search

jesse-gallagher / frostillic.us-Blog

http://frostillic.us
Apache License 2.0
8 stars 0 forks source link

Improve access control UI #13

Open jesse-gallagher opened 6 years ago

jesse-gallagher commented 6 years ago

The @RolesAllowed annotation works to prevent access to classes or methods, but it results in this stack trace:

org.jboss.resteasy.spi.LoggableFailure: RESTEASY003880: Unable to find contextual data of type: javax.servlet.http.HttpServletRequest
    org.jboss.resteasy.core.ContextParameterInjector$GenericDelegatingProxy.invoke(ContextParameterInjector.java:62)
    com.sun.proxy.$Proxy77.isAsyncStarted(Unknown Source)
    javax.servlet.ServletRequestWrapper.isAsyncStarted(ServletRequestWrapper.java:408)
    javax.servlet.ServletRequestWrapper.isAsyncStarted(ServletRequestWrapper.java:408)
    org.mvcspec.ozark.core.ViewableWriter.writeTo(ViewableWriter.java:144)
    org.mvcspec.ozark.core.ViewableWriter.writeTo(ViewableWriter.java:78)
    org.jboss.resteasy.core.interception.jaxrs.AbstractWriterInterceptorContext.writeTo(AbstractWriterInterceptorContext.java:137)
    org.jboss.resteasy.core.interception.jaxrs.ServerWriterInterceptorContext.writeTo(ServerWriterInterceptorContext.java:61)
    org.jboss.resteasy.core.interception.jaxrs.AbstractWriterInterceptorContext.proceed(AbstractWriterInterceptorContext.java:124)
    org.jboss.resteasy.plugins.interceptors.GZIPEncodingInterceptor.aroundWriteTo(GZIPEncodingInterceptor.java:103)
    org.jboss.resteasy.core.interception.jaxrs.AbstractWriterInterceptorContext.proceed(AbstractWriterInterceptorContext.java:129)
    org.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:141)
    org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:183)
    org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:418)
    org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209)
    org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
    org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
    org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
    com.darwino.j2ee.servlet.server.servlet.ServiceDispatcherFilter.doFilter(ServiceDispatcherFilter.java:179)
    com.darwino.j2ee.servlet.resources.GlobalPathRewriterFilter.doFilter(GlobalPathRewriterFilter.java:91)
    com.darwino.j2ee.application.DarwinoJ2EEFilter.doFilter(DarwinoJ2EEFilter.java:221)
    com.darwino.j2ee.servlet.authentication.AuthenticationFilter.chainFilter(AuthenticationFilter.java:219)
    com.darwino.j2ee.servlet.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:211)
    com.darwino.j2ee.servlet.gzip.GZipServletFilter.doFilter(GZipServletFilter.java:78)

It seems like that trace is actually coming from trying to display the REAL exception, but being blocked by the lack of context. It'd be nice if it was a bit more on-point, but it doesn't particularly matter as long as it functions.

jesse-gallagher commented 5 years ago

This is also RESTEasy-specific, so even less of a big deal.