ICEfaces
  1. ICEfaces
  2. ICE-2625

Acegi integration not working for server-initiated rendering

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 1.7DR#3
          • Fix Version/s: 1.7Beta1, 1.7
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            jboss 4.0.5, jboss 4.2.1, jsf 1.1, jsf 1.2
          • Affects:
            Compatibility/Configuration

            Description

            Acegi integration is no longer working for server-initiated rendering. Same configurations were tested successfully with ICEfaces 1.6.2. The test fails with ICEfaces 1.7 DR#3 and the head. The security demo generates the following exception when trying to access Authentication information on an Ajax Push call.

            Caused by: java.lang.RuntimeException: Cannot determine if user in role. User information is not available.
            at com.icesoft.faces.context.BridgeExternalContext$3.isUserInRole(BridgeExternalContext.java:93)
            at com.icesoft.faces.webapp.http.servlet.ServletEnvironmentRequest.isUserInRole(ServletEnvironmentRequest.java:207)
            at com.icesoft.faces.webapp.http.servlet.ServletExternalContext.isUserInRole(ServletExternalContext.java:246)
            at com.icesoft.faces.component.ext.taglib.Util.isEnabledOnUserRole(Util.java:154)
            at com.icesoft.faces.component.ext.HtmlCommandLink.isDisabled(HtmlCommandLink.java:322)
            at com.icesoft.faces.component.ext.renderkit.CommandLinkRenderer.renderOnClick(CommandLinkRenderer.java:60)
            at com.icesoft.faces.renderkit.dom_html_basic.CommandLinkRenderer.encodeBegin(CommandLinkRenderer.java:129)
            at com.icesoft.faces.component.ext.renderkit.CommandLinkRenderer.encodeBegin(CommandLinkRenderer.java:54)
            at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:788)
            at com.icesoft.faces.renderkit.dom_html_basic.DomBasicRenderer.encodeParentAndChildren(DomBasicRenderer.java:350)
            at com.icesoft.faces.renderkit.dom_html_basic.GridRenderer.encodeChildren(GridRenderer.java:196)
            at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:812)
            at com.icesoft.faces.renderkit.dom_html_basic.DomBasicRenderer.encodeParentAndChildren(DomBasicRenderer.java:352)
            at com.icesoft.faces.component.ext.renderkit.TableRenderer.processUIColumnHeader(TableRenderer.java:294)
            at com.icesoft.faces.component.ext.renderkit.TableRenderer.renderColumnHeader(TableRenderer.java:212)
            at com.icesoft.faces.component.ext.renderkit.TableRenderer.renderFacet(TableRenderer.java:166)
            at com.icesoft.faces.renderkit.dom_html_basic.TableRenderer.encodeBegin(TableRenderer.java:108)
            at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:788)

              Activity

              Ascending order - Click to sort in descending order
              Hide
              Permalink
              Ted Goddard added a comment -

              The acegi integration appears to be working in the non-Push case, and I have reproduced the above exception under Ajax Push.

              Show
              Ted Goddard added a comment - The acegi integration appears to be working in the non-Push case, and I have reproduced the above exception under Ajax Push.
              Hide
              Permalink
              Ted Goddard added a comment -

              Another change is to make isUserInRole return false when the user is not authenticated. Previously, if the user was not authenticated and isUserInRole was tested during Ajax Push, a RuntimeException would occur. The behavior defined by the Servlet API is that isUserInRole returns false when the user is not authenticated.

              Note, however, if acegi is not configured, the RuntimeException is still thrown for isUserInRole during Ajax Push. Without acegi, ICEfaces is not able to determine if the user has been authenticated or not, hence the exception. It is also reasonable to return "false" for all calls to isUserInRole here as well, but the RuntimeException does serve to warn developers that isUserInRole is not functional during Ajax Push without acegi.

              Show
              Ted Goddard added a comment - Another change is to make isUserInRole return false when the user is not authenticated. Previously, if the user was not authenticated and isUserInRole was tested during Ajax Push, a RuntimeException would occur. The behavior defined by the Servlet API is that isUserInRole returns false when the user is not authenticated. Note, however, if acegi is not configured, the RuntimeException is still thrown for isUserInRole during Ajax Push. Without acegi, ICEfaces is not able to determine if the user has been authenticated or not, hence the exception. It is also reasonable to return "false" for all calls to isUserInRole here as well, but the RuntimeException does serve to warn developers that isUserInRole is not functional during Ajax Push without acegi.
              Hide
              Permalink
              Ted Goddard added a comment -

              A note about the test configuration used:

              Add acegi-security-1.0.6.jar, acegi-security-catalina-1.0.6.jar, commons-logging.jar, spring.jar to apache-tomcat-6.0.14/lib

              Add attached acegisecurity.xml to apache-tomcat-6.0.14/conf

              Replace apache-tomcat-6.0.14/conf/server.xml with attached server.xml for

              <Realm className="org.acegisecurity.adapters.catalina.CatalinaAcegiUserRealm"
              appContextLocation="conf/acegisecurity.xml"
              key="my_password" />

              Replace webapps/auctionMonitor/WEB-INF/web.xml with attached web.xml for

              <!-- Define a Security Constraint on this Application -->
              <security-constraint>
              <web-resource-collection>
              <web-resource-name>HTMLManger and Manager command</web-resource-name>
              <url-pattern>/*</url-pattern>
              <url-pattern>/auctionMonitor.iface</url-pattern>
              </web-resource-collection>
              <auth-constraint>
              <!-- NOTE: This role is not present in the default users file -->
              <role-name>manager</role-name>
              <role-name>tomcat</role-name>
              </auth-constraint>
              </security-constraint>

              <!-- Define the Login Configuration for this Application -->
              <login-config>
              <auth-method>BASIC</auth-method>
              <realm-name>AuctionMonitor</realm-name>
              </login-config>

              add

              <ice:outputText renderedOnUserRole="manager" value="HI MANAGER!" />

              to auctionMonitor.jspx page

              Show
              Ted Goddard added a comment - A note about the test configuration used: Add acegi-security-1.0.6.jar, acegi-security-catalina-1.0.6.jar, commons-logging.jar, spring.jar to apache-tomcat-6.0.14/lib Add attached acegisecurity.xml to apache-tomcat-6.0.14/conf Replace apache-tomcat-6.0.14/conf/server.xml with attached server.xml for <Realm className="org.acegisecurity.adapters.catalina.CatalinaAcegiUserRealm" appContextLocation="conf/acegisecurity.xml" key="my_password" /> Replace webapps/auctionMonitor/WEB-INF/web.xml with attached web.xml for <!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>HTMLManger and Manager command</web-resource-name> <url-pattern>/*</url-pattern> <url-pattern>/auctionMonitor.iface</url-pattern> </web-resource-collection> <auth-constraint> <!-- NOTE: This role is not present in the default users file --> <role-name>manager</role-name> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>AuctionMonitor</realm-name> </login-config> add <ice:outputText renderedOnUserRole="manager" value="HI MANAGER!" /> to auctionMonitor.jspx page

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  Philip Breau
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: