ICEfaces
  1. ICEfaces
  2. ICE-2625

Acegi integration not working for server-initiated rendering

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 1.7DR#3
          • Fix Version/s: 1.7Beta1, 1.7
          • Component/s: Framework
          • Labels:
            None
          • Environment:
            jboss 4.0.5, jboss 4.2.1, jsf 1.1, jsf 1.2
          • Affects:
            Compatibility/Configuration

            Description

            Acegi integration is no longer working for server-initiated rendering. Same configurations were tested successfully with ICEfaces 1.6.2. The test fails with ICEfaces 1.7 DR#3 and the head. The security demo generates the following exception when trying to access Authentication information on an Ajax Push call.

            Caused by: java.lang.RuntimeException: Cannot determine if user in role. User information is not available.
            at com.icesoft.faces.context.BridgeExternalContext$3.isUserInRole(BridgeExternalContext.java:93)
            at com.icesoft.faces.webapp.http.servlet.ServletEnvironmentRequest.isUserInRole(ServletEnvironmentRequest.java:207)
            at com.icesoft.faces.webapp.http.servlet.ServletExternalContext.isUserInRole(ServletExternalContext.java:246)
            at com.icesoft.faces.component.ext.taglib.Util.isEnabledOnUserRole(Util.java:154)
            at com.icesoft.faces.component.ext.HtmlCommandLink.isDisabled(HtmlCommandLink.java:322)
            at com.icesoft.faces.component.ext.renderkit.CommandLinkRenderer.renderOnClick(CommandLinkRenderer.java:60)
            at com.icesoft.faces.renderkit.dom_html_basic.CommandLinkRenderer.encodeBegin(CommandLinkRenderer.java:129)
            at com.icesoft.faces.component.ext.renderkit.CommandLinkRenderer.encodeBegin(CommandLinkRenderer.java:54)
            at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:788)
            at com.icesoft.faces.renderkit.dom_html_basic.DomBasicRenderer.encodeParentAndChildren(DomBasicRenderer.java:350)
            at com.icesoft.faces.renderkit.dom_html_basic.GridRenderer.encodeChildren(GridRenderer.java:196)
            at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:812)
            at com.icesoft.faces.renderkit.dom_html_basic.DomBasicRenderer.encodeParentAndChildren(DomBasicRenderer.java:352)
            at com.icesoft.faces.component.ext.renderkit.TableRenderer.processUIColumnHeader(TableRenderer.java:294)
            at com.icesoft.faces.component.ext.renderkit.TableRenderer.renderColumnHeader(TableRenderer.java:212)
            at com.icesoft.faces.component.ext.renderkit.TableRenderer.renderFacet(TableRenderer.java:166)
            at com.icesoft.faces.renderkit.dom_html_basic.TableRenderer.encodeBegin(TableRenderer.java:108)
            at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:788)

              Activity

              Ascending order - Click to sort in descending order
              Philip Breau created issue -
              Ken Fyten made changes -
              Field Original Value New Value
              Fix Version/s 1.7 [ 10080 ]
              Affects [Compatibility/Configuration]
              Assignee Priority P1
              Assignee Ted Goddard [ ted.goddard ]
              Hide
              Permalink
              Ted Goddard added a comment -

              The acegi integration appears to be working in the non-Push case, and I have reproduced the above exception under Ajax Push.

              Show
              Ted Goddard added a comment - The acegi integration appears to be working in the non-Push case, and I have reproduced the above exception under Ajax Push.
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #15583 Thu Jan 17 11:19:00 MST 2008 ted.goddard maintain AcegiAuthWrapper across requests when available (ICE-2625)
              Files Changed
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/env/AuthenticationVerifier.java
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/context/BridgeExternalContext.java
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletExternalContext.java
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/env/AcegiAuthWrapper.java
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/portlet/PortletExternalContext.java
              Ken Fyten made changes -
              Fix Version/s 1.7Beta1 [ 10121 ]
              Fix Version/s 1.7 [ 10080 ]
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #15589 Thu Jan 17 14:39:18 MST 2008 ted.goddard isUserInRole returns false for unathenticated user (ICE-2625)
              Files Changed
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/context/BridgeExternalContext.java
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/env/AcegiAuthWrapper.java
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/portlet/PortletExternalContext.java
              Hide
              Permalink
              Ted Goddard added a comment -

              Another change is to make isUserInRole return false when the user is not authenticated. Previously, if the user was not authenticated and isUserInRole was tested during Ajax Push, a RuntimeException would occur. The behavior defined by the Servlet API is that isUserInRole returns false when the user is not authenticated.

              Note, however, if acegi is not configured, the RuntimeException is still thrown for isUserInRole during Ajax Push. Without acegi, ICEfaces is not able to determine if the user has been authenticated or not, hence the exception. It is also reasonable to return "false" for all calls to isUserInRole here as well, but the RuntimeException does serve to warn developers that isUserInRole is not functional during Ajax Push without acegi.

              Show
              Ted Goddard added a comment - Another change is to make isUserInRole return false when the user is not authenticated. Previously, if the user was not authenticated and isUserInRole was tested during Ajax Push, a RuntimeException would occur. The behavior defined by the Servlet API is that isUserInRole returns false when the user is not authenticated. Note, however, if acegi is not configured, the RuntimeException is still thrown for isUserInRole during Ajax Push. Without acegi, ICEfaces is not able to determine if the user has been authenticated or not, hence the exception. It is also reasonable to return "false" for all calls to isUserInRole here as well, but the RuntimeException does serve to warn developers that isUserInRole is not functional during Ajax Push without acegi.
              Hide
              Permalink
              Ted Goddard added a comment -

              A note about the test configuration used:

              Add acegi-security-1.0.6.jar, acegi-security-catalina-1.0.6.jar, commons-logging.jar, spring.jar to apache-tomcat-6.0.14/lib

              Add attached acegisecurity.xml to apache-tomcat-6.0.14/conf

              Replace apache-tomcat-6.0.14/conf/server.xml with attached server.xml for

              <Realm className="org.acegisecurity.adapters.catalina.CatalinaAcegiUserRealm"
              appContextLocation="conf/acegisecurity.xml"
              key="my_password" />

              Replace webapps/auctionMonitor/WEB-INF/web.xml with attached web.xml for

              <!-- Define a Security Constraint on this Application -->
              <security-constraint>
              <web-resource-collection>
              <web-resource-name>HTMLManger and Manager command</web-resource-name>
              <url-pattern>/*</url-pattern>
              <url-pattern>/auctionMonitor.iface</url-pattern>
              </web-resource-collection>
              <auth-constraint>
              <!-- NOTE: This role is not present in the default users file -->
              <role-name>manager</role-name>
              <role-name>tomcat</role-name>
              </auth-constraint>
              </security-constraint>

              <!-- Define the Login Configuration for this Application -->
              <login-config>
              <auth-method>BASIC</auth-method>
              <realm-name>AuctionMonitor</realm-name>
              </login-config>

              add

              <ice:outputText renderedOnUserRole="manager" value="HI MANAGER!" />

              to auctionMonitor.jspx page

              Show
              Ted Goddard added a comment - A note about the test configuration used: Add acegi-security-1.0.6.jar, acegi-security-catalina-1.0.6.jar, commons-logging.jar, spring.jar to apache-tomcat-6.0.14/lib Add attached acegisecurity.xml to apache-tomcat-6.0.14/conf Replace apache-tomcat-6.0.14/conf/server.xml with attached server.xml for <Realm className="org.acegisecurity.adapters.catalina.CatalinaAcegiUserRealm" appContextLocation="conf/acegisecurity.xml" key="my_password" /> Replace webapps/auctionMonitor/WEB-INF/web.xml with attached web.xml for <!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>HTMLManger and Manager command</web-resource-name> <url-pattern>/*</url-pattern> <url-pattern>/auctionMonitor.iface</url-pattern> </web-resource-collection> <auth-constraint> <!-- NOTE: This role is not present in the default users file --> <role-name>manager</role-name> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>AuctionMonitor</realm-name> </login-config> add <ice:outputText renderedOnUserRole="manager" value="HI MANAGER!" /> to auctionMonitor.jspx page
              Ted Goddard made changes -
              Attachment acegisecurity.xml [ 10787 ]
              Ted Goddard made changes -
              Status Open [ 1 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Ken Fyten made changes -
              Fix Version/s 1.7 [ 10080 ]
              Ken Fyten made changes -
              Status Resolved [ 5 ] Closed [ 6 ]
              Assignee Priority P1
              Assignee Ted Goddard [ ted.goddard ]

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  Philip Breau
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: