[
https://issues.apache.org/jira/browse/DELTASPIKE-720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gerhard Petracek closed DELTASPIKE-720.
---------------------------------------
> ClassCastException if voters have the same simple class name
> ------------------------------------------------------------
>
> Key: DELTASPIKE-720
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-720
> Project: DeltaSpike
> Issue Type: Bug
> Components: JSF-Module
> Affects Versions: 1.0.2
> Environment: Weld 1.1.23.Final
> Reporter: Ron Smeral
> Assignee: Gerhard Petracek
> Priority: Minor
> Attachments: ds-secured-jsf-reproducer.zip
>
>
> When two different AccessDecisionVoters have the same simple class name
> ({{Class#getSimpleName()}}, in the following example equal to "Voter"), a
> ClassCastException is thrown, such as the following:
> {noformat}
> java.lang.ClassCastException: org.rsmeral.reproducer.RolesAllowed$Voter
> cannot be cast to org.rsmeral.reproducer.LoggedIn$Voter
>
> org.rsmeral.reproducer.Voter$Proxy$_$$_WeldClientProxy.checkPermission(Voter$Proxy$_$$_WeldClientProxy.java)
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> java.lang.reflect.Method.invoke(Method.java:601)
>
> org.apache.deltaspike.core.api.config.view.metadata.ExecutableCallbackDescriptor.execute(ExecutableCallbackDescriptor.java:71)
>
> org.apache.deltaspike.security.api.authorization.Secured$Descriptor.execute(Secured.java:93)
>
> org.apache.deltaspike.jsf.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:80)
>
> org.apache.deltaspike.jsf.impl.security.ViewRootAccessHandler.checkAccessTo(ViewRootAccessHandler.java:87)
>
> org.apache.deltaspike.jsf.impl.security.ViewRootAccessHandler$Proxy$_$$_WeldClientProxy.checkAccessTo(ViewRootAccessHandler$Proxy$_$$_WeldClientProxy.java)
>
> org.apache.deltaspike.jsf.impl.security.SecurityAwareViewHandler.createView(SecurityAwareViewHandler.java:114)
> {noformat}
> One thing which seems suspicious is, that the class name of the proxy is
> apparently based on the simple name, in this case it's
> {{org.rsmeral.reproducer.Voter$Proxy$_$$_WeldClientProxy}}.
> {code}
> @Folder(name = "/")
> public interface Pages extends ViewConfig {
> @Secured(LoggedIn.Voter.class)
> interface Admin extends Pages {
> @Secured(RolesAllowed.Voter.class)// throws ClassCastException
> class Secure implements Admin {
> }
> }
> }
> {code}
> This is LoggedIn, and RolesAllowed is analogous...
> {code:title=LoggedIn.java}
> ...
> @Stereotype
> @Secured(LoggedIn.Voter.class)
> public @interface LoggedIn {
> public static class Voter implements AccessDecisionVoter {
> ...
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
