Announcement Announcement Module
Collapse
No announcement yet.
SWF wraps spring security AccessDeniedException in FlowExecutionException Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SWF wraps spring security AccessDeniedException in FlowExecutionException

    Hi,

    I'm seeing the behavior of SWF-559 in 2.2.1.RELEASE (in combination with spring core/mvc 3.0.5.RELEASE and spring security 3.0.2.RELEASE). It's not too much of a problem for me because I can use spring security directly to secure the URLs, but I wanted to give you a heads-up that the bug seems to have crept back in since the fix in 2.0.0.RC1.

    Should I re-open the issue?

    Regards,
    --Christopher

    Here's the stack trace:

    Code:
    org.springframework.webflow.execution.FlowExecutionException: Exception thrown within inactive flow 'update-core'
    
    org.springframework.webflow.engine.impl.FlowExecutionImpl.wrap(FlowExecutionImpl.java:572)
    org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:226)
    org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
    org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)
    org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
    org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    [etc.]
    
    caused by: org.springframework.security.access.AccessDeniedException: Access is denied
    
    org.springframework.security.access.vote.UnanimousBased.decide(UnanimousBased.java:78)
    org.springframework.webflow.security.SecurityFlowExecutionListener.decide(SecurityFlowExecutionListener.java:108)
    org.springframework.webflow.security.SecurityFlowExecutionListener.sessionCreating(SecurityFlowExecutionListener.java:66)
    org.springframework.webflow.engine.impl.FlowExecutionListeners.fireSessionCreating(FlowExecutionListeners.java:107)
    org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:353)
    org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:222)
    org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
    org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)
    org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
    org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    [etc.]
    I'm following the SWF reference for the setup:

    Code:
    	<!-- Executes flows: the entry point into the Spring Web Flow system -->
    	<webflow:flow-executor id="flowExecutor">
    		<webflow:flow-execution-listeners>
    			<webflow:listener ref="securityFlowExecutionListener" />
    		</webflow:flow-execution-listeners>
    	</webflow:flow-executor>
    
    	<bean id="securityFlowExecutionListener" class="org.springframework.webflow.security.SecurityFlowExecutionListener" />
    and the flow simply uses the <secured /> element:

    Code:
    <flow xmlns="http://www.springframework.org/schema/webflow"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
    
    	<secured attributes="ROLE_MY_ADMIN_ROLE" />
    	[...]
    </flow>
    Last edited by ccmtaylor; Sep 14th, 2011, 07:21 AM. Reason: typo

  • #2
    Originally posted by ccmtaylor View Post
    Hi,

    I'm seeing the behavior of SWF-559 in 2.2.1.RELEASE (in combination with spring core/mvc 3.0.5.RELEASE and spring security 3.0.2.RELEASE). It's not too much of a problem for me because I can use spring security directly to secure the URLs, but I wanted to give you a heads-up that the bug seems to have crept back in since the fix in 2.0.0.RC1.

    Should I re-open the issue?

    Regards,
    --Christopher
    Hi,

    it seems to me that the issue is still present in SWF 2.3.0. Can somebody confirm? Is there any plan to fix it?

    Thanks.

    Regards,
    KVitek

    Comment

    Working...
    X