You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Martin Makundi <ma...@koodaripalvelut.com> on 2010/07/09 09:32:48 UTC
Re: Unauthorized page instantiation, why does it occur and how to
prevent it?
Or is it possible that this is an OLD instance of a page (in PAGEMAP)
and it is being rendered even if user is no longer authorized??? How
can this be legal? Is it a bug or am I missing a setting somewhere?
**
Martin
2010/7/9 Martin Makundi <ma...@koodaripalvelut.com>:
> Hi!
>
> I get lots of these exceptions when persumably people use our
> application in produciton from bookmarks pointing to dynamic links and
> their session is out.
>
> How can this happen? The particular page requires authentiacation
> which is handled via
> AbstractPageAuthorizationStrategy#isPageAuthorized(java.lang.Class)
>
> It should not be possible to instantiate this page at all because the
> nullpointer is caused by session.getPerson().getStatus() and
> authentication is determined via session.getPerson() != null. So this
> page by definition cannot be authorized to a user without session.
>
> How is this exception possible?
>
> 010-07-09 09:36:46,388 60568417 [17723757@qtp-7525870-352] ERROR
> RequestCycle - unexpected exception when handling another exception:
> Exception in rendering component: [MarkupContainer [Component id =
> _header_2474]]
> org.apache.wicket.WicketRuntimeException: Exception in rendering
> component: [MarkupContainer [Component id = _header_2474]]
> at org.apache.wicket.Component.renderComponent(Component.java:2658)
> at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1512)
> at org.apache.wicket.Component.render(Component.java:2450)
> at org.apache.wicket.MarkupContainer.autoAdd(MarkupContainer.java:229)
> at org.apache.wicket.markup.resolver.HtmlHeaderResolver.resolve(HtmlHeaderResolver.java:80)
> at org.apache.wicket.markup.resolver.ComponentResolvers.resolve(ComponentResolvers.java:81)
> at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1418)
> at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1528)
> at org.apache.wicket.Page.onRender(Page.java:1565)
> at org.apache.wicket.Component.render(Component.java:2450)
> at org.apache.wicket.Page.renderPage(Page.java:914)
> at org.apache.wicket.request.target.component.PageRequestTarget.respond(PageRequestTarget.java:63)
> at org.apache.wicket.request.AbstractRequestCycleProcessor.respond(AbstractRequestCycleProcessor.java:105)
> at org.apache.wicket.RequestCycle.respond(RequestCycle.java:1267)
> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1334)
> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1428)
> at org.apache.wicket.RequestCycle.request(RequestCycle.java:545)
> at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:479)
> at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:138)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:502)
> at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:389)
> at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
> at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
> at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:417)
> at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
> at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
> at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> at org.mortbay.jetty.Server.handle(Server.java:326)
> at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534)
> at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:864)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:539)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
> at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:520)
> Caused by: java.lang.NullPointerException
> at com.mycompany.application.PanelOnMainPage.renderHead(PanelOnMainPage.java:357)
> at org.apache.wicket.Component.renderHead(Component.java:2692)
> at org.apache.wicket.markup.html.panel.Panel.renderHead(Panel.java:138)
> at org.apache.wicket.markup.html.internal.HtmlHeaderContainer$1.component(HtmlHeaderContainer.java:231)
> at org.apache.wicket.MarkupContainer.visitChildren(MarkupContainer.java:878)
> at org.apache.wicket.MarkupContainer.visitChildren(MarkupContainer.java:893)
> at org.apache.wicket.MarkupContainer.visitChildren(MarkupContainer.java:893)
> at org.apache.wicket.MarkupContainer.visitChildren(MarkupContainer.java:918)
> at org.apache.wicket.markup.html.internal.HtmlHeaderContainer.renderHeaderSections(HtmlHeaderContainer.java:222)
> at org.apache.wicket.markup.html.internal.HtmlHeaderContainer.onComponentTagBody(HtmlHeaderContainer.java:137)
> at org.apache.wicket.Component.renderComponent(Component.java:2619)
> ... 38 more
>
>
>
> **
> Martin
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Unauthorized page instantiation, why does it occur and how to
prevent it?
Posted by Martin Makundi <ma...@koodaripalvelut.com>.
Ok. My authentication scheme was not strict enough, this fixed the problem:
/**
* @see org.apache.wicket.authorization.strategies.page.AbstractPageAuthorizationStrategy#isActionAuthorized(org.apache.wicket.Component,
org.apache.wicket.authorization.Action)
*/
@Override
public boolean isActionAuthorized(Component component, Action action) {
if (instanceOf(component.getClass(), Page.class)) {
return isPageAuthorized(component.getClass());
}
return super.isActionAuthorized(component, action);
}
2010/7/9 Martin Makundi <ma...@koodaripalvelut.com>:
> Or is it possible that this is an OLD instance of a page (in PAGEMAP)
> and it is being rendered even if user is no longer authorized??? How
> can this be legal? Is it a bug or am I missing a setting somewhere?
>
> **
> Martin
>
> 2010/7/9 Martin Makundi <ma...@koodaripalvelut.com>:
>> Hi!
>>
>> I get lots of these exceptions when persumably people use our
>> application in produciton from bookmarks pointing to dynamic links and
>> their session is out.
>>
>> How can this happen? The particular page requires authentiacation
>> which is handled via
>> AbstractPageAuthorizationStrategy#isPageAuthorized(java.lang.Class)
>>
>> It should not be possible to instantiate this page at all because the
>> nullpointer is caused by session.getPerson().getStatus() and
>> authentication is determined via session.getPerson() != null. So this
>> page by definition cannot be authorized to a user without session.
>>
>> How is this exception possible?
>>
>> 010-07-09 09:36:46,388 60568417 [17723757@qtp-7525870-352] ERROR
>> RequestCycle - unexpected exception when handling another exception:
>> Exception in rendering component: [MarkupContainer [Component id =
>> _header_2474]]
>> org.apache.wicket.WicketRuntimeException: Exception in rendering
>> component: [MarkupContainer [Component id = _header_2474]]
>> at org.apache.wicket.Component.renderComponent(Component.java:2658)
>> at org.apache.wicket.MarkupContainer.onRender(MarkupContainer.java:1512)
>> at org.apache.wicket.Component.render(Component.java:2450)
>> at org.apache.wicket.MarkupContainer.autoAdd(MarkupContainer.java:229)
>> at org.apache.wicket.markup.resolver.HtmlHeaderResolver.resolve(HtmlHeaderResolver.java:80)
>> at org.apache.wicket.markup.resolver.ComponentResolvers.resolve(ComponentResolvers.java:81)
>> at org.apache.wicket.MarkupContainer.renderNext(MarkupContainer.java:1418)
>> at org.apache.wicket.MarkupContainer.renderAll(MarkupContainer.java:1528)
>> at org.apache.wicket.Page.onRender(Page.java:1565)
>> at org.apache.wicket.Component.render(Component.java:2450)
>> at org.apache.wicket.Page.renderPage(Page.java:914)
>> at org.apache.wicket.request.target.component.PageRequestTarget.respond(PageRequestTarget.java:63)
>> at org.apache.wicket.request.AbstractRequestCycleProcessor.respond(AbstractRequestCycleProcessor.java:105)
>> at org.apache.wicket.RequestCycle.respond(RequestCycle.java:1267)
>> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1334)
>> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1428)
>> at org.apache.wicket.RequestCycle.request(RequestCycle.java:545)
>> at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:479)
>> at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:138)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>> at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:502)
>> at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:389)
>> at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
>> at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
>> at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
>> at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:417)
>> at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
>> at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
>> at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
>> at org.mortbay.jetty.Server.handle(Server.java:326)
>> at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534)
>> at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:864)
>> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:539)
>> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
>> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
>> at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
>> at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:520)
>> Caused by: java.lang.NullPointerException
>> at com.mycompany.application.PanelOnMainPage.renderHead(PanelOnMainPage.java:357)
>> at org.apache.wicket.Component.renderHead(Component.java:2692)
>> at org.apache.wicket.markup.html.panel.Panel.renderHead(Panel.java:138)
>> at org.apache.wicket.markup.html.internal.HtmlHeaderContainer$1.component(HtmlHeaderContainer.java:231)
>> at org.apache.wicket.MarkupContainer.visitChildren(MarkupContainer.java:878)
>> at org.apache.wicket.MarkupContainer.visitChildren(MarkupContainer.java:893)
>> at org.apache.wicket.MarkupContainer.visitChildren(MarkupContainer.java:893)
>> at org.apache.wicket.MarkupContainer.visitChildren(MarkupContainer.java:918)
>> at org.apache.wicket.markup.html.internal.HtmlHeaderContainer.renderHeaderSections(HtmlHeaderContainer.java:222)
>> at org.apache.wicket.markup.html.internal.HtmlHeaderContainer.onComponentTagBody(HtmlHeaderContainer.java:137)
>> at org.apache.wicket.Component.renderComponent(Component.java:2619)
>> ... 38 more
>>
>>
>>
>> **
>> Martin
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org