HI AsankaD,
On Fri, Oct 11, 2013 at 5:15 PM, Asanka Dissanayake <[email protected]>wrote: > Hi, > I came across a some weird behavior . The scenario is mentioned below. > > There is a service , and it has been exposed as OSGI service and a Axis2 > service. > in the service xml, > Why this is exposed both ways? > Authorization action parameter is set to /permission/admin. > > This is called as an osgi service in the jaggery , using > > server.osgiservice(Service class).operation(); > > When the call is made , first it hits the BE method, and on the return > flow it hits a Authorization Handler. and if a non-admin user makes the > calll, then call fails with the following exception [1]. > > *When a service is exposed as OSGi and axis2 service, how does it hit the > Authorization Handler in the outflow?* > What do mean by "OutFlow" here? Are you referring to OutFlow of axis2? The below error is simply at axis2 layer. Some one is doing a web service call here. That is why it is going through the axis2 handler chain. This does not have to anything with having a service exposed as an OSGI service. > [1] [2013-10-11 17:10:11,390] INFO > {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} > - '[email protected] [3]' logged in at [2013-10-11 17:10:11,389+0530] > [2013-10-11 17:10:11,412] ERROR {java.lang.Class} - Access Denied. Failed > authorization attempt to access service 'ApplicationUserManagementService' > operation 'getUsersOftheApplication' by 'punnadi' > [2013-10-11 17:10:11,413] ERROR {org.apache.axis2.engine.AxisEngine} - > Access Denied. > org.apache.axis2.AxisFault: Access Denied. > at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler. > doAuthorization(AuthorizationHandler.java:124) > at org.wso2.carbon.server.admin.module.handler. > AuthorizationHandler.invoke(AuthorizationHandler.java:88) > at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) > at org.apache.axis2.engine.Phase.invoke(Phase.java:313) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) > at org.apache.axis2.transport.http.HTTPTransportUtils. > processHTTPPostRequest(HTTPTransportUtils.java:172) > at org.apache.axis2.transport.http.AxisServlet.doPost( > AxisServlet.java:146) > at org.wso2.carbon.core.transports.CarbonServlet. > doPost(CarbonServlet.java:231) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) > Based on this error trace, there is a service request to " ApplicationUserManagementService". When it is received by the axis2 engine and when it passes through the InFlow phase handlers, one of the handler ( AuthorizationHandler) is throwing the above error as "unauthorized". You may have check on who is doing that "unauthorized" call? Thanks, Kishanthan. > > -- > > *Asanka Dissanayake > Software Engineer* > *WSO2 Inc. - lean . enterprise . middleware | wso2.com* > * > email: [email protected] <[email protected]>, blog: > cyberwaadiya.blogspot.com, asankastechtalks.wordpress.com mobile: +94 71 > 8373821* > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Kishanthan Thangarajah* Senior Software Engineer, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com* Twitter - *http://twitter.com/kishanthan*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
