Errai-2.0beta3 BUS: @Command and @RequireRoles/@RequireAuthentication conflict
lau_bakman Mar 23, 2012 7:44 AMHi
We are currently using Errai 2.0 BUS (not CDI) in our web application and have come across an issue that we find peculiar.
We make use of the @Command annotation to destinguish between commands instead of using switch/case statements in our callback.
Today we wanted to apply authentication and authorization to our services by using @RequireRoles (sufficient security for our needs) but ended up with a problem:
The combination of @RequireRoles and @Command throws a runtime exception:
java.lang.RuntimeException: no such subject: TestService
at org.jboss.errai.bus.server.ServerMessageBusImpl.addRule(ServerMessageBusImpl.java:826)
at org.jboss.errai.bus.server.service.ServiceProcessor.process(ServiceProcessor.java:153)
at org.jboss.errai.bus.server.service.ServiceProcessor.process(ServiceProcessor.java:63)
at org.jboss.errai.bus.server.service.bootstrap.DiscoverServices.execute(DiscoverServices.java:50)
at org.jboss.errai.bus.server.service.bootstrap.OrderedBootstrap.execute(OrderedBootstrap.java:56)
at org.jboss.errai.bus.server.service.ErraiServiceImpl.boostrap(ErraiServiceImpl.java:69)
at org.jboss.errai.bus.server.service.ErraiServiceImpl.<init>(ErraiServiceImpl.java:64)
at org.jboss.errai.bus.server.service.ErraiServiceImpl$$FastClassByGuice$$7879947c.newInstance(<generated>)
...
Diving into the stack trace we see that the ServerMessageBusImpl.addRule throws the RuntimeException because ServerMessageBusImpl.subscribe has not yet been called. Looking at the ServiceProcessor we further see that ServerMessageBusImpl.subscribe will not be called if there are any commandPoints in the service but it will continue to call ServerMessageBusImpl.addRule later on.
My question is: Would it be possible to move the code:
RolesRequiredRule rule = null;
if (clazz.isAnnotationPresent(RequireRoles.class)) {
rule = new RolesRequiredRule(clazz.getAnnotation(RequireRoles.class).value(), context.getBus());
}
else if (clazz.isAnnotationPresent(RequireAuthentication.class)) {
rule = new RolesRequiredRule(new HashSet<Object>(), context.getBus());
}
if (rule != null) {
context.getBus().addRule(svcName, rule);
}
further down in the ServiceProcessor.process to allow @RequireRoles and @RequireAuthentication to be used on all types of enpoints (MessageCallback, RPC and Commands)?
Regards
Lau bakman