IllegalStateException: No active view if AcessDeniedView is set for SpringV

Kenan · March 10, 2016, 1:23pm

I have three View classes ReaderView, EditorView and AccessDeniedView as follows;

@SpringView(name="")
public class ReaderView extends CustomComponent implements View {
public ReaderView() {
setCompositionRoot(new Label("reader view"));
}
@Override
public void enter(ViewChangeEvent event) {
}
}

@SpringView(name = "editor")
public class EditorView extends CustomComponent implements View {
public EditorView() {
setCompositionRoot(new Label("editor view"));
}

@Override
public void enter(ViewChangeEvent event) {
}
}

@SpringView(name="accessDeniedView")
public class AccessDeniedView extends CustomComponent implements View {
public AccessDeniedView() {
setCompositionRoot(new Label("access denied view"));
}
@Override
public void enter(ViewChangeEvent event) {
}
}

I also wrote a ViewAccessControl class in which it is checked that current user has sutiable authorities to access EditorView when he attempts to;

@Component
public class TestViewAccessControl implements ViewAccessControl {

@Override
public boolean isAccessGranted(UI ui, String beanName) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null)
return false;
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
if ("editorView".equals(beanName)) {
return authorities.contains(new SimpleGrantedAuthority("ROLE_EDITOR"));
} else {
return true;
}
}
}

Things are working unless I call viewProvider.setAccessDeniedViewClass(AccessDeniedView.class); within UI.init method while I configure Navigator for the UI instance. If I call setAccessDeniedViewClass, I got following exception when I try to navigate to any view;

SEVERE:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘accessDeniedView’: Scope ‘vaadin-view’ is not active for the current thread; consider defining a scoped proxy for this bean if you intend to refer to it from a singleton; nested exception is java.lang.IllegalStateException: No active view
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:355)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:220)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:351)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBean(DefaultListableBeanFactory.java:332)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1066)
at com.vaadin.spring.navigator.SpringViewProvider.getAccessDeniedView(SpringViewProvider.java:322)
at com.vaadin.spring.navigator.SpringViewProvider.isViewNameValidForCurrentUI(SpringViewProvider.java:211)
at com.vaadin.spring.navigator.SpringViewProvider.getViewName(SpringViewProvider.java:182)
at com.vaadin.navigator.Navigator.navigateTo(Navigator.java:550)
at com.vaadin.ui.UI.doInit(UI.java:687)
at com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:214)
at com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:74)
at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:41)
at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1409)
at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:364)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)
at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:193)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:162)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:136)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:526)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:655)
at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1566)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1523)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Threa10 Mar 2016 14:24:38,764 - DEBUG - null - o.s.s.w.c.SecurityContextPersistenceFilter.doFilter(105) | SecurityContextHolder now cleared, as request processing completed
d.run(Thread.java:745)
Caused by: java.lang.IllegalStateException: No active view
at com.vaadin.spring.internal.DefaultViewCache.getCurrentViewBeanStore(DefaultViewCache.java:121)
at com.vaadin.spring.internal.ViewScopeImpl.get(ViewScopeImpl.java:77)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:340)
… 76 more

I examined DefaultViewCache closely, and noticed that both viewUnderConstruction and activeView variables within it are NULL when getCurrentViewBeanStore() is called. I think this is because SpringViewProvider is trying to obtain AccessDeniedView while it is checking requested view for navigation (for example default view) is valid for the current UI (isViewNameValidForCurrentUI) altough neither of those two variables are set at this point.

My question is that, Is there something I am missing related with Vaadin - Spring configuration or is this a bug? Is there anyone else who were able to use AccessDeniedViewClass for unauthorized view accesses so far?

Joshua21 · March 31, 2017, 3:51pm

Let this help someone else not to waste the hours I have looking for this exact solution. Use
@SpringComponent
and not
@SpringView
on errorView and accessDeniedView views.
So I changed this

@SpringView(name="accessDeniedView")
public class AccessDeniedView extends CustomComponent implements View {
//Some Awesome Code Here
}

To this

@SpringComponent public class AccessDeniedView extends CustomComponent implements View { //Some Awesome Code Here Too }and it worked!!