a question about access denied template page

Post Reply
ozgurkurt
Posts: 8
Joined: 12 Apr 2016, 15:59

01 Oct 2017, 19:20

Hi,

if authentication fails, wildfly10 cannot display barcelona theme's access-denied page with following exception throwing in background. Any ideas? If I remove almost everything from access-denied page, then it is rendered correctly. For your reference I've added access-denied page code as well below.

Code: Select all

20:15:12,751 ERROR [io.undertow.request] (default task-4) UT005023: Exception handling request to /asd/access-denied.xhtml: java.lang.RuntimeException: javax.servlet.ServletException: Index: 0, Size: 0
	at io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism.servePage(ServletFormAuthenticationMechanism.java:109)
	at io.undertow.security.impl.FormAuthenticationMechanism.sendChallenge(FormAuthenticationMechanism.java:167)
	at io.undertow.security.impl.SecurityContextImpl$ChallengeSender.transition(SecurityContextImpl.java:296)
	at io.undertow.security.impl.SecurityContextImpl$ChallengeSender.transition(SecurityContextImpl.java:312)
	at io.undertow.security.impl.SecurityContextImpl$ChallengeSender.transition(SecurityContextImpl.java:312)
	at io.undertow.security.impl.SecurityContextImpl$ChallengeSender.access$300(SecurityContextImpl.java:279)
	at io.undertow.security.impl.SecurityContextImpl.sendChallenges(SecurityContextImpl.java:130)
	at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:102)
	at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:107)
	at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
	at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
	at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
	at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
	at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
	at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
	at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.servlet.ServletException: Index: 0, Size: 0
	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:671)
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:81)
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:274)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:209)
	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImpl(RequestDispatcherImpl.java:221)
	at io.undertow.servlet.spec.RequestDispatcherImpl.forwardImplSetup(RequestDispatcherImpl.java:147)
	at io.undertow.servlet.spec.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:111)
	at io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism.servePage(ServletFormAuthenticationMechanism.java:107)
	... 44 more
Caused by: java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
	at java.util.ArrayList.rangeCheck(ArrayList.java:653)
	at java.util.ArrayList.get(ArrayList.java:429)
	at javax.faces.component.AttachedObjectListHolder.restoreState(AttachedObjectListHolder.java:166)
	at javax.faces.component.UIComponentBase.restoreState(UIComponentBase.java:1612)
	at com.sun.faces.application.view.FaceletPartialStateManagementStrategy$2.visit(FaceletPartialStateManagementStrategy.java:379)
	at com.sun.faces.component.visit.FullVisitContext.invokeVisitCallback(FullVisitContext.java:151)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1689)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1700)
	at javax.faces.component.UIComponent.visitTree(UIComponent.java:1700)
	at com.sun.faces.application.view.FaceletPartialStateManagementStrategy.restoreView(FaceletPartialStateManagementStrategy.java:366)
	at com.sun.faces.application.StateManagerImpl.restoreView(StateManagerImpl.java:138)
	at com.sun.faces.application.view.ViewHandlingStrategy.restoreView(ViewHandlingStrategy.java:123)
	at com.sun.faces.application.view.FaceletViewHandlingStrategy.restoreView(FaceletViewHandlingStrategy.java:591)
	at com.sun.faces.application.view.MultiViewHandler.restoreView(MultiViewHandler.java:151)
	at javax.faces.application.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:353)
	at javax.faces.application.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:353)
	at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:199)
	at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
	at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:123)
	at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198)
	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:658)
	... 57 more

Code: Select all

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:p="http://primefaces.org/ui">

<h:head>
  <f:facet name="first">
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" />
    <meta name="apple-mobile-web-app-capable" content="yes" />
  </f:facet>
  <title>Error</title>
</h:head>

<h:body styleClass="exception-body accessdenied-body">
  <div class="exception-panel">
    <p:graphicImage name="images/exception/icon-access.png" library="barcelona-layout" />

    <p:button value="DASHBOARD" outcome="/dashboard" styleClass="error-page-btn" />
  </div>

  <div class="exception-band">
    <div class="exception-content">
      <h1>ACCESS DENIED</h1>
      <p>You don't have the permissions</p>
      <p:graphicImage name="images/logo.png" library="barcelona-layout" />
    </div>
  </div>

  <h:outputStylesheet name="css/layout-#{sessionView.theme}.css" library="barcelona-layout" />
</h:body>

</html>

User avatar
aragorn
Posts: 2985
Joined: 29 Jun 2013, 12:38

02 Oct 2017, 08:39

I'll check it. Could you please try it after removing <h:outputStylesheet name="css/layout-#{sessionView.theme}.css" library="barcelona-layout" />?

ozgurkurt
Posts: 8
Joined: 12 Apr 2016, 15:59

02 Oct 2017, 16:02

aragorn wrote:
02 Oct 2017, 08:39
I'll check it. Could you please try it after removing <h:outputStylesheet name="css/layout-#{sessionView.theme}.css" library="barcelona-layout" />?
Thanks Aragorn, I removed it but made no difference. Matching to expectations, prior to login, after logged-in and after logout, page renders correctly. Only if I put wrong password, it cannot be rendered with exception.

ozgurkurt
Posts: 8
Joined: 12 Apr 2016, 15:59

13 Nov 2017, 11:59

any news?

cagatay.civici
Prime
Posts: 17855
Joined: 05 Jan 2009, 00:21
Location: Cybertron
Contact:

01 Dec 2017, 11:05

This is not related to Barcelona, it depends on how you implement security in your application, we're unable to assist without knowing the details.

Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 1 guest