[SWF-1560] secured transitions not working - Spring JIRA

XML

Word

Printable

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 2.3.1
Fix Version/s: None
Component/s: Integration: Security
Labels:
- waiting-for-triage

Description

I have a transition that is secured:

<transition on="saveSetup" bind="true">
			<secured attributes="hasPermission( 'null', 'SOME_PERMISSION' )" />

and the following configuration of webflow w/ spring security:

	<bean id="securityFlowExecutionListener" class="org.springframework.webflow.security.SecurityFlowExecutionListener">
		<property name="accessDecisionManager">
			<bean class="org.springframework.security.access.vote.AffirmativeBased">
				<constructor-arg>
					<bean class="org.springframework.security.web.access.expression.WebExpressionVoter">
						<property name="expressionHandler" ref="webSecurityExpressionHandler" />
					</bean>
				</constructor-arg>
			</bean>
		</property>
	</bean>

The webSecurityExpressionHandler is using a custom implementation of a permissionevaluator.

This leads to the following classcast exception:

Caused by: java.lang.ClassCastException: org.springframework.webflow.engine.Transition incompatible with org.springframework.security.web.FilterInvocation
	at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:18) ~[spring-security-web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:62) ~[spring-security-core-3.1.1.RELEASE.jar:3.1.1.RELEASE]
	at org.springframework.webflow.security.SecurityFlowExecutionListener.decide(SecurityFlowExecutionListener.java:95) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.security.SecurityFlowExecutionListener.transitionExecuting(SecurityFlowExecutionListener.java:80) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.engine.impl.FlowExecutionListeners.fireTransitionExecuting(FlowExecutionListeners.java:180) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:392) [spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388) [spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:232) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.engine.ViewState.resume(ViewState.java:196) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.engine.Flow.resume(Flow.java:545) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	at org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:258) [spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
	... 76 common frames omitted

Attachments

Issue Links

relates to

SWF-1508 SecurityFlowExecutionListener not compatible with SpEL expressions in Spring Security 3

Waiting for Feedback

Activity

People

Assignee:: Rossen Stoyanchev

Reporter:: David J. M. Karlsen

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 23/Jul/12 7:40 AM

Updated:: 14/Nov/12 4:14 PM