[jira] Created: (MASHUP-1179) Service level security settings appear enabled for users who don't have security permission and accessing this returns a grey page.

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[jira] Created: (MASHUP-1179) Service level security settings appear enabled for users who don't have security permission and accessing this returns a grey page.

JIRA jira@wso2.org
Service level security settings appear enabled for users who don't have security permission and accessing this returns a grey page.
-----------------------------------------------------------------------------------------------------------------------------------

                 Key: MASHUP-1179
                 URL: https://wso2.org/jira/browse/MASHUP-1179
             Project: WSO2 Mashup Server
          Issue Type: Bug
          Components: Admin UI
         Environment: WinXP, JDK1.6, FF3, pre-alpha release
            Reporter: Yumani Ranaweera
            Assignee: Keith Godwin Chapman
             Fix For: 2.0


Steps to reproduce
--------------------------
1. Create a role, which doesn't have 'Manage Security' permission.
2. Create a user and assign the role to the user.
3. Login fro this user account
4. Access a .js service and try to access security settings from the service dashboard.


Issue:
----------
It returns a grey page when accessing the service dashboard. The error at the back-end is as below;

[2009-04-07 11:49:18,921] ERROR -  Cannot get service stats for service inputOutputTypesPositiveTCs. Backend server may be unavailable. {org.wso2.carbon.statistics.ui.StatisticsAdminClient}
org.apache.axis2.AxisFault: Access Denied. You are not authorized.
        at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:517)
        at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
        at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
        at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
        at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
        at org.wso2.carbon.statistics.ui.StatisticsAdminStub.getServiceStatistics(StatisticsAdminStub.java:3582)
        at org.wso2.carbon.statistics.ui.StatisticsAdminClient.getServiceStatistics(StatisticsAdminClient.java:68)
        at org.apache.jsp.statistics.service_005fstats_005fajaxprocessor_jsp._jspService(service_005fstats_005fajaxprocessor_jsp.java:91)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:115)
        at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:35)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:36)
        at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:133)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:619)
[2009-04-07 11:49:25,187] ERROR -  Access Denied. Failed authorization attempt to access service 'SecurityAdminService' operation 'getCurrentScenario' by 'tester1' {java.lang.Class}
[2009-04-07 11:49:25,203] ERROR -  Access Denied. You are not authorized. {org.apache.axis2.engine.AxisEngine}
org.apache.axis2.AxisFault: Access Denied. You are not authorized.
        at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.invoke(AuthorizationHandler.java:69)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
        at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:133)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:619)
[2009-04-07 11:49:25,203] ERROR -  org.apache.axis2.AxisFault: Access Denied. You are not authorized. {org.wso2.carbon.security.ui.client.SecurityAdminClient}

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

_______________________________________________
Mashup-dev mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/mashup-dev
Reply | Threaded
Open this post in threaded view
|

[jira] Resolved: (MASHUP-1179) Service level security settings appear enabled for users who don't have security permission and accessing this returns a grey page.

JIRA jira@wso2.org

     [ https://wso2.org/jira/browse/MASHUP-1179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tyrell Perera resolved MASHUP-1179.
-----------------------------------

    Resolution: Fixed

This is fixed in the latest builds

> Service level security settings appear enabled for users who don't have security permission and accessing this returns a grey page.
> -----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: MASHUP-1179
>                 URL: https://wso2.org/jira/browse/MASHUP-1179
>             Project: WSO2 Mashup Server
>          Issue Type: Bug
>          Components: Admin UI
>         Environment: WinXP, JDK1.6, FF3, pre-alpha release
>            Reporter: Yumani Ranaweera
>            Assignee: Keith Godwin Chapman
>             Fix For: 2.0
>
>
> Steps to reproduce
> --------------------------
> 1. Create a role, which doesn't have 'Manage Security' permission.
> 2. Create a user and assign the role to the user.
> 3. Login fro this user account
> 4. Access a .js service and try to access security settings from the service dashboard.
> Issue:
> ----------
> It returns a grey page when accessing the service dashboard. The error at the back-end is as below;
> [2009-04-07 11:49:18,921] ERROR -  Cannot get service stats for service inputOutputTypesPositiveTCs. Backend server may be unavailable. {org.wso2.carbon.statistics.ui.StatisticsAdminClient}
> org.apache.axis2.AxisFault: Access Denied. You are not authorized.
>         at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:517)
>         at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
>         at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
>         at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
>         at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
>         at org.wso2.carbon.statistics.ui.StatisticsAdminStub.getServiceStatistics(StatisticsAdminStub.java:3582)
>         at org.wso2.carbon.statistics.ui.StatisticsAdminClient.getServiceStatistics(StatisticsAdminClient.java:68)
>         at org.apache.jsp.statistics.service_005fstats_005fajaxprocessor_jsp._jspService(service_005fstats_005fajaxprocessor_jsp.java:91)
>         at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>         at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
>         at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
>         at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>         at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:115)
>         at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:35)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>         at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:36)
>         at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
>         at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
>         at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>         at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:133)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
>         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
>         at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>         at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>         at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
>         at java.lang.Thread.run(Thread.java:619)
> [2009-04-07 11:49:25,187] ERROR -  Access Denied. Failed authorization attempt to access service 'SecurityAdminService' operation 'getCurrentScenario' by 'tester1' {java.lang.Class}
> [2009-04-07 11:49:25,203] ERROR -  Access Denied. You are not authorized. {org.apache.axis2.engine.AxisEngine}
> org.apache.axis2.AxisFault: Access Denied. You are not authorized.
>         at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.invoke(AuthorizationHandler.java:69)
>         at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>         at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>         at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>         at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
>         at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>         at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
>         at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
>         at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>         at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:133)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
>         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
>         at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>         at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>         at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
>         at java.lang.Thread.run(Thread.java:619)
> [2009-04-07 11:49:25,203] ERROR -  org.apache.axis2.AxisFault: Access Denied. You are not authorized. {org.wso2.carbon.security.ui.client.SecurityAdminClient}

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

_______________________________________________
Mashup-dev mailing list
[hidden email]
https://wso2.org/cgi-bin/mailman/listinfo/mashup-dev