDBCExceptionReporter] Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >; - nested throwable: (javax.resource.ResourceException: Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >)
> 10:37:53,289 WARN [JDBCExceptionReporter] SQL Error: 0, SQLState: null
> 10:37:53,289 ERROR [JDBCExceptionReporter] Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >; - nested throwable: (javax.resource.ResourceException: Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >)
> 10:37:53,302 WARN [JDBCExceptionReporter] SQL Error: 0, SQLState: null
> 10:37:53,302 ERROR [JDBCExceptionReporter] Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >; - nested throwable: (javax.resource.ResourceException: Transaction is not active: tx=TransactionImple < ac, BasicAction: -53efacc0:bb05:47f3992f:1d1 status: ActionStatus.ABORT_ONLY >)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list