0

ZK spring security ZKAccessDeniedHandler - Null Pointer

asked 2015-06-17 05:31:31 +0800

JustinFrost gravatar image JustinFrost
139 1 6

Am trying to use the ZKAccessDeniedHandler class as the default access denied handler for an application. However, when spring security passes control to this handler a NullPointerException is thrown within the handler, indicating the current execution is unavailable, as below:

java.lang.NullPointerException org.zkoss.zk.ui.Executions.createComponents(Executions.java:176) org.zkoss.spring.security.ui.ZkAccessDeniedHandler.handle(ZkAccessDeniedHandler.java:61) org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:174) org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:131) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)

The configuration is as follows:

<security:http>
        <security:intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
     <!-- <security:intercept-url pattern="/applications/locations/**" access="ROLE_VIEW_LOCATION_LANDING"/> -->

        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>

        <security:access-denied-handler ref="accessDenHandler"/>

        <security:form-login login-page="/signon.zul" authentication-failure-handler-ref="failureRedirectHandler"  authentication-success-handler-ref="successRedirectHandler" username-parameter="tbUser" password-parameter="pbPassword"/>

        <security:logout success-handler-ref="successLogoutHandler" logout-url="/logout"/>

        <security:session-management session-fixation-protection="none" />
    </security:http>

.
.
.

   <!-- Handler for accessdeniedexception -->
    <bean id="accessDenHandler"
          class="org.zkoss.spring.security.ui.ZkAccessDeniedHandler">
        <property name="errorTemplate" value="/invalidAccess.zul"/>
    </bean>

As there isn’t much documentation around the use of the ZK spring security classes, I’m not sure whether this is an invalid use of the class or I’m just not configuring it correctly. The initial AccessDeniedException is being thrown from a VIewModel class and is being handled by Spring Security, via ZK AU, using the configuration defined in the following SmallTalk example http://books.zkoss.org/index.php?title=SmallTalks/2013/March/IntegrateSpringSecuritywith_ZK

Thanks.

delete flag offensive retag edit
Be the first one to answer this question!
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow
1 follower

RSS

Stats

Asked: 2015-06-17 05:31:31 +0800

Seen: 19 times

Last updated: Jun 17 '15

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More