• Post Reply Bookmark Topic Watch Topic
  • New Topic

ManagedBean accessing another managedbean  RSS feed

 
Tim Resh
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have two java managedbean classes and I want to access the UserManager.isAdmin method from the MenuView instance. see the code below




I get the following error and it seems that their is a problem with the ManagedProperty userManager. Any help would be great to have. Thanks in advance.

com.sun.faces.mgbean.ManagedBeanCreationException: An error occurred performing resource injection on managed bean menuView
at com.sun.faces.mgbean.BeanBuilder.invokePostConstruct(BeanBuilder.java:227)
at com.sun.faces.mgbean.BeanBuilder.build(BeanBuilder.java:103)
at com.sun.faces.mgbean.BeanManager.createAndPush(BeanManager.java:409)
at com.sun.faces.mgbean.BeanManager.create(BeanManager.java:269)
at com.sun.faces.el.ManagedBeanELResolver.resolveBean(ManagedBeanELResolver.java:257)
at com.sun.faces.el.ManagedBeanELResolver.getValue(ManagedBeanELResolver.java:117)
at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:176)
at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:203)
at com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:99)
at com.sun.el.parser.AstValue.getValue(AstValue.java:158)
at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:219)
at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:109)
at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:194)
at org.primefaces.component.menubar.Menubar.getModel(Menubar.java:86)
at org.primefaces.component.menu.BaseMenuRenderer.encodeEnd(BaseMenuRenderer.java:108)
at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:924)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1863)
at javax.faces.render.Renderer.encodeChildren(Renderer.java:176)
at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:894)
at org.primefaces.renderkit.CoreRenderer.renderChild(CoreRenderer.java:84)
at org.primefaces.renderkit.CoreRenderer.renderChildren(CoreRenderer.java:71)
at org.primefaces.component.layout.LayoutUnitRenderer.encodeEnd(LayoutUnitRenderer.java:49)
at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:924)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1863)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1859)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1859)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1859)
at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:458)
at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:134)
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:120)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:219)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:647)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:721)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:468)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:391)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:318)
at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:439)
at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:305)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1527)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1484)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.sun.faces.spi.InjectionProviderException
at com.sun.faces.vendor.WebContainerInjectionProvider.invokeAnnotatedMethod(WebContainerInjectionProvider.java:115)
at com.sun.faces.vendor.WebContainerInjectionProvider.invokePostConstruct(WebContainerInjectionProvider.java:95)
at com.sun.faces.mgbean.BeanBuilder.invokePostConstruct(BeanBuilder.java:221)
... 53 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sun.faces.vendor.WebContainerInjectionProvider.invokeAnnotatedMethod(WebContainerInjectionProvider.java:113)
... 55 more
Caused by: java.lang.NullPointerException
at com.rem40.menu.MenuView.init(MenuView.java:89)
... 60 more
 
Tim Holloway
Bartender
Posts: 18715
71
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You cannot store a Session-scope object (UserManager) into an Application-scope object. Aside from the usual issue that objects with shorter lives cannot be injected into objects with longer lives, this also fails because each user will have a UserManager but the webapp will have only one MenuModel.

You can turn it around and inject the MenuModel into each UserManager instance as a ManagedProperty, however.

Of course the bigger problem is that you appear to have created your own login code instead of using the J2EE standard code or a well-vetted Java security framework. The technical term for such code is "pwned".
 
Tim Resh
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks TIM, I see what you mean about the ManagedBeans. I would like to move to J2EE or another security framework. Any suggestions or code I can look at for login access and then tack my usermanager class into it. I need a userid that has contact information because each project # that the user creates needs to grant access rights to each user that can see and or change the individual project # that is created. I am trying to write a Risk/Opportunity Management software along with a task manager.

Thanks for your reply
 
Tim Holloway
Bartender
Posts: 18715
71
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you use the J2EE standard Container-Managed security infrastructure, you don't write "login code" (which therefore means you cannot have security exploits in the login code!) Instead, the login code is built into the server itself. You simply declare the security parameters in the webapp's WEB-INF/web.xml file.

Many good J2EE books have sections on configuring web.xml for security. Which they typically then go and ruin by following it with a DIY login example


Once the server has validated (logged in) the user, the HttpServletRequest will contain 2 useful items: the UserPrincipal, which is mostly opaque and fairly useless, and the RemoteUser, which is the user's login ID. A security management class can use that as a key into whatever security database the app wishes to use to obtain user information or fine-grained app security. Coarse-grained security is done using Roles according to rules defined in the web.xml file. Essentially, you set up URL patterns and associate zero or more Roles with each pattern. If a user attempts to access a protected URL, the container checks to see if he/she is logged in and automatically initiates the login process if not. Once validated, the user's roles are checked against the URL's roles and if the user has at least one of the URL's roles, then the URL is processed. Otherwise the server rejects the request (403 - Forbidden, I think). As with login, no user application code is involved.

For cases where application logic wishes to check for further authorization, the J2EE API provides the isUserInRole() method. This is handy for things like URLs which support multiple roles such as "user", "auditor", "manager" and so forth. One could reject database update requests from a person with only the auditor role, for example.

Because the J2EE security system is designed for the Enterprise, there's no "login" event. The user might have logged into site security long before using your webapp. However, you can detect whether/when a user has logged in because unauthenticated users have a remoteUser id of null.

Finally, JSF does have one wrinkle. The primary authorization rules are based on the incoming URL, and JSF is infamous for the fact that the URL being used isn't always a direct reference to the current page. To make sure that doesn't happen, use the "redirect" option on JSF navigation requests when navigating to secured URLs.
 
Tim Resh
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Tim, I'm already looking at some examples and yes you are right they all follow it up with a DIY example which does confuse the topic. Currently I am working with Tomcat but my goal is to have the webapp run on any Web Servlet engine the end user has available. So glassfish, websphere, TomEE, etc...

Many thanks for your answers and guidance.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!