[Dev] Authorization handler in the outflow of osgi service call

Fri, 11 Oct 2013 04:46:21 -0700 

Hi,
I came across a some weird  behavior . The scenario is mentioned below.

There is a service , and it has been exposed as OSGI service and a Axis2
service.
in the service xml,
Authorization action parameter is set to /permission/admin.

This is called as an osgi service in the jaggery , using

server.osgiservice(Service class).operation();

When the call is made , first it hits the BE method, and on the return flow
it hits a Authorization Handler. and if a non-admin user makes the calll,
then call fails with the following exception [1].

*When a service is exposed as OSGi and axis2 service, how does it hit the
Authorization Handler in the outflow?*

[1] [2013-10-11 17:10:11,390]  INFO
{org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
-  '[email protected] [3]' logged in at [2013-10-11 17:10:11,389+0530]
[2013-10-11 17:10:11,412] ERROR {java.lang.Class} -  Access Denied. Failed
authorization attempt to access service 'ApplicationUserManagementService'
operation 'getUsersOftheApplication' by 'punnadi'
[2013-10-11 17:10:11,413] ERROR {org.apache.axis2.engine.AxisEngine} -
Access Denied.
org.apache.axis2.AxisFault: Access Denied.
    at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.
doAuthorization(AuthorizationHandler.java:124)
    at org.wso2.carbon.server.admin.module.handler.
AuthorizationHandler.invoke(AuthorizationHandler.java:88)
    at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
    at org.apache.axis2.transport.http.HTTPTransportUtils.
processHTTPPostRequest(HTTPTransportUtils.java:172)
    at org.apache.axis2.transport.http.AxisServlet.doPost(
AxisServlet.java:146)
    at org.wso2.carbon.core.transports.CarbonServlet.
doPost(CarbonServlet.java:231)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)


-- 

*Asanka Dissanayake
Software Engineer*
*WSO2 Inc. - lean . enterprise . middleware |  wso2.com*
*
email: [email protected] <[email protected]>,   blog:
cyberwaadiya.blogspot.com, asankastechtalks.wordpress.com  mobile: +94 71
8373821*

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to