portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhardage <bhard...@harding.edu>
Subject Re: No securityAccessController in custom PortletSelector
Date Thu, 15 Jul 2010 20:23:57 GMT

Yes, I'm using Jetspeed 2.1.3; I'm actually in the process of an upgrade from
2.0.

No, my class isn't deployed inside j2-admin. It's deployed inside my main
web application so it can have access to other classes there.

I don't know if what I just told you renders this irrelevant but here's my
stack trace:

javax.portlet.PortletException: Failed to find the Security Access
Controller on portlet initialization
	at
org.apache.jetspeed.portlets.selector.PortletSelector.init(PortletSelector.java:87)
	at
org.fake.web.service.portletSelector.DashboardPortletSelector.init(DashboardPortletSelector.java:241)
	at
org.apache.jetspeed.factory.JetspeedPortletInstance.init(JetspeedPortletInstance.java:85)
	at
org.apache.jetspeed.factory.JetspeedPortletFactory.getPortletInstance(JetspeedPortletFactory.java:283)
	at
org.apache.jetspeed.aggregator.impl.HeaderAggregatorImpl.renderHeaderFragment(HeaderAggregatorImpl.java:1119)
	at
org.apache.jetspeed.aggregator.impl.HeaderAggregatorImpl.aggregateAndRender(HeaderAggregatorImpl.java:1100)
	at
org.apache.jetspeed.aggregator.impl.HeaderAggregatorImpl.aggregateAndRender(HeaderAggregatorImpl.java:1092)
	at
org.apache.jetspeed.aggregator.impl.HeaderAggregatorImpl.build(HeaderAggregatorImpl.java:1070)
	at
org.apache.jetspeed.aggregator.HeaderAggregatorValve.invoke(HeaderAggregatorValve.java:46)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.decoration.DecorationValve.invoke(DecorationValve.java:144)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.resource.ResourceValveImpl.invoke(ResourceValveImpl.java:130)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.pipeline.valve.impl.ActionValveImpl.invoke(ActionValveImpl.java:207)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.container.ContainerValve.invoke(ContainerValve.java:109)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.container.PageHistoryValve.invoke(PageHistoryValve.java:108)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.profiler.impl.ProfilerValveImpl.invoke(ProfilerValveImpl.java:248)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.security.impl.LoginValidationValveImpl.invoke(LoginValidationValveImpl.java:159)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.security.impl.PasswordCredentialValveImpl.invoke(PasswordCredentialValveImpl.java:150)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.localization.impl.LocalizationValveImpl.invoke(LocalizationValveImpl.java:170)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.security.impl.AbstractSecurityValve$1.run(AbstractSecurityValve.java:138)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
	at
org.apache.jetspeed.security.JSSubject.doAsPrivileged(JSSubject.java:179)
	at
org.apache.jetspeed.security.impl.AbstractSecurityValve.invoke(AbstractSecurityValve.java:132)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.container.url.impl.PortalURLValveImpl.invoke(PortalURLValveImpl.java:67)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.capabilities.impl.CapabilityValveImpl.invoke(CapabilityValveImpl.java:126)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline$Invocation.invokeNext(JetspeedPipeline.java:167)
	at
org.apache.jetspeed.pipeline.JetspeedPipeline.invoke(JetspeedPipeline.java:146)
	at
org.apache.jetspeed.engine.JetspeedEngine.service(JetspeedEngine.java:227)
	at
org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java:242)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.fake.web.filter.JetspeedFilter.doFilter(JetspeedFilter.java:135)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at
org.apache.jetspeed.engine.servlet.XXSUrlAttackFilter.doFilter(XXSUrlAttackFilter.java:52)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
	at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
	at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
	at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Unknown Source)

Thanks for the help,

B.J.


David Sean Taylor-3 wrote:
> 
> On Thu, Jul 15, 2010 at 2:09 PM, bhardage <bhardage@harding.edu> wrote:
>>
>> This is actually a duplicate of another post I made as a reply to another
>> question, but I decided it deserved its own post:
>>
>> First, let me say that I know fairly little about how Jetspeed's security
>> works, and I'm hoping that there's a simple solution such as adding a
>> <security-constraint> tag somewhere.
>>
>> Basically, I have a class that extends the
>> org.apache.jetspeed.portlets.selector.PortletSelector class (one of the
>> classes in j2-admin). It overrides the init() function, and calls
>> PortletSelector's init() on the first line.
>>
>> What's happening is PortletSelector is throwing an exception because it
>> can't find a securityAccessController in the context.
>>
>> My user-portlet-selector.psml file just has a standard oneColumn fragment
>> in
>> it, and the definition in the portlet.xml looks like this:
>>
>> <portlet id="DashboardSelector">
>>  <init-param>
>>    <description>This parameter sets the template used in view
>> mode.</description>
>>    <name>ViewPage</name>
>>    <value>/WEB-INF/view/selectors/user-portlet-selector.vm</value>
>>  </init-param>
>>  <portlet-name>DashboardSelector</portlet-name>
>>  <display-name>DashboardSelector</display-name>
>>  <description>DashboardSelector</description>
>>
>> <portlet-class>org.fake.portletSelector.DashboardPortletSelector</portlet-class>
>>  <expiration-cache>-1</expiration-cache>
>>  <supports>
>>    <mime-type>text/html</mime-type>
>>    <portlet-mode>VIEW</portlet-mode>
>>    <portlet-mode>EDIT</portlet-mode>
>>    <portlet-mode>HELP</portlet-mode>
>>  </supports>
>>  <supported-locale>en</supported-locale>
>>  <portlet-preferences>
>>    <preference>
>>      <name>WindowSize</name>
>>      <value>100</value>
>>    </preference>
>>    <preference>
>>      <name>parallel</name>
>>      <value>true</value>
>>      <read-only>true</read-only>
>>    </preference>
>>  </portlet-preferences>
>> </portlet>
>>
>> I guess the real problem is that I don't really know what a
>> securityAccessController is.
>>
> The securityAccessController is a Jetspeed service. From the service
> interface javadocs, here is a description:
> 
> This component abstracts access to security checks.
> Jetspeed supports two kinds of secured access:
>  * Permissions
>  * Constraints
> 
>  Permissions are checked via Java Security. Jetspeed implements its
> own security policy.
>  Constrainted are checked via the Page Manager's constraints.
>  Either way, the implicit Jetspeed Security Subject is applied to the
> security access check.
> 
> There are two methods on this interface:
> 
>     boolean checkPortletAccess(PortletDefinitionComposite portlet, int
> mask);
> 
>      * Checks access for the implicit active subject's access to the
> resource protected by the portlet permission
>      * This is an abstraction introduced in 2.1 for Permission Manager
> implementations NOT
>      * founded upon the a Java security policy. If the Permission
> Manager is configured to
>      * run with Security Constraints, then a security constraint check
> is made. Otherwise,
>      * a standard Java Security permission check is made.</p>
>      *
>      * @param portlet The portlet to be checked
>      * @param mask A mask <code>JetspeedActions</code> such as view, edit
>      * @return true if access is granted, false if access denied based
> on policy or constraints
> 
> 
>     int getSecurityMode();
> 
>      * Returns the configured security mode for this accessor
>      * This component can be configured to make Java Security Policy
> permission checks
>      * or Jetspeed Security Constraint checks
>      * @return either PERMISSIONS or CONSTRAINTS
> 
> 
> You said you are extending the
> org.apache.jetspeed.portlets.selector.PortletSelector class from the
> j2-admin application. (It sounds like you are using version 2.1.3). Im
> not sure why it would fail to find the securityAccessController
> service on init. Is your class deployed inside the j2-admin web
> application? Could you send the stack trace?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/No-securityAccessController-in-custom-PortletSelector-tp29173424p29177337.html
Sent from the Jetspeed - Dev mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message