-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Am trying to use the ZKAccessDeniedHandler class as the default access denied handler for an application. However, when spring security passes control to this handler a NullPointerException is thrown within the handler, indicating the current execution is unavailable, as below:
java.lang.NullPointerException org.zkoss.zk.ui.Executions.createComponents(Executions.java:176) org.zkoss.spring.security.ui.ZkAccessDeniedHandler.handle(ZkAccessDeniedHandler.java:61) org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:174) org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:131) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
The configuration is as follows:
<security:http>
<security:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<!-- <security:intercept-url pattern="/applications/locations/**" access="ROLE_VIEW_LOCATION_LANDING"/> -->
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
<security:access-denied-handler ref="accessDenHandler"/>
<security:form-login login-page="/signon.zul" authentication-failure-handler-ref="failureRedirectHandler" authentication-success-handler-ref="successRedirectHandler" username-parameter="tbUser" password-parameter="pbPassword"/>
<security:logout success-handler-ref="successLogoutHandler" logout-url="/logout"/>
<security:session-management session-fixation-protection="none" />
</security:http>
.
.
.
<!-- Handler for accessdeniedexception -->
<bean id="accessDenHandler"
class="org.zkoss.spring.security.ui.ZkAccessDeniedHandler">
<property name="errorTemplate" value="/invalidAccess.zul"/>
</bean>
As there isn’t much documentation around the use of the ZK spring security classes, I’m not sure whether this is an invalid use of the class or I’m just not configuring it correctly. The initial AccessDeniedException is being thrown from a VIewModel class and is being handled by Spring Security, via ZK AU, using the configuration defined in the following SmallTalk example http://books.zkoss.org/index.php?title=SmallTalks/2013/March/IntegrateSpringSecuritywith_ZK
Thanks.
Asked: 2015-06-17 05:31:31 +0800
Seen: 21 times
Last updated: Jun 17 '15
Zk + Spring Security redirect to strange page after login
ZK Spring webflow and flowScope
Spring security doesn't return user inside event listener
ZK Spring 3.1.1 MVVM Use @Scope/@Component or No?
Upgrading from Spring3.1 to 3.1.1 Maven.. pulls in 3.0.x jars... issues
When would I want to use ThreadLocalListener?
ZKoss with springsecurity using database