2 Replies Latest reply on Mar 26, 2012 3:30 AM by lau_bakman

    Errai-2.0beta3 BUS: @Command and @RequireRoles/@RequireAuthentication conflict

    lau_bakman

      Hi

       

      We are currently using Errai 2.0 BUS (not CDI) in our web application and have come across an issue that we find peculiar.

       

      We make use of the @Command annotation to destinguish between commands instead of using switch/case statements in our callback.

       

      Today we wanted to apply authentication and authorization to our services by using @RequireRoles (sufficient security for our needs) but ended up with a problem:

       

      The combination of @RequireRoles and @Command throws a runtime exception:

       

      java.lang.RuntimeException: no such subject: TestService

                at org.jboss.errai.bus.server.ServerMessageBusImpl.addRule(ServerMessageBusImpl.java:826)

                at org.jboss.errai.bus.server.service.ServiceProcessor.process(ServiceProcessor.java:153)

                at org.jboss.errai.bus.server.service.ServiceProcessor.process(ServiceProcessor.java:63)

                at org.jboss.errai.bus.server.service.bootstrap.DiscoverServices.execute(DiscoverServices.java:50)

                at org.jboss.errai.bus.server.service.bootstrap.OrderedBootstrap.execute(OrderedBootstrap.java:56)

                at org.jboss.errai.bus.server.service.ErraiServiceImpl.boostrap(ErraiServiceImpl.java:69)

                at org.jboss.errai.bus.server.service.ErraiServiceImpl.<init>(ErraiServiceImpl.java:64)

                at org.jboss.errai.bus.server.service.ErraiServiceImpl$$FastClassByGuice$$7879947c.newInstance(<generated>)

      ...

       

      Diving into the stack trace we see that the ServerMessageBusImpl.addRule throws the RuntimeException because ServerMessageBusImpl.subscribe has not yet been called. Looking at the ServiceProcessor we further see that ServerMessageBusImpl.subscribe will not be called if there are any commandPoints in the service but it will continue to call ServerMessageBusImpl.addRule later on.

       

      My question is: Would it be possible to move the code:

       

              RolesRequiredRule rule = null;

              if (clazz.isAnnotationPresent(RequireRoles.class)) {

                rule = new RolesRequiredRule(clazz.getAnnotation(RequireRoles.class).value(), context.getBus());

              }

              else if (clazz.isAnnotationPresent(RequireAuthentication.class)) {

                rule = new RolesRequiredRule(new HashSet<Object>(), context.getBus());

              }

              if (rule != null) {

                context.getBus().addRule(svcName, rule);

              }

       

      further down in the ServiceProcessor.process to allow @RequireRoles and @RequireAuthentication to be used on all types of enpoints (MessageCallback, RPC and Commands)?

       

      Regards

       

      Lau bakman