-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access is denied on content update #19
Comments
This Site information request is probably blocked by a custom permission module: |
The site service check is actually to determine if the node is in a site or
not, so it cannot be avoided. If the user happens to not have access to any
node on the hierarchy to the root, this exception will occur. I believe the
best option in this case will be to simply use runAsSystem within the AOP
interceptor for the call to the site service.
thijslemmens <notifications@github.com> schrieb am Di., 7. Mai 2019, 08:35:
… This Site information request is probably blocked by a custom permission
module:
eu.xenit.alfresco.metadata.permissions.repo.security.BaseMetadataRestrictionsFilter.doFilter(BaseMetadataRestrictionsFilter.java:198)
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#19 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAQ35QND2UNDBVGU5XMD2MLPUEPMBANCNFSM4HLFVZKQ>
.
|
I'm willing to contribute to simple content stores I want to make sure that what I have in mind can result in an acceptable PR. |
A configuration property to control the enablement of the SiteAttributesInitializer, with *.enabled property having a default value of true, to be overriden via global properties, would be acceptable. If you could include the runAsSystem for the call to SiteService in the same PR even though you are not going to use it yourself, that would be appreciated, because that would be the actual fix to this problem, while the property would just be a workaround for your specific case. |
I skipped the flag implementation. The runAsSystem is enough. |
PR #20 fixes this for Alfresco 5.0 - I will process changes for other branches (and properly address changes to parent POMs from Acosix Maven project) when I get a chance.... |
We plan to upgrade to 6.1 in the near future, so I can test the fix again
and do a follow up PR.
Op wo 8 mei 2019 01:29 schreef Axel Faust <notifications@github.com>:
PR #20 <#20>
fixes this for Alfresco 5.0 - I will process changes for other branches
(and properly address changes to parent POMs from Acosix Maven project)
when I get a chance....
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#19 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABSIMZWE2DWEFGJX3ZEFZLDPUIGGDANCNFSM4HLFVZKQ>
.
Op wo 8 mei 2019 01:29 schreef Axel Faust <notifications@github.com>:
… PR #20 <#20>
fixes this for Alfresco 5.0 - I will process changes for other branches
(and properly address changes to parent POMs from Acosix Maven project)
when I get a chance....
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#19 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABSIMZWE2DWEFGJX3ZEFZLDPUIGGDANCNFSM4HLFVZKQ>
.
|
Environment:
Configuration:
- simpleContentStores.enabled=true
- simpleContentStores.customStores=myEncryptingStore
- simpleContentStores.rootStore=myEncryptingStore
- simpleContentStores.customStore.myEncryptingStore.type=encryptingFacadeStore
- simpleContentStores.customStore.myEncryptingStore.ref.backingStore=swarmContentStore # custom content store
- simpleContentStores.customStore.myEncryptingStore.value.keyStorePath=classpath:keystore.jks
- GLOBAL_simpleContentStores.customStore.myEncryptingStore.value.keyStorePassword=***
- GLOBAL_simpleContentStores.customStore.myEncryptingStore.value.masterKeyAlias=key1
- GLOBAL_simpleContentStores.customStore.myEncryptingStore.value.masterKeyPassword=***
- GLOBAL_simpleContentStores.customStore.myEncryptingStore.value.masterKeyStoreId=jce
A user that is collaborator on a file cannot update and gets an access denied. Stacktrace is indicating a Site lookup in an AOP interceptor. Sites are not used in this context.
[ALFRESCO] 2019-05-06 16:35:44,617 ERROR [extensions.webscripts.AbstractRuntime] [http-bio-8080-exec-177] Exception from executeScript: 04063951 Access Denied. You do not have the appropriate permissions to perform this operation.
org.alfresco.repo.security.permissions.AccessDeniedException: 04063951 Access Denied. You do not have the appropriate permissions to perform this operation.
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:57)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.transaction.RetryingTransactionInterceptor$1.execute(RetryingTransactionInterceptor.java:86)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:464)
at org.alfresco.repo.transaction.RetryingTransactionInterceptor.invoke(RetryingTransactionInterceptor.java:76)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.enterprise.repo.authorization.AuthorizationStatusInterceptor.invoke(AuthorizationStatusInterceptor.java:189)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy29.getPrimaryParent(Unknown Source)
at org.alfresco.repo.site.SiteServiceImpl.getSiteNodeRef(SiteServiceImpl.java:1412)
at org.alfresco.repo.site.SiteServiceImpl.getSiteNodeRef(SiteServiceImpl.java:1415)
at org.alfresco.repo.site.SiteServiceImpl.getSiteNodeRef(SiteServiceImpl.java:1415)
at org.alfresco.repo.site.SiteServiceImpl.getSiteNodeRef(SiteServiceImpl.java:1415)
at org.alfresco.repo.site.SiteServiceImpl.getSiteNodeRef(SiteServiceImpl.java:1415)
at org.alfresco.repo.site.SiteServiceImpl.getSiteNodeRef(SiteServiceImpl.java:1415)
at org.alfresco.repo.site.SiteServiceImpl.getSiteNodeRef(SiteServiceImpl.java:1415)
at org.alfresco.repo.site.SiteServiceImpl.getSiteNodeRef(SiteServiceImpl.java:1415)
at org.alfresco.repo.site.SiteServiceImpl.getSite(SiteServiceImpl.java:1373)
at sun.reflect.GeneratedMethodAccessor416.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.transaction.CheckTransactionAdvice.invoke(CheckTransactionAdvice.java:54)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.transaction.RetryingTransactionAdvice$1.execute(RetryingTransactionAdvice.java:71)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:464)
at org.alfresco.repo.transaction.RetryingTransactionAdvice.invoke(RetryingTransactionAdvice.java:74)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy122.getSite(Unknown Source)
at de.acosix.alfresco.simplecontentstores.repo.store.context.SiteAttributesInitializer.initialize(SiteAttributesInitializer.java:70)
at de.acosix.alfresco.simplecontentstores.repo.aop.InitContentStoreContextInterceptor$1.execute(InitContentStoreContextInterceptor.java:79)
at de.acosix.alfresco.simplecontentstores.repo.store.context.ContentStoreContext.executeInNewContext(ContentStoreContext.java:134)
at de.acosix.alfresco.simplecontentstores.repo.aop.InitContentStoreContextInterceptor.invoke(InitContentStoreContextInterceptor.java:59)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at de.acosix.alfresco.simplecontentstores.repo.aop.ContentStoreCapsEmulatingInterceptor.invoke(ContentStoreCapsEmulatingInterceptor.java:194)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy24.getWriter(Unknown Source)
at org.alfresco.repo.content.ContentServiceImpl.getWriter(ContentServiceImpl.java:508)
at sun.reflect.GeneratedMethodAccessor415.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.model.ml.MLContentInterceptor.invoke(MLContentInterceptor.java:136)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy59.getWriter(Unknown Source)
at eu.xenit.apix.alfresco.metadata.NodeService.setContent(NodeService.java:494)
at eu.xenit.ethias.integration.v3.GeneralWebscripts.updateContent(GeneralWebscripts.java:140)
at sun.reflect.GeneratedMethodAccessor1315.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:210)
at com.github.dynamicextensionsalfresco.webscripts.AnnotationWebScript.invokeUriHandlerMethod(AnnotationWebScript.java:154)
at com.github.dynamicextensionsalfresco.webscripts.AnnotationWebScript.execute(AnnotationWebScript.java:76)
at com.github.dynamicextensionsalfresco.webscripts.WebScriptProxy.execute(WebScriptProxy.java:71)
at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:519)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:464)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:587)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:656)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:428)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:308)
at de.acosix.alfresco.utility.repo.web.scripts.TenantExtensibilityContainer.executeScript(TenantExtensibilityContainer.java:206)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:399)
at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210)
at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at brave.servlet.TracingFilter.doFilter(TracingFilter.java:76)
at eu.xenit.alfresco.instrumentation.servlet.ServletContextTracingFilter.doFilter(ServletContextTracingFilter.java:29)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at eu.xenit.alfresco.metadata.permissions.repo.security.BaseMetadataRestrictionsFilter.doFilter(BaseMetadataRestrictionsFilter.java:198)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at eu.xenit.alfresco.metadata.permissions.repo.security.BaseMetadataRestrictionsFilter.doFilter(BaseMetadataRestrictionsFilter.java:198)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: net.sf.acegisecurity.AccessDeniedException: Access is denied.
at net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:86)
at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:398)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
... 128 more
The text was updated successfully, but these errors were encountered: