You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltaspike.apache.org by "Gerhard Petracek (JIRA)" <ji...@apache.org> on 2014/09/12 20:23:34 UTC

[jira] [Assigned] (DELTASPIKE-720) ClassCastException if voters have the same simple class name

     [ https://issues.apache.org/jira/browse/DELTASPIKE-720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gerhard Petracek reassigned DELTASPIKE-720:
-------------------------------------------

    Assignee: Gerhard Petracek

> ClassCastException if voters have the same simple class name
> ------------------------------------------------------------
>
>                 Key: DELTASPIKE-720
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-720
>             Project: DeltaSpike
>          Issue Type: Bug
>          Components: JSF-Module
>    Affects Versions: 1.0.2
>         Environment: Weld 1.1.23.Final
>            Reporter: Ron Smeral
>            Assignee: Gerhard Petracek
>            Priority: Minor
>         Attachments: ds-secured-jsf-reproducer.zip
>
>
> When two different AccessDecisionVoters have the same simple class name ({{Class#getSimpleName()}}, in the following example equal to "Voter"), a ClassCastException is thrown, such as the following:
> {noformat}
> java.lang.ClassCastException: org.rsmeral.reproducer.RolesAllowed$Voter cannot be cast to org.rsmeral.reproducer.LoggedIn$Voter
> 	org.rsmeral.reproducer.Voter$Proxy$_$$_WeldClientProxy.checkPermission(Voter$Proxy$_$$_WeldClientProxy.java)
> 	sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> 	sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	java.lang.reflect.Method.invoke(Method.java:601)
> 	org.apache.deltaspike.core.api.config.view.metadata.ExecutableCallbackDescriptor.execute(ExecutableCallbackDescriptor.java:71)
> 	org.apache.deltaspike.security.api.authorization.Secured$Descriptor.execute(Secured.java:93)
> 	org.apache.deltaspike.jsf.impl.util.SecurityUtils.invokeVoters(SecurityUtils.java:80)
> 	org.apache.deltaspike.jsf.impl.security.ViewRootAccessHandler.checkAccessTo(ViewRootAccessHandler.java:87)
> 	org.apache.deltaspike.jsf.impl.security.ViewRootAccessHandler$Proxy$_$$_WeldClientProxy.checkAccessTo(ViewRootAccessHandler$Proxy$_$$_WeldClientProxy.java)
> 	org.apache.deltaspike.jsf.impl.security.SecurityAwareViewHandler.createView(SecurityAwareViewHandler.java:114)
> {noformat}
> One thing which seems suspicious is, that the class name of the proxy is apparently based on the simple name, in this case it's {{org.rsmeral.reproducer.Voter$Proxy$_$$_WeldClientProxy}}.
> {code}
> @Folder(name = "/")
> public interface Pages extends ViewConfig {
>     @Secured(LoggedIn.Voter.class)
>     interface Admin extends Pages {
>         @Secured(RolesAllowed.Voter.class)// throws ClassCastException
>         class Secure implements Admin {
>         }
>     }
> }
> {code}
> This is LoggedIn, and RolesAllowed is analogous...
> {code:title=LoggedIn.java}
> ...
> @Stereotype
> @Secured(LoggedIn.Voter.class)
> public @interface LoggedIn {
>     public static class Voter implements AccessDecisionVoter {
>     ...
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)