Details
Description
Whenever a server side Ajax Push is initiated the Security Context is lost.
renderManager.getOnDemandRenderer(sessionId).requestRender();
userController.isAdmin();
leads to
Caused by: java.lang.RuntimeException: Cannot determine if user in role. User information is not available.
at com.icesoft.faces.context.BridgeExternalContext$3.isUserInRole(BridgeExternalContext.java:109)
at com.icesoft.faces.webapp.http.servlet.ServletEnvironmentRequest.isUserInRole(ServletEnvironmentRequest.java:207)
at com.icesoft.faces.webapp.http.servlet.ServletExternalContext.isUserInRole(ServletExternalContext.java:241)
at org.SRDB.springbeans.UserController.isAdmin(UserController.java:59)
at org.SRDB.springbeans.UserController$$FastClassByCGLIB$$fa7d0066.invoke(<generated>)
at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:700)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:635)
at org.SRDB.springbeans.UserController$$EnhancerByCGLIB$$9fbfce45.isAdmin(<generated>)
at sun.reflect.GeneratedMethodAccessor279.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.el.BeanELResolver.getValue(BeanELResolver.java:218)
at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:135)
at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:64)
at com.sun.el.parser.AstValue.getValue(AstValue.java:96)
at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:183)
at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
... 24 more
renderManager.getOnDemandRenderer(sessionId).requestRender();
userController.isAdmin();
leads to
Caused by: java.lang.RuntimeException: Cannot determine if user in role. User information is not available.
at com.icesoft.faces.context.BridgeExternalContext$3.isUserInRole(BridgeExternalContext.java:109)
at com.icesoft.faces.webapp.http.servlet.ServletEnvironmentRequest.isUserInRole(ServletEnvironmentRequest.java:207)
at com.icesoft.faces.webapp.http.servlet.ServletExternalContext.isUserInRole(ServletExternalContext.java:241)
at org.SRDB.springbeans.UserController.isAdmin(UserController.java:59)
at org.SRDB.springbeans.UserController$$FastClassByCGLIB$$fa7d0066.invoke(<generated>)
at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:700)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:635)
at org.SRDB.springbeans.UserController$$EnhancerByCGLIB$$9fbfce45.isAdmin(<generated>)
at sun.reflect.GeneratedMethodAccessor279.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.el.BeanELResolver.getValue(BeanELResolver.java:218)
at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:135)
at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:64)
at com.sun.el.parser.AstValue.getValue(AstValue.java:96)
at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:183)
at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
... 24 more
Issue Links
- blocks
-
ICE-3048 InputFile servlet handler loses security context
- Closed
This isn't a real duplicate. I created a new issue because this doesn't only affect the file upload component.