On 19/12/2013 14:33, Siva Nookala wrote:
Hi Francesco,
Here are the details,
Database: mysql
JEE container: tomcat
Content.xml is modified to add default roles (attached)
The roles I tried to access from syncope console are all created in
content.xml. Its fails even after I logout or re-start tomcat.
Ok, found the problem then.
When a new role is created, Syncope automatically crates the
correspondent role entitlement and takes care of assigning such
entitlement to the user that created that role [1].
You have added <SyncopeRole/> entities to your content.xml but missed to
add role entitlements: appending
<Entitlement name="ROLE_1"/>
<Entitlement name="ROLE_2"/>
<Entitlement name="ROLE_3"/>
<Entitlement name="ROLE_4"/>
<Entitlement name="ROLE_5"/>
<Entitlement name="ROLE_6"/>
to content.xml, stopping the JEE container, wiping your database and
starting again the JEE container should fix your issue.
Alternatively you can directly add the entries above to the Entitlement
table and restart the JEE container.
Manually changing content.xml is not recommended, since this might lead
to inconsistencies (as you have just experimented); the best practice is
to create entities via admin console and then export the resulting
content.xml: see [2] for more details.
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization
[2]
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=31819687
On Dec 19, 2013, at 8:22 AM, Francesco Chicchiriccò
<ilgro...@apache.org <mailto:ilgro...@apache.org>> wrote:
On 19/12/2013 14:17, Siva Nookala wrote:
Hi Francesco,
Thank you for the prompt reply. I am running real-world setup.
Ok: some more information requested, then:
* which DBMS?
* which JEE container?
* have you modified core/src/main/resources/content.xml?
* was such role '5' created by you via admin console? what if you
logout, restart the JEE container and login again: is it still failing?
Regards.
On Dec 19, 2013, at 3:23 AM, Francesco Chicchiriccò
<ilgro...@apache.org <mailto:ilgro...@apache.org>> wrote:
On 18/12/2013 23:14, Siva Nookala wrote:
Hi,
In the documentation it is mentioned that the root administrator
(admin) has all the entitlements.
https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization#Authenticationandauthorization-Rootadministrator
When I try to click on a role in Roles screen, I get the following
exception. I am running Apache Syncope 1.1.5. Is the expected
behavior?
Hi Siva,
not at all: as admin you are able to perform any action.
You said you are on 1.1.5, but how are you running system?
Standalone distribution [1], embedded [2] or real-world [3]?
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Run+Syncope+standalone+distribution
[2]
https://cwiki.apache.org/confluence/display/SYNCOPE/Run+Syncope+in+embedded+mode
[3]
https://cwiki.apache.org/confluence/display/SYNCOPE/Run+Syncope+in+real+environments
SEVERE: Servlet.service() for servlet [syncope-core-rest] in
context with path [/syncope-core] threw exception [Request
processing failed; nested exception is
org.apache.syncope.core.rest.controller.UnauthorizedRoleException:
Missing entitlement for role(s) [5]] with root cause
org.apache.syncope.core.rest.controller.UnauthorizedRoleException:
Missing entitlement for role(s) [5]
at
org.apache.syncope.core.rest.data.RoleDataBinder.getRoleFromId(RoleDataBinder.java:78)
at
org.apache.syncope.core.rest.data.RoleDataBinder$$FastClassByCGLIB$$75f19568.invoke(<generated>)
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:698)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
at
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:631)
at
org.apache.syncope.core.rest.data.RoleDataBinder$$EnhancerByCGLIB$$b31f3528.getRoleFromId(<generated>)
at
org.apache.syncope.core.rest.controller.RoleController.read(RoleController.java:100)
at
org.apache.syncope.core.rest.controller.RoleController$$FastClassByCGLIB$$77c6d55e.invoke(<generated>)
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:698)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at
org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80)
at
org.apache.syncope.core.rest.controller.ControllerHandler.around(ControllerHandler.java:75)
at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source)
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/