Uploaded image for project: 'Spring Web Flow'
  1. Spring Web Flow
  2. SWF-1560

secured transitions not working

    XMLWordPrintable

    Details

      Description

      I have a transition that is secured:

      <transition on="saveSetup" bind="true">
      			<secured attributes="hasPermission( 'null', 'SOME_PERMISSION' )" />
      

      and the following configuration of webflow w/ spring security:

      	<bean id="securityFlowExecutionListener" class="org.springframework.webflow.security.SecurityFlowExecutionListener">
      		<property name="accessDecisionManager">
      			<bean class="org.springframework.security.access.vote.AffirmativeBased">
      				<constructor-arg>
      					<bean class="org.springframework.security.web.access.expression.WebExpressionVoter">
      						<property name="expressionHandler" ref="webSecurityExpressionHandler" />
      					</bean>
      				</constructor-arg>
      			</bean>
      		</property>
      	</bean>
      

      The webSecurityExpressionHandler is using a custom implementation of a permissionevaluator.

      This leads to the following classcast exception:

      Caused by: java.lang.ClassCastException: org.springframework.webflow.engine.Transition incompatible with org.springframework.security.web.FilterInvocation
      	at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:18) ~[spring-security-web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
      	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:62) ~[spring-security-core-3.1.1.RELEASE.jar:3.1.1.RELEASE]
      	at org.springframework.webflow.security.SecurityFlowExecutionListener.decide(SecurityFlowExecutionListener.java:95) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.security.SecurityFlowExecutionListener.transitionExecuting(SecurityFlowExecutionListener.java:80) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.engine.impl.FlowExecutionListeners.fireTransitionExecuting(FlowExecutionListeners.java:180) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:392) [spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:119) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:388) [spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.engine.ViewState.handleEvent(ViewState.java:232) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.engine.ViewState.resume(ViewState.java:196) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.engine.Flow.resume(Flow.java:545) ~[spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	at org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(FlowExecutionImpl.java:258) [spring-webflow-2.3.1.RELEASE.jar:2.3.1.RELEASE]
      	... 76 common frames omitted
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rstoya05-aop Rossen Stoyanchev
              Reporter:
              davidkarlsen David J. M. Karlsen
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated: