[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2719) NotLoggedInException and AuthorizationException handlers defined in pages.xml are ignored on IBM JVM

Jonathan Marston (JIRA) jira-events at lists.jboss.org
Mon Mar 10 18:07:57 EDT 2008 

NotLoggedInException and AuthorizationException handlers defined in pages.xml are ignored on IBM JVM
----------------------------------------------------------------------------------------------------

                 Key: JBSEAM-2719
                 URL: http://jira.jboss.com/jira/browse/JBSEAM-2719
             Project: JBoss Seam
          Issue Type: Bug
    Affects Versions: 2.0.1.GA
         Environment: SUSE 10 on s390x, IBM JVM 2.6 (Sun JRE 1.6 update 4 equivalent)
            Reporter: Jonathan Marston


I have set up a page with restricted authority, and exception handlers for NotLoggedInException and AuthorizationException in pages.xml as follows:

<?xml version="1.0" encoding="UTF-8"?>
<pages xmlns="http://jboss.com/products/seam/pages"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd" login-view-id="/login.xhtml">
       
    <page view-id="/restricted.xhtml" login-required="true"/>
    <page view-id="/noauthority.xhtml" login-required="true">
    	<restrict>>#{s:hasRole('admin')}</restrict>
    </page>

    <!-- Exception pages -->
    <exception class="org.jboss.seam.security.NotLoggedInException">
    	<redirect view-id="/error.xhtml">
      		<message>You need to be logged to view this page.</message>
    	</redirect>    	
    </exception>
    
    <exception class="org.jboss.seam.security.AuthorizationException">
    	<redirect view-id="/error.xhtml">
      		<message>You don't have security permissions</message>      		
    	</redirect>
    </exception>       
    
    <exception>
    	<redirect view-id="/error.xhtml">
      		<message>An exception occured</message>      		
    	</redirect>
    </exception>          
</pages>

The restricted.xhtml requires you to be logged in, and noauthority.xhtml requires admin authority. Everything works as expected on Sun JVM under Windows, but our s390x mainframe requires us to use the IBM JVM, where it fails to handle the AuthorizationException when accessing noauthority.xhtml. The exception is generated, but uncaught, as can be seen in the log file:

[ERROR] uncaught exception
org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [>#{s:hasRole('admin')}]

Unlike on Sun's JRE, the exception is repeated as being "swallowed":

[ERROR] swallowing exception
org.jboss.seam.security.AuthorizationException: Authorization check failed for expression [>#{s:hasRole('admin')}]


The same happened for the NotLoggedInException, until I added a login-view-id attribute to the <pages> element in pages.xml.

Other exception types are handled by the catch-all handler I set up - just NotLoggedInException and AuthorizationException are ignored.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list