Hi Johann, Seems like the stack originates from core/org.wso2.carbon.ui/src/main/resources/web/admin/jsp/registry_styles_ajaxprocessor.jsp JSP file. It has some logic to execute based on registry's mode (RW..). But i am not sure why we need to execute this logic during logout process. Maybe registry person will be able to give more information.
On Fri, Feb 3, 2012 at 5:11 PM, Johann Nallathamby <joh...@wso2.com> wrote: > With regard to the issue https://wso2.org/jira/browse/CARBON-11442, the fix > we agreed upon after discussing it, is to ask the user for a confirmation > before updating his own roles and signing him out. The fix works fine > without any issue in the UI. However, it seems that after the user's own > roles have been updated properly, in the process of signing out a very > similar exception to the one in the original issue occurs as follows in the > console: > > [2012-02-03 15:56:11,514] ERROR {java.lang.Class} - Access Denied. Failed > authorization attempt to access service 'RegistryAdminService' operation > 'isRegistryReadOnly' by 'user1' > [2012-02-03 15:56:11,516] ERROR {org.apache.axis2.engine.AxisEngine} - > Access Denied. > org.apache.axis2.AxisFault: Access Denied. > at > org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.doAuthorization(AuthorizationHandler.java:129) > at > org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.invoke(AuthorizationHandler.java:81) > at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) > at org.apache.axis2.engine.Phase.invoke(Phase.java:313) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168) > at > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172) > at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) > at > org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:206) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > at > org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:164) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > at > org.wso2.carbon.server.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:154) > at org.wso2.carbon.server.TomcatServer$1.invoke(TomcatServer.java:257) > at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399) > at > org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:396) > at > org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:356) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1534) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > [2012-02-03 15:56:11,530] ERROR > {org.wso2.carbon.ui.clients.RegistryAdminServiceClient} - Error occurred > while checking registry mode > org.apache.axis2.AxisFault: Access Denied. > at > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531) > at > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375) > at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421) > at > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) > at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) > at > org.wso2.carbon.core.commons.stub.registry.service.RegistryAdminServiceStub.isRegistryReadOnly(RegistryAdminServiceStub.java:470) > at > org.wso2.carbon.ui.clients.RegistryAdminServiceClient.isRegistryReadOnly(RegistryAdminServiceClient.java:61) > at > org.apache.jsp.admin.jsp.registry_005fstyles_005fajaxprocessor_jsp._jspService(registry_005fstyles_005fajaxprocessor_jsp.java:51) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332) > at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:161) > at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > at > org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:36) > at > org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:164) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > at > org.wso2.carbon.server.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:154) > at org.wso2.carbon.server.TomcatServer$1.invoke(TomcatServer.java:257) > at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399) > at > org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:396) > at > org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:356) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1534) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > [2012-02-03 15:56:11,590] INFO > {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} - > 'user1' logged out at [2012-02-03 15:56:11,0590] > > The error says we are trying to access the "isRegistryReadOnly" operation in > the "RegistryAdminService". When do we actually access this operation in the > logout process? Is there a way around? Or have we got to completely prevent > the user from editing his/her own roles? If the role is admin, i think we should not allow him to edit. Thanks AmilaJ > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > -- Mobile : +94773330538 _______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
