[ICE-3048] InputFile servlet handler loses security context - ICEsoft JIRA Issue Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.7
Fix Version/s: 1.7.2
Component/s: ICE-Components
Labels:
None
Environment:
Spring 2.0.3

ICEsoft Forum Reference:
http://www.icefaces.org/JForum/posts/list/7507.page
Support Case References:

Hide
https://www.icesoft.ca:4443/supportilla/show_bug.cgi?id=4630
https://www.icesoft.ca:4443/supportilla/show_bug.cgi?id=4994

Show
https://www.icesoft.ca:4443/supportilla/show_bug.cgi?id=4630 https://www.icesoft.ca:4443/supportilla/show_bug.cgi?id=4994

Description

Security context is lost when uploading files

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

RoleFileUploadEAR.zip

08/Jul/08 3:20 PM

9.00 MB

Tyler Johnson

Issue Links

blocks

ICE-5129 ice:inputFile not working if JSF page is protected by JAAS authentication

Closed

depends on

ICE-3157 Security Context is lost during Ajax Push

Closed

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Philip Breau added a comment - 02/May/08 10:06 AM

javax.faces.FacesException: Problem in renderResponse: Cannot determine if user in role. User information is not availab
le.
at com.icesoft.faces.facelets.D2DFaceletViewHandler.renderResponse(D2DFaceletViewHandler.java:298)
at com.icesoft.faces.application.D2DViewHandler.renderView(D2DViewHandler.java:161)
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:106)
at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144)
at com.icesoft.faces.webapp.xmlhttp.PersistentFacesState.render(PersistentFacesState.java:152)
at com.icesoft.faces.webapp.xmlhttp.PersistentFacesState.executeAndRender(PersistentFacesState.java:295)
at com.icesoft.faces.webapp.xmlhttp.PersistentFacesState$RenderRunner.run(PersistentFacesState.java:332)
at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)

at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.RuntimeException: Cannot determine if user in role. User information is not available.
at com.icesoft.faces.context.BridgeExternalContext$3.isUserInRole(BridgeExternalContext.java:109)
at com.icesoft.faces.webapp.http.servlet.ServletEnvironmentRequest.isUserInRole(ServletEnvironmentRequest.java:2
07)
at com.icesoft.faces.webapp.http.servlet.ServletExternalContext.isUserInRole(ServletExternalContext.java:241)
at com.icesoft.faces.component.ext.taglib.Util.isRenderedOnUserRole(Util.java:111)
at com.icesoft.faces.component.menubar.MenuItem.isRendered(MenuItem.java:401)
at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:781)
at com.icesoft.faces.renderkit.dom_html_basic.DomBasicRenderer.encodeParentAndChildren(DomBasicRenderer.java:350

Show

Philip Breau added a comment - 02/May/08 10:06 AM javax.faces.FacesException: Problem in renderResponse: Cannot determine if user in role. User information is not availab le. at com.icesoft.faces.facelets.D2DFaceletViewHandler.renderResponse(D2DFaceletViewHandler.java:298) at com.icesoft.faces.application.D2DViewHandler.renderView(D2DViewHandler.java:161) at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:106) at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251) at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144) at com.icesoft.faces.webapp.xmlhttp.PersistentFacesState.render(PersistentFacesState.java:152) at com.icesoft.faces.webapp.xmlhttp.PersistentFacesState.executeAndRender(PersistentFacesState.java:295) at com.icesoft.faces.webapp.xmlhttp.PersistentFacesState$RenderRunner.run(PersistentFacesState.java:332) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690) at java.lang.Thread.run(Thread.java:619) Caused by: java.lang.RuntimeException: Cannot determine if user in role. User information is not available. at com.icesoft.faces.context.BridgeExternalContext$3.isUserInRole(BridgeExternalContext.java:109) at com.icesoft.faces.webapp.http.servlet.ServletEnvironmentRequest.isUserInRole(ServletEnvironmentRequest.java:2 07) at com.icesoft.faces.webapp.http.servlet.ServletExternalContext.isUserInRole(ServletExternalContext.java:241) at com.icesoft.faces.component.ext.taglib.Util.isRenderedOnUserRole(Util.java:111) at com.icesoft.faces.component.menubar.MenuItem.isRendered(MenuItem.java:401) at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:781) at com.icesoft.faces.renderkit.dom_html_basic.DomBasicRenderer.encodeParentAndChildren(DomBasicRenderer.java:350

Hide

Permalink

Philip Breau added a comment - 02/May/08 10:08 AM

Mark Collette suggested the following fix:

com.icesoft.faces.component.inputfile.InputFile class has a line on 246 in Beta
1 version upload method which should be removed

PersistentFacesState.getInstance().renderLater();

Show

Philip Breau added a comment - 02/May/08 10:08 AM Mark Collette suggested the following fix: com.icesoft.faces.component.inputfile.InputFile class has a line on 246 in Beta 1 version upload method which should be removed PersistentFacesState.getInstance().renderLater();

Hide

Permalink

Silvano Maffeis added a comment - 02/Oct/08 4:43 AM

Hi.

I tested 1.7.2 RC1 but the problem is still there, even though this bug was marked as fixed.
That's the exception I'm getting when using the file upload component.

Caused by: java.lang.RuntimeException: Cannot determine if user in role. User information is not available.
at com.icesoft.faces.context.BridgeExternalContext$4.isUserInRole(BridgeExternalContext.java:138)
at com.icesoft.faces.webapp.http.servlet.ServletEnvironmentRequest.isUserInRole(ServletEnvironmentRequest.java:207)
at com.icesoft.faces.webapp.http.servlet.ServletExternalContext.isUserInRole(ServletExternalContext.java:243)
at com.icesoft.faces.component.ext.taglib.Util.isRenderedOnUserRole(Util.java:111)
at com.icesoft.faces.component.menubar.MenuItem.isRendered(MenuItem.java:402)
at com.icesoft.faces.component.menubar.MenuItemRenderer.renderSubMenuItem(MenuItemRenderer.java:549)
at com.icesoft.faces.component.menubar.MenuItemRenderer.renderChildrenRecursive(MenuItemRenderer.java:448)
at com.icesoft.faces.component.menubar.MenuItemRenderer.encodeBegin(MenuItemRenderer.java:230)
at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:788)
at com.icesoft.faces.renderkit.dom_html_basic.DomBasicRenderer.encodeParentAndChildren(DomBasicRenderer.java:350)
at com.icesoft.faces.component.menubar.MenuBarRenderer.encodeChildren(MenuBarRenderer.java:117)
at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:812)
at com.icesoft.faces.renderkit.dom_html_basic.DomBasicRenderer.encodeParentAndChildren(DomBasicRenderer.java:352)
at com.icesoft.faces.renderkit.dom_html_basic.GridRenderer.encodeChildren(GridRenderer.java:203)
at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:812)
at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:571)
at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:575)
at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:575)
at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:575)
at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:575)
at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:575)
at com.icesoft.faces.facelets.D2DFaceletViewHandler.renderResponse(D2DFaceletViewHandler.java:282)

Show

Silvano Maffeis added a comment - 02/Oct/08 4:43 AM Hi. I tested 1.7.2 RC1 but the problem is still there, even though this bug was marked as fixed. That's the exception I'm getting when using the file upload component. Caused by: java.lang.RuntimeException: Cannot determine if user in role. User information is not available. at com.icesoft.faces.context.BridgeExternalContext$4.isUserInRole(BridgeExternalContext.java:138) at com.icesoft.faces.webapp.http.servlet.ServletEnvironmentRequest.isUserInRole(ServletEnvironmentRequest.java:207) at com.icesoft.faces.webapp.http.servlet.ServletExternalContext.isUserInRole(ServletExternalContext.java:243) at com.icesoft.faces.component.ext.taglib.Util.isRenderedOnUserRole(Util.java:111) at com.icesoft.faces.component.menubar.MenuItem.isRendered(MenuItem.java:402) at com.icesoft.faces.component.menubar.MenuItemRenderer.renderSubMenuItem(MenuItemRenderer.java:549) at com.icesoft.faces.component.menubar.MenuItemRenderer.renderChildrenRecursive(MenuItemRenderer.java:448) at com.icesoft.faces.component.menubar.MenuItemRenderer.encodeBegin(MenuItemRenderer.java:230) at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:788) at com.icesoft.faces.renderkit.dom_html_basic.DomBasicRenderer.encodeParentAndChildren(DomBasicRenderer.java:350) at com.icesoft.faces.component.menubar.MenuBarRenderer.encodeChildren(MenuBarRenderer.java:117) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:812) at com.icesoft.faces.renderkit.dom_html_basic.DomBasicRenderer.encodeParentAndChildren(DomBasicRenderer.java:352) at com.icesoft.faces.renderkit.dom_html_basic.GridRenderer.encodeChildren(GridRenderer.java:203) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:812) at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:571) at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:575) at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:575) at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:575) at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:575) at com.icesoft.faces.application.D2DViewHandler.renderResponse(D2DViewHandler.java:575) at com.icesoft.faces.facelets.D2DFaceletViewHandler.renderResponse(D2DFaceletViewHandler.java:282)

Hide

Permalink

Stevi Deter added a comment - 23/Oct/08 2:39 PM

This is still not fixed in 1.7.2, and is a major blocking issue for me.

I tried the 1.8.0 DR2, but it seems to conflict with the OpenSessionInViewFilter.

Anybody have a workaround yet? We've already lost days of dev time trying to handle this.

Show

Stevi Deter added a comment - 23/Oct/08 2:39 PM This is still not fixed in 1.7.2, and is a major blocking issue for me. I tried the 1.8.0 DR2, but it seems to conflict with the OpenSessionInViewFilter. Anybody have a workaround yet? We've already lost days of dev time trying to handle this.

Hide

Permalink

Silvano Maffeis added a comment - 24/Oct/08 12:43 AM

I also haven't found any workarounds yet. It's of course unfortunate as this critical bug was reported many months ago.

I think it's the combination of using the file upload component on a page requiring HTTP authentication. Also I'm using
an ice:menuBar element with the "enabledOnUserRole" attribute set in the ice:menuItem elements.

I hope these hints will expedite the resolution of this issue.

- Please vote for this bug **

Show

Silvano Maffeis added a comment - 24/Oct/08 12:43 AM I also haven't found any workarounds yet. It's of course unfortunate as this critical bug was reported many months ago. I think it's the combination of using the file upload component on a page requiring HTTP authentication. Also I'm using an ice:menuBar element with the "enabledOnUserRole" attribute set in the ice:menuItem elements. I hope these hints will expedite the resolution of this issue. Please vote for this bug **

Hide

Permalink

Ken Fyten added a comment - 24/Oct/08 5:01 PM

Our internal tests are passing using ACEGI and Spring Security. What security configuration are you using? Can you send a test case or post in the forums?

Show

Ken Fyten added a comment - 24/Oct/08 5:01 PM Our internal tests are passing using ACEGI and Spring Security. What security configuration are you using? Can you send a test case or post in the forums?

Hide

Permalink

Silvano Maffeis added a comment - 24/Oct/08 11:42 PM

We are using a JAAS security provider under JBoss and we are setting the "enabledOnUserRole" attribute on "ice:menuItem".
Apparently I'm not the only one still facing this issue with 1.7.2, see Stevi Deter's comments on this ticket.

Regards,
Silvano

Show

Silvano Maffeis added a comment - 24/Oct/08 11:42 PM Hi We are using a JAAS security provider under JBoss and we are setting the "enabledOnUserRole" attribute on "ice:menuItem". Apparently I'm not the only one still facing this issue with 1.7.2, see Stevi Deter's comments on this ticket. Regards, Silvano

Hide

Permalink

Matthias Roth added a comment - 13/Nov/08 9:03 AM

Hi same with me,

we are using Oracle OC4J 10.1.3.x with a custom JAAS LoginModule. Like Silvano reportet, the problem occurs when the page is set with the ice:menuItem and it's attribute "enabledOnUserRole". I've upgraded to the latest prod release 1.7.2., but the Problem remains (i suggest due to the use of JAAS).

Show

Matthias Roth added a comment - 13/Nov/08 9:03 AM Hi same with me, we are using Oracle OC4J 10.1.3.x with a custom JAAS LoginModule. Like Silvano reportet, the problem occurs when the page is set with the ice:menuItem and it's attribute "enabledOnUserRole". I've upgraded to the latest prod release 1.7.2., but the Problem remains (i suggest due to the use of JAAS).

Hide

Permalink

Silvano Maffeis added a comment - 14/Nov/08 2:32 AM

Hi Matthias

probably we should file a new support ticket. This one was closed. I asked to reopen it a couple of weeks ago but it remained closed.
I think now its pretty clear what causes the exception (JAAS, ice:menuItem and attribute "enabledOnUserRole")
so the ICEfaces team should be able to reproduce the bug and solve it. If they want.

If you happen to open a fresh one, let me know at silvano@maffeis.com so I can add my comments and add my vote, too.

Regards,
Silvano

Show

Silvano Maffeis added a comment - 14/Nov/08 2:32 AM Hi Matthias probably we should file a new support ticket. This one was closed. I asked to reopen it a couple of weeks ago but it remained closed. I think now its pretty clear what causes the exception (JAAS, ice:menuItem and attribute "enabledOnUserRole") so the ICEfaces team should be able to reproduce the bug and solve it. If they want. If you happen to open a fresh one, let me know at silvano@maffeis.com so I can add my comments and add my vote, too. Regards, Silvano

Hide

Permalink

Silvano Maffeis added a comment - 12/Jan/10 2:11 AM

FileUpload component still does not work in ICEFaces 1.8.2 if the component resides on a JSF page protected by JAAS authentication. This issue has been around for so long now, very frustrating.

Show

Silvano Maffeis added a comment - 12/Jan/10 2:11 AM FileUpload component still does not work in ICEFaces 1.8.2 if the component resides on a JSF page protected by JAAS authentication. This issue has been around for so long now, very frustrating.

People

Assignee:

Unassigned

Reporter:

Philip Breau

Votes:

12 Vote for this issue

Watchers:

8 Start watching this issue

Dates

Created:

02/May/08 10:05 AM

Updated:

12/Jan/10 2:11 AM

Resolved:

09/Sep/08 5:53 PM