[Dspace-devel] [ dspace-Bugs-1756384 ] Authorization denied resulting in ServletException

Thu, 17 Jun 2010 07:19:41 -0700 

Bugs item #1756384, was opened at 2007-07-18 13:42
Message generated for change (Settings changed) made by tdonohue
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=119984&aid=1756384&group_id=19984

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Authorisation
Group: 1.4.2
>Status: Closed
>Resolution: Out of Date
Priority: 5
Private: No
Submitted By: Sam Ottenhoff (ottenhoffs)
Assigned to: Nobody/Anonymous (nobody)
Summary: Authorization denied resulting in ServletException

Initial Comment:
A denial of authorization is resulting in a ServletException and thus an 
Internal Server Error JSP. The expected behavior should be an 
AuthorizeException and an authorization error JSP.

This is occurring when an anonymous web browser attempts to view an item with 
very limited READ privileges.

I have looked through the code and see no way that this could result in a 
ServletException and Internal Server Error (and thus an email to the admin) 
instead of just an authorization error (as caught by JSPManager). Any tips 
would be appreciated....

javax.servlet.ServletException: Authorization denied for action READ on 
BITSTREAM:1532 by user 0
        at 
org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:843)
        at 
org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:776)
        at 
org.apache.jsp.display_002ditem_jsp._jspService(display_002ditem_jsp.java:436)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at 
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
        at 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at 
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
        at 
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463)
        at 
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398)
        at 
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
        at org.dspace.app.webui.util.JSPManager.showJSP(JSPManager.java:91)
        at 
org.dspace.app.webui.servlet.HandleServlet.displayItem(HandleServlet.java:314)
        at 
org.dspace.app.webui.servlet.HandleServlet.doDSGet(HandleServlet.java:167)
        at 
org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet.java:151)
        at 
org.dspace.app.webui.servlet.DSpaceServlet.doGet(DSpaceServlet.java:99)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
        at 
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
        at 
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)


----------------------------------------------------------------------

Comment By: Andrea Bollini (bollini)
Date: 2007-08-21 03:46

Message:
Logged In: YES 
user_id=1293299
Originator: NO

Is the bitstream of a special type (i.e. licence, cc-licence, thumbnail)?

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=119984&aid=1756384&group_id=19984

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel

Reply via email to