Hi Johann, This method is accessed from the UI framework when you try to access a JSP page. This is because the template JSP for Carbon UI has it in there. When you logout, you need to send the user to the sign-out page, and there is a standard way of doing that (i.e. set the window.location in javascript to the sign-out link). But, AFAIU, you seem to be doing something else here, and the user gets forwarded to a page he should be seeing when he's logged in. Can you double check the target of the confirmation (when the answer is 'yes') and correct it as explained above.
Thanks, Senaka. On Sat, Feb 4, 2012 at 12:33 AM, Amila Jayasekara <ami...@wso2.com> wrote: > Hi Johann, > > Seems like the stack originates from > > core/org.wso2.carbon.ui/src/main/resources/web/admin/jsp/registry_styles_ajaxprocessor.jsp > JSP file. It has some logic to execute based on registry's mode > (RW..). But i am not sure why we need to execute this logic during > logout process. Maybe registry person will be able to give more > information. > > On Fri, Feb 3, 2012 at 5:11 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > > With regard to the issue https://wso2.org/jira/browse/CARBON-11442, the > fix > > we agreed upon after discussing it, is to ask the user for a confirmation > > before updating his own roles and signing him out. The fix works fine > > without any issue in the UI. However, it seems that after the user's own > > roles have been updated properly, in the process of signing out a very > > similar exception to the one in the original issue occurs as follows in > the > > console: > > > > [2012-02-03 15:56:11,514] ERROR {java.lang.Class} - Access Denied. > Failed > > authorization attempt to access service 'RegistryAdminService' operation > > 'isRegistryReadOnly' by 'user1' > > [2012-02-03 15:56:11,516] ERROR {org.apache.axis2.engine.AxisEngine} - > > Access Denied. > > org.apache.axis2.AxisFault: Access Denied. > > at > > > org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.doAuthorization(AuthorizationHandler.java:129) > > at > > > org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.invoke(AuthorizationHandler.java:81) > > at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) > > at org.apache.axis2.engine.Phase.invoke(Phase.java:313) > > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262) > > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168) > > at > > > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172) > > at > org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) > > at > > > org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:206) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > > at > > > org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90) > > at > > > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111) > > at > > > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > > at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:164) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > > at > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) > > at > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > > at > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) > > at > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) > > at > > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) > > at > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) > > at > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > > at > > > org.wso2.carbon.server.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:154) > > at org.wso2.carbon.server.TomcatServer$1.invoke(TomcatServer.java:257) > > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) > > at > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > > at > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399) > > at > > > org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:396) > > at > > > org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:356) > > at > > > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1534) > > at > > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > > at > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > > at java.lang.Thread.run(Thread.java:662) > > [2012-02-03 15:56:11,530] ERROR > > {org.wso2.carbon.ui.clients.RegistryAdminServiceClient} - Error occurred > > while checking registry mode > > org.apache.axis2.AxisFault: Access Denied. > > at > > > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531) > > at > > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375) > > at > > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421) > > at > > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) > > at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) > > at > > > org.wso2.carbon.core.commons.stub.registry.service.RegistryAdminServiceStub.isRegistryReadOnly(RegistryAdminServiceStub.java:470) > > at > > > org.wso2.carbon.ui.clients.RegistryAdminServiceClient.isRegistryReadOnly(RegistryAdminServiceClient.java:61) > > at > > > org.apache.jsp.admin.jsp.registry_005fstyles_005fajaxprocessor_jsp._jspService(registry_005fstyles_005fajaxprocessor_jsp.java:51) > > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > > at > > > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332) > > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) > > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > > at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:161) > > at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > > at > > > org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:36) > > at > > > org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90) > > at > > > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111) > > at > > > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > > at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:164) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > > at > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) > > at > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > > at > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) > > at > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) > > at > > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462) > > at > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) > > at > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > > at > > > org.wso2.carbon.server.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:154) > > at org.wso2.carbon.server.TomcatServer$1.invoke(TomcatServer.java:257) > > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) > > at > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > > at > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:399) > > at > > > org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:396) > > at > > > org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:356) > > at > > > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1534) > > at > > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > > at > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > > at java.lang.Thread.run(Thread.java:662) > > [2012-02-03 15:56:11,590] INFO > > {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} - > > 'user1' logged out at [2012-02-03 15:56:11,0590] > > > > The error says we are trying to access the "isRegistryReadOnly" > operation in > > the "RegistryAdminService". When do we actually access this operation in > the > > logout process? Is there a way around? Or have we got to completely > prevent > > the user from editing his/her own roles? > > If the role is admin, i think we should not allow him to edit. > > Thanks > AmilaJ > > > > > _______________________________________________ > > Carbon-dev mailing list > > Carbon-dev@wso2.org > > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > > -- > Mobile : +94773330538 > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > -- *Senaka Fernando* Product Manager - WSO2 Governance Registry; Associate Technical Lead; WSO2 Inc.; http://wso2.com* Member; Apache Software Foundation; http://apache.org E-mail: senaka AT wso2.com **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 Linked-In: http://linkedin.com/in/senakafernando *Lean . Enterprise . Middleware
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
