Tags
People
Badges
Help-
CORE FRAMEWORK
FEATURED COMPONENTS
-
RESOURCES
-
LEARN ZK
RESOURCES
Am trying to use the ZKAccessDeniedHandler class as the default access denied handler for an application. However, when spring security passes control to this handler a NullPointerException is thrown within the handler, indicating the current execution is unavailable, as below:
java.lang.NullPointerException org.zkoss.zk.ui.Executions.createComponents(Executions.java:176) org.zkoss.spring.security.ui.ZkAccessDeniedHandler.handle(ZkAccessDeniedHandler.java:61) org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:174) org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:131) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
The configuration is as follows:
<security:http>
<security:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<!-- <security:intercept-url pattern="/applications/locations/**" access="ROLE_VIEW_LOCATION_LANDING"/> -->
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
<security:access-denied-handler ref="accessDenHandler"/>
<security:form-login login-page="/signon.zul" authentication-failure-handler-ref="failureRedirectHandler" authentication-success-handler-ref="successRedirectHandler" username-parameter="tbUser" password-parameter="pbPassword"/>
<security:logout success-handler-ref="successLogoutHandler" logout-url="/logout"/>
<security:session-management session-fixation-protection="none" />
</security:http>
.
.
.
<!-- Handler for accessdeniedexception -->
<bean id="accessDenHandler"
class="org.zkoss.spring.security.ui.ZkAccessDeniedHandler">
<property name="errorTemplate" value="/invalidAccess.zul"/>
</bean>
As there isn’t much documentation around the use of the ZK spring security classes, I’m not sure whether this is an invalid use of the class or I’m just not configuring it correctly. The initial AccessDeniedException is being thrown from a VIewModel class and is being handled by Spring Security, via ZK AU, using the configuration defined in the following SmallTalk example http://books.zkoss.org/index.php?title=SmallTalks/2013/March/IntegrateSpringSecuritywith_ZK
Thanks.
Asked: 2015-06-17 05:31:31 +0800
Seen: 21 times
Last updated: Jun 17 '15