org.springframework.webflow.execution.FlowExecutionException: Exception thrown in state 'null' of flow 'hotels/booking'

Spring JIRA | Stefan Schmidt | 8 years ago
  1. 0

    [SWF-1024] '<transition on-exception' for AccessDeniedException handling does not work - Spring JIRA

    spring.io | 11 months ago
    org.springframework.webflow.execution.FlowExecutionException: Exception thrown in state 'null' of flow 'hotels/booking'
  2. 0

    SWF will throw one of Spring Security's AccessDeniedException instances when a <secured> element applies to a state, transition or flow. It would be desirable that this AccessDeniedException is presented to the <transition on-exception> mechanism. However, the "on-exception" facility does not catch a <secured> element exception but instead throws the exception and Spring Security's ExceptionTranslationFilter will handle it. The handling of the exception by Spring Security's filter is undesired because the more advanced state-aware concepts such as "to=.." do not apply (ExceptionTranslationFilter can only redirect to a URL, not an SWF transition). What would be nice is a way the '<secured' tag and the '<transition on-exception' tag both reside within the view-state: <view-state id="enterBookingDetails" model="booking"> <secured attributes="ROLE_SUPERVISOR" /> <transition on-exception="org.springframework.security.AccessDeniedException" to="noAccess" /> </view-state> Alternatively, a global-transition would be feasible as well: <global-transitions> <transition on-exception="org.springframework.security.AccessDeniedException" to="noAccess" /> </global-transitions> but that gives me a weird exception: org.springframework.webflow.execution.FlowExecutionException: Exception thrown in state 'null' of flow 'hotels/booking' at org.springframework.webflow.engine.impl.FlowExecutionImpl.wrap(FlowExecutionImpl.java:567) at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:225) at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378) at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109) [...] The modified booking-flow.xml is attached. It just needs to be dropped into the standard booking-mvc sample in order to replicate the problem.

    Spring JIRA | 8 years ago | Stefan Schmidt
    org.springframework.webflow.execution.FlowExecutionException: Exception thrown in state 'null' of flow 'hotels/booking'
  3. 0

    SWF will throw one of Spring Security's AccessDeniedException instances when a <secured> element applies to a state, transition or flow. It would be desirable that this AccessDeniedException is presented to the <transition on-exception> mechanism. However, the "on-exception" facility does not catch a <secured> element exception but instead throws the exception and Spring Security's ExceptionTranslationFilter will handle it. The handling of the exception by Spring Security's filter is undesired because the more advanced state-aware concepts such as "to=.." do not apply (ExceptionTranslationFilter can only redirect to a URL, not an SWF transition). What would be nice is a way the '<secured' tag and the '<transition on-exception' tag both reside within the view-state: <view-state id="enterBookingDetails" model="booking"> <secured attributes="ROLE_SUPERVISOR" /> <transition on-exception="org.springframework.security.AccessDeniedException" to="noAccess" /> </view-state> Alternatively, a global-transition would be feasible as well: <global-transitions> <transition on-exception="org.springframework.security.AccessDeniedException" to="noAccess" /> </global-transitions> but that gives me a weird exception: org.springframework.webflow.execution.FlowExecutionException: Exception thrown in state 'null' of flow 'hotels/booking' at org.springframework.webflow.engine.impl.FlowExecutionImpl.wrap(FlowExecutionImpl.java:567) at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:225) at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378) at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109) [...] The modified booking-flow.xml is attached. It just needs to be dropped into the standard booking-mvc sample in order to replicate the problem.

    Spring JIRA | 8 years ago | Stefan Schmidt
    org.springframework.webflow.execution.FlowExecutionException: Exception thrown in state 'null' of flow 'hotels/booking'
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    cas server 3.5.2.1 for weblogic server 10.3.6 deployment has some errors when login

    GitHub | 2 years ago | sunchaojin
    org.springframework.webflow.execution.FlowExecutionException: Exception thrown in state 'viewLoginForm' of flow 'login'
  6. 0

    Can't get a simple login page on Cas server (critical)

    Stack Overflow | 4 years ago | MinionKing
    org.springframework.webflow.execution.FlowExecutionException: Exception thrown in state 'viewLoginForm' of flow 'login'

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. org.springframework.webflow.execution.FlowExecutionException

      Exception thrown in state 'null' of flow 'hotels/booking'

      at org.springframework.webflow.engine.impl.FlowExecutionImpl.wrap()
    2. Spring Web Flow
      FlowHandlerAdapter.handle
      1. org.springframework.webflow.engine.impl.FlowExecutionImpl.wrap(FlowExecutionImpl.java:567)
      2. org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:225)
      3. org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
      4. org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:183)
      4 frames
    3. Spring MVC
      FrameworkServlet.doPost
      1. org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
      2. org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
      3. org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
      4. org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511)
      4 frames
    4. JavaServlet
      HttpServlet.service
      1. javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
      2. javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      2 frames
    5. Glassfish Core
      ApplicationFilterChain.doFilter
      1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      2 frames
    6. spring-security-core
      FilterChainProxy$VirtualFilterChain.doFilter
      1. org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
      1 frame
    7. org.springframework.security
      FilterSecurityInterceptor.invoke
      1. org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
      1 frame