Hi,
I have a big problem with the InstanceBasedSecuritymanager described in
Freddy's StripesBook: Using the security-tags, I get this unfriendly exception:
javax.servlet.ServletException: javax.servlet.jsp.JspTagException: Since tag
class org.stripesstuff.plugin.security.AllowedTag does not implement BodyTag,
it cannot return BodyTag.EVAL_BODY_BUFFERED
at
weblogic.servlet.jsp.PageContextImpl.handlePageException(PageContextImpl.java:420)
at
jsp_servlet._web_45_inf._pages._layout.__container._jspService(__container.java:597)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at
weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:502)
at
weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatcherImpl.java:432)
at
weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:163)
at
weblogic.servlet.jsp.PageContextImpl.include(PageContextImpl.java:184)
at
net.sourceforge.stripes.tag.layout.LayoutRenderTag.doEndTag(LayoutRenderTag.java:119)
...
Using @RolesAllowed(...) works fine for restricting access to ActionBeans
(getting a 401 error if not authorized), just the tags don't work. This happens
on an Oracle WebLogic server with Stripes 1.5.1 and the latest version of
Oscar's security library.
Here are some code snippets of my webapp:
--- ActionBean used to retrieve the access rights for the security tag ---
@UrlBinding("/browse.action")
@RolesAllowed( { "LEB_A", "LEB_P" })
public class MyActionBean extends BaseActionBean {
@DefaultHandler
@DontValidate
public Resolution defaultResolution() {
return new ForwardResolution("/WEB-INF/pages/menu/browse.jsp");
}
}
--- the jsp using the security tag ---
<%@ page contentType="text/html; charset=utf-8" language="java"
pageEncoding="utf-8"%>
...
<%@ taglib prefix="security" uri="http://www.stripes-stuff.org/security.tld"; %>
<s:layout-definition>
<s:useActionBean id="lebBean" beanclass="pckg.MyActionBean"/>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
<html>
...
<security:allowed bean="lebBean">
My secret text here...
</security:allowed>
...
</html>
</s:layout-definition>
--- "my" security manager (most taken from the book) ---
public class MySecurityManager extends InstanceBasedSecurityManager {
@Override
protected Boolean isUserAuthenticated(ActionBean bean, Method handler) {
return isUserAuthenticated(bean);
}
@Override
protected Boolean hasRoleName(ActionBean bean, Method handler,
String roleName) {
User user = getAuthorizedUser(bean);
if (user != null) {
Collection<String> roles = user.getRoles();
return roles != null && roles.contains(roleName);
}
return false;
}
private User getAuthorizedUser(ActionBean bean) {
User user = ((BaseActionBean) bean).getContext().getUser();
return user;
}
private boolean isUserAuthenticated(ActionBean bean) {
User user = getAuthorizedUser(bean);
return user != null;
}
}
---
I don't habe a clue what's going wrong here. Can anyone help me?
Regards,
Marcus
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
