Resource roles view editing problem

Hi all,

we are facing a problem in editing user defined roles in resource roles view (jmix 2.3.3) in a project with multitenancy addon installed

java.lang.NullPointerException: Cannot invoke “io.jmix.security.model.BaseRole.getCode()” because “role” is null

Thanks in advance!

Hi!

Could you please attach a test project where the problem is reproduced?

Regards,
Dmitriy

Hi Jmix team!

I’ve a same problem with the same situation: version-2.4.3, multitenancy addon installed. Exception throws:

2025-01-22T19:00:41.185+05:00  WARN 1 --- [nio-8080-exec-3] i.j.f.v.n.AbstractNavigationProcessor    : Can't find current navigation target: io.jmix.securityflowui.view.resourcerole.ResourceRoleModelDetailView. Cannot set backward navigation and fire AfterViewNavigationEvent
2025-01-22T19:00:41.188+05:00 ERROR 1 --- [nio-8080-exec-3] i.j.f.e.DefaultUiExceptionHandler        : Unhandled exception

java.lang.NullPointerException: Cannot invoke "io.jmix.security.model.BaseRole.getCode()" because "role" is null
        at io.jmix.securityflowui.model.RoleModelConverter.initBaseParameters(RoleModelConverter.java:74) ~[jmix-security-flowui-2.4.2.jar!/:na]
        at io.jmix.securityflowui.model.RoleModelConverter.createResourceRoleModel(RoleModelConverter.java:51) ~[jmix-security-flowui-2.4.2.jar!/:na]
        at io.jmix.securityflowui.view.resourcerole.ResourceRoleModelDetailView.initExistingEntity(ResourceRoleModelDetailView.java:137) ~[jmix-security-flowui-2.4.2.jar!/:na]
        at io.jmix.flowui.view.StandardDetailView.setupEntityToEdit(StandardDetailView.java:581) ~[jmix-flowui-2.4.2.jar!/:na]
        at io.jmix.flowui.view.StandardDetailView.setupEntityToEdit(StandardDetailView.java:562) ~[jmix-flowui-2.4.2.jar!/:na]
        at io.jmix.flowui.view.StandardDetailView.onBeforeShow(StandardDetailView.java:104) ~[jmix-flowui-2.4.2.jar!/:na]
        at com.vaadin.flow.component.ComponentEventBus.fireEventForListener(ComponentEventBus.java:239) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.component.ComponentEventBus.fireEvent(ComponentEventBus.java:228) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.component.Component.fireEvent(Component.java:417) ~[flow-server-24.4.14.jar!/:24.4.14]
        at io.jmix.flowui.view.View.beforeEnter(View.java:156) ~[jmix-flowui-2.4.2.jar!/:na]
        at io.jmix.flowui.view.StandardDetailView.beforeEnter(StandardDetailView.java:185) ~[jmix-flowui-2.4.2.jar!/:na]
        at com.vaadin.flow.router.internal.AbstractNavigationStateRenderer.sendBeforeEnterEvent(AbstractNavigationStateRenderer.java:622) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.router.internal.AbstractNavigationStateRenderer.sendBeforeEnterEvent(AbstractNavigationStateRenderer.java:599) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.router.internal.AbstractNavigationStateRenderer.sendBeforeEnterEventAndPopulateChain(AbstractNavigationStateRenderer.java:516) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.router.internal.AbstractNavigationStateRenderer.createChainIfEmptyAndExecuteBeforeEnterNavigation(AbstractNavigationStateRenderer.java:482) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.router.internal.AbstractNavigationStateRenderer.handle(AbstractNavigationStateRenderer.java:226) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.component.internal.JavaScriptNavigationStateRenderer.handle(JavaScriptNavigationStateRenderer.java:78) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.component.UI.handleNavigation(UI.java:2005) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.component.UI.navigate(UI.java:1231) ~[flow-server-24.4.14.jar!/:24.4.14]
        at io.jmix.flowui.view.navigation.ViewNavigationSupport.navigate(ViewNavigationSupport.java:55) ~[jmix-flowui-2.4.2.jar!/:na]
        at io.jmix.flowui.view.navigation.AbstractNavigationProcessor.lambda$processNavigation$c42b6125$1(AbstractNavigationProcessor.java:86) ~[jmix-flowui-2.4.2.jar!/:na]
        at com.vaadin.flow.component.page.Page.lambda$fetchCurrentURL$fb993594$1(Page.java:537) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.component.page.PendingJavaScriptResult.lambda$then$3fde283c$1(PendingJavaScriptResult.java:113) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.component.internal.PendingJavaScriptInvocation.complete(PendingJavaScriptInvocation.java:96) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.server.communication.UidlWriter.lambda$createReturnValueChannel$d9004ac5$1(UidlWriter.java:320) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.internal.nodefeature.ReturnChannelMap.lambda$registerChannel$2a20409b$1(ReturnChannelMap.java:124) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.internal.nodefeature.ReturnChannelMap$ChannelImpl.invoke(ReturnChannelMap.java:74) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.server.communication.ReturnChannelHandler.handleNode(ReturnChannelHandler.java:78) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.server.communication.rpc.AbstractRpcInvocationHandler.handle(AbstractRpcInvocationHandler.java:73) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.server.communication.ServerRpcHandler.handleInvocationData(ServerRpcHandler.java:504) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.server.communication.ServerRpcHandler.lambda$handleInvocations$5(ServerRpcHandler.java:485) ~[flow-server-24.4.14.jar!/:24.4.14]
        at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) ~[na:na]
        at com.vaadin.flow.server.communication.ServerRpcHandler.handleInvocations(ServerRpcHandler.java:485) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:354) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:134) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:63) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.server.VaadinService.handleRequest(VaadinService.java:1593) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.server.VaadinServlet.service(VaadinServlet.java:398) ~[flow-server-24.4.14.jar!/:24.4.14]
        at com.vaadin.flow.spring.SpringServlet.service(SpringServlet.java:106) ~[vaadin-spring-24.4.14.jar!/:na]
        at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614) ~[jakarta.servlet-api-6.0.0.jar!/:6.0.0]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:632) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:408) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:303) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:267) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.springframework.web.servlet.mvc.ServletForwardingController.handleRequestInternal(ServletForwardingController.java:142) ~[spring-webmvc-6.1.15.jar!/:6.1.15]
        at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:178) ~[spring-webmvc-6.1.15.jar!/:6.1.15]
        at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:51) ~[spring-webmvc-6.1.15.jar!/:6.1.15]
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089) ~[spring-webmvc-6.1.15.jar!/:6.1.15]
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979) ~[spring-webmvc-6.1.15.jar!/:6.1.15]
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014) ~[spring-webmvc-6.1.15.jar!/:6.1.15]
        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:914) ~[spring-webmvc-6.1.15.jar!/:6.1.15]
        at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:547) ~[jakarta.servlet-api-6.0.0.jar!/:6.0.0]
        at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885) ~[spring-webmvc-6.1.15.jar!/:6.1.15]
        at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614) ~[jakarta.servlet-api-6.0.0.jar!/:6.0.0]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) ~[tomcat-embed-websocket-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at io.jmix.core.impl.logging.LogMdcFilter.doFilterInternal(LogMdcFilter.java:28) ~[jmix-core-2.4.2.jar!/:na]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:365) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:100) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:131) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:85) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:110) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:151) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:129) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.3.4.jar!/:6.3.4]
        at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.web.servlet.handler.HandlerMappingIntrospector.lambda$createCacheFilter$3(HandlerMappingIntrospector.java:195) ~[spring-webmvc-6.1.15.jar!/:6.1.15]
        at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.doFilter(WebMvcSecurityConfiguration.java:230) ~[spring-security-config-6.3.4.jar!/:6.3.4]
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:362) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:278) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.1.15.jar!/:6.1.15]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:483) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:731) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:384) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:905) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) ~[tomcat-embed-core-10.1.31.jar!/:na]
        at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]

Hi Jmix team!

According to my point of view, I found the problem why role would be null:

above attached picture you can see findRoleByCode method returns null value even role with that name ‘new-entity-view-role’ exists in my database:

Can you please clarify this? You left the previous questions unanswered as well.

Hi!

I still can’t reproduce the bug on my test project with the multitenancy add-on. The stacktrace you provided doesn’t provide any specific information about the cause of the error.

If you provide a test project, it will help solve the problem.

On the screenshots you attached, you show that loading for a role by the new-entity-view-role doesn’t load the entity. However, in the next screenshot you show the presence of this value in the name field. The name and code fields are different fields in the sec_ResourceRole entity. Loading occurs precisely by the code attribute. The role code attribute is not visible from the screenshot you provided.

In any case, without the test project, it will not be clear why the required role can’t be loaded in your project.

Best regards,
Dmitriy

I’m running into this problem in 2 different environments, including UAT, see stacktrace and animated gif in attachment. Looks like this issue has been going on since at least September 24, so please, @d.kremnev what can we do to resolve this?

In my case the code is TENANT-USER-FULL-ACCESS-ROLE

The problem does not always arise, only sometimes. When it happens, there is a null value in the roles cache for this entry. After clearing the cache in the debugger, everything works again. (see screenshot for the cache)

Note that this problem seems to go hand-in-hand with another problem where logging-in becomes impossible. Sometimes I’m just unable to log in. after multiple tries and/or switching tabs, it works again. I will try to pay more attention in the future to what exactly I do that allows me to log in again.

jmix role npe.txt (191.4 KB)

EDIT
as expected the login problem I described is related to same issue. The login action ends up in the same cache.

@d.kremnev

Getting closer. As mentioned in my previous post, sometimes it works, sometimes it doesn’t. Once it goes wrong, it keeps going wrong. This is due to the caching aspect.

I find it easier to debug the login issue, there are less things going on.

observations

1. It has to do with the multitenancy plugin
2. You need a composite role that contains the UI-minimal-role as a child. due to the composite role not being resolved, you are not allowed to log in.

assumptions

1. It sometimes works because of the order of logging in with different users. If you start with a user for which it works, it keeps working. If you start with a different user, it keeps failing (again, due to the caching aspect). This makes debugging a lot easier.
2. The cause is the tenant_id that is part of the query. (see screenshot), I assume because the datamanager is used.
3. It happens with a composite role created by a global admin while trying to log in with a tenant user that has received that role. (I’m not 100% sure, but I’m certainly close)

Hi,

This is the root cause - NullPointerException: Cannot invoke "io.jmix.security.model.BaseRole.getCustomProperties()" because "role" is null · Issue #4261 · jmix-framework/jmix · GitHub
Your assumptions are correct - role created by global (non-tenant) admin will cause this issue if it is assigned to tenant user.
If this role isn’t cached yet then tenant user will cache it as null on login. After that if you try to edit it you will get null from cache and fail.
That’s why it may look non-deterministic - it depends on who cached this role.

It relates to runtime roles because they are stored and loaded from database (so tenant criteria will be applied). Desing-time roles work ok.

Regards,
Ivan

aha, so i was spot on.

@i.gavrilov
will this be released as a bugfix in the short term?

This is planned for June release.

And we a going to forbid such kind of assignments, not “fix” it somehow to allow them.

As a WAs you can do the following:

1. Create your role as design-time role - they are available to everyone (e.g. UI: minimal access)
2. Create your user-defined role by tenant admin.
   This role also will be marked with this tenant and will be available for tenant users (for each tenant you will have to create different roles).
3. If you really need to create user-defined role by global admin user and be able to assign it to tenant user you will need to manually set the proper tenant value to sysTenantId property of role instance (and it will work only for users from that specific tenant).
   It’s not included into default UI, so you will have to customize it.
   But it looks very niche - I think the first two should cover 99% of the cases.

Regards,
Ivan

k thx.

I actually had a big draft post asking advice on how to setup users and roles within tenants.
Is there a way to make composite design-time roles? referring to child roles?

I currently create design-time roles for all entities and screens per aggregate. I then create database roles that combine those design-time roles in higher level abstractions.

You can combine design-time roles into single design-time role via inheritance:

@ResourceRole(...)
public interface MyHighLevelRole extends SomeRole, SomeAnotherRole {

    // Some additional policies
}

That makes complete sense, yet I didn’t think of that.

I think it’s a good idea to mention this in the documentation.