The error in the code of the class com.haulmont.cuba.security.app.role.RolesHelper

I have found an error in the code of the class com.haulmont.cuba.security.app.role.RolesHelper :

 package com.haulmont.cuba.security.app.role;

    import com.haulmont.cuba.core.EntityManager;
    import com.haulmont.cuba.core.app.ServerConfig;
    import com.haulmont.cuba.core.global.*;
    import com.haulmont.cuba.security.entity.*;
    import com.haulmont.cuba.security.role.*;
    import org.apache.commons.lang3.ArrayUtils;
    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.stereotype.Component;

    import javax.annotation.Nullable;
    import javax.inject.Inject;
    import java.util.*;
    import java.util.stream.Collectors;

    import static com.haulmont.cuba.security.role.SecurityStorageMode.MIXED;

    /**
     * Class contains miscellaneous useful methods for working with predefined roles
     */
    @Component("cuba_RolesHelper")
    public class RolesHelper {

        //...

        /**
         * Returns a collection of {@link RoleDefinition} objects assigned to the {@code User}. If the user role is
         * associated with the database role, the database role will be converted to the {@code RoleDefinition}
         *
         * @param user       the user
         * @param reloadUser if set to true then the passed {@code user} will be reloaded with the proper view (contains
         *                   roles with permissions). If the parameter value is false then this check won't be performed.
         *                   Set the parameter to false when the method is invoked from within the opened transaction (i.e.
         *                   from the {@link com.haulmont.cuba.security.sys.UserSessionManager}) - in this case all
         *                   non-loaded fields will be fetched when they are accessed within the method.
         * @return collection of {@link RoleDefinition} objects
         */
        public Collection<RoleDefinition> getRoleDefinitionsForUser(User user, boolean reloadUser) {
            if (reloadUser) {
                View userWithRolesView = ViewBuilder.of(User.class)
                        .add("userRoles", userRoleViewBuilder -> {
                            userRoleViewBuilder
                                    .add("roleName")
                                    .add("role", roleViewBuilder ->
                                            roleViewBuilder
                                                    .addView(View.LOCAL)
                                                    .add("permissions", View.LOCAL)
                                    );
                        })
                        .build();
                user = dataManager.reload(user, userWithRolesView);
            }

            List<UserRole> userRoles = user.getUserRoles();
            Map<String, RoleDefinition> result = new HashMap<>();

            List<UserRole> userRolesWithRoleDef = userRoles.stream()
                    .filter(ur -> ur.getRoleDefinition() != null)
                    .collect(Collectors.toList());

            List<UserRole> userRolesWithRoleName = userRoles.stream()
                    .filter(ur -> ur.getRoleDefinition() == null && ur.getRoleName() != null)
                    .collect(Collectors.toList());

            List<UserRole> userRolesWithRoleObject = userRoles.stream()
                    .filter(ur -> ur.getRoleDefinition() == null && ur.getRole() != null)
                    .collect(Collectors.toList());

            userRolesWithRoleDef.stream()
                    .filter(ur -> ur.getRoleDefinition() != null)
                    .forEach(ur -> result.put(ur.getRoleDefinition().getName(), ur.getRoleDefinition()));

            for (UserRole ur : userRolesWithRoleName) {
                RoleDefinition role = predefinedRoleDefinitionRepository.getRoleDefinitionByName((ur.getRoleName()));
                if (role != null) {
                    ur.setRoleDefinition(role);
                    result.put(role.getName(), role);
                }
            }

            if (serverConfig.getRolesStorageMode() == MIXED) {
                for (UserRole ur : userRolesWithRoleObject) {
                    Role role = ur.getRole();
                    if (predefinedRoleDefinitionRepository.getRoleDefinitionByName(role.getName()) != null) {
                        log.warn("User '{}' has link to the persisted role '{}', but this role name is used for some predefined role. " +
                                "Persisted role's permissions will not be taken into account.", ur.getUser().getLogin(), role.getName());
                        continue;
                    }
                    RoleDefinition roleDefinition = transformToRoleDefinition(role);
                    ur.setRoleDefinition(roleDefinition);
                    result.put(roleDefinition.getName(), roleDefinition);
                }
            }
            return new ArrayList<>(result.values());
        }
        
         //...
    }

The parameter ur.getUser().getLogin() is passed to logging:

log.warn("User '{}' has link to the persisted role '{}', but this role name is used for some predefined role. " + "Persisted role's permissions will not be taken into account.", ur.getUser().getLogin(), role.getName());

Which was not specified in the View during the entity reload:

View userWithRolesView = ViewBuilder.of(User.class)
                            .add("userRoles", userRoleViewBuilder -> {
                                userRoleViewBuilder
                                        .add("roleName")
                                        .add("role", roleViewBuilder ->
                                                roleViewBuilder
                                                        .addView(View.LOCAL)
                                                        .add("permissions", View.LOCAL)
                                        );
                            })
                            .build();

As a result, we encounter an error:

java.lang.IllegalStateException: Cannot get unfetched attribute [login] from detached object com.haulmont.cuba.security.entity.User-9340869a-a327-95f3-68e7-48f2148b141c [detached].
        at org.eclipse.persistence.internal.queries.EntityFetchGroup.onUnfetchedAttribute(EntityFetchGroup.java:100)
        at com.haulmont.cuba.core.sys.persistence.CubaEntityFetchGroup.onUnfetchedAttribute(CubaEntityFetchGroup.java:74)
        at org.eclipse.persistence.internal.jpa.EntityManagerImpl.processUnfetchedAttribute(EntityManagerImpl.java:2998)
        at com.haulmont.chile.core.model.impl.AbstractInstance._persistence_checkFetched(AbstractInstance.java)
        at com.haulmont.cuba.security.entity.User._persistence_get_login(User.java)
        at com.haulmont.cuba.security.entity.User.getLogin(User.java:132)
        at com.haulmont.cuba.security.app.role.RolesHelper.getRoleDefinitionsForUser(RolesHelper.java:146)
        at com.haulmont.cuba.security.app.role.RolesServiceBean.getRoleDefinitionsForUser(RolesServiceBean.java:167)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
        at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
        at com.haulmont.cuba.core.sys.ServiceInterceptor.aroundInvoke(ServiceInterceptor.java:90)
        at jdk.internal.reflect.GeneratedMethodAccessor450.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
        at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
        at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
        at com.sun.proxy.$Proxy130.getRoleDefinitionsForUser(Unknown Source)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at com.haulmont.cuba.core.sys.remoting.LocalServiceInvokerImpl.invoke(LocalServiceInvokerImpl.java:94)
        at com.haulmont.cuba.web.sys.remoting.LocalServiceProxy$LocalServiceInvocationHandler.invoke(LocalServiceProxy.java:159)
        at com.sun.proxy.$Proxy339.getRoleDefinitionsForUser(Unknown Source)
        at com.haulmont.cuba.gui.app.security.user.browse.UserBrowser.buildJoinedRole(UserBrowser.java:383)
        at com.haulmont.cuba.gui.app.security.user.browse.UserBrowser.showEffectiveRole(UserBrowser.java:374)
        at com.haulmont.cuba.gui.app.security.user.browse.UserBrowser$ShowEffectiveRoleAction.actionPerform(UserBrowser.java:408)
        at com.haulmont.cuba.web.gui.components.WebPopupButton.lambda$setPopupButtonAction$1(WebPopupButton.java:328)
        at com.haulmont.cuba.web.widgets.CubaButton.fireClick(CubaButton.java:76)
        at com.vaadin.ui.Button$1.click(Button.java:57)
        at jdk.internal.reflect.GeneratedMethodAccessor656.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at com.vaadin.server.ServerRpcManager.applyInvocation(ServerRpcManager.java:153)
        at com.vaadin.server.ServerRpcManager.applyInvocation(ServerRpcManager.java:115)
        at com.vaadin.server.communication.ServerRpcHandler.handleInvocation(ServerRpcHandler.java:442)
        at com.vaadin.server.communication.ServerRpcHandler.handleInvocations(ServerRpcHandler.java:407)
        at com.vaadin.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:275)
        at com.vaadin.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:83)
        at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:40)
        at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1636)
        at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:465)
        at com.haulmont.cuba.web.sys.CubaApplicationServlet.serviceAppRequest(CubaApplicationServlet.java:329)
        at com.haulmont.cuba.web.sys.CubaApplicationServlet.service(CubaApplicationServlet.java:215)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)
        at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1656)
        at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108)
        at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74)
        at com.haulmont.cuba.web.sys.CubaHttpFilter.doFilter(CubaHttpFilter.java:93)
        at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
        at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
        at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:292)
        at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
        at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
        at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
        at org.eclipse.jetty.server.Server.handle(Server.java:516)
        at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
        at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
        at java.base/java.lang.Thread.run(Thread.java:829)

You need either to add the user to the View:

View userWithRolesView = ViewBuilder.of(User.class)
                        .add("userRoles", userRoleViewBuilder -> {
                            userRoleViewBuilder
                                    .add("roleName")
                                    .add("user", userViewBuilder -> userViewBuilder.addView(View.LOCAL))
                                    .add("role", roleViewBuilder ->
                                            roleViewBuilder
                                                    .addView(View.LOCAL)
                                                    .add("permissions", View.LOCAL)
                                    );
                        })
                        .build();

Or, in the logging, pass user.getLogin() instead of ur.getUser().getLogin() , as the user will be the same for all userRole instances in the collection.