Service level security settings appear enabled for users who don't have
security permission and accessing this returns a grey page.
-----------------------------------------------------------------------------------------------------------------------------------
Key: MASHUP-1179
URL: https://wso2.org/jira/browse/MASHUP-1179
Project: WSO2 Mashup Server
Issue Type: Bug
Components: Admin UI
Environment: WinXP, JDK1.6, FF3, pre-alpha release
Reporter: Yumani Ranaweera
Assignee: Keith Godwin Chapman
Fix For: 2.0
Steps to reproduce
--------------------------
1. Create a role, which doesn't have 'Manage Security' permission.
2. Create a user and assign the role to the user.
3. Login fro this user account
4. Access a .js service and try to access security settings from the service
dashboard.
Issue:
----------
It returns a grey page when accessing the service dashboard. The error at the
back-end is as below;
[2009-04-07 11:49:18,921] ERROR - Cannot get service stats for service
inputOutputTypesPositiveTCs. Backend server may be unavailable.
{org.wso2.carbon.statistics.ui.StatisticsAdminClient}
org.apache.axis2.AxisFault: Access Denied. You are not authorized.
at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:517)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at
org.wso2.carbon.statistics.ui.StatisticsAdminStub.getServiceStatistics(StatisticsAdminStub.java:3582)
at
org.wso2.carbon.statistics.ui.StatisticsAdminClient.getServiceStatistics(StatisticsAdminClient.java:68)
at
org.apache.jsp.statistics.service_005fstats_005fajaxprocessor_jsp._jspService(service_005fstats_005fajaxprocessor_jsp.java:91)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:115)
at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:35)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:36)
at
org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:619)
[2009-04-07 11:49:25,187] ERROR - Access Denied. Failed authorization attempt
to access service 'SecurityAdminService' operation 'getCurrentScenario' by
'tester1' {java.lang.Class}
[2009-04-07 11:49:25,203] ERROR - Access Denied. You are not authorized.
{org.apache.axis2.engine.AxisEngine}
org.apache.axis2.AxisFault: Access Denied. You are not authorized.
at
org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.invoke(AuthorizationHandler.java:69)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:619)
[2009-04-07 11:49:25,203] ERROR - org.apache.axis2.AxisFault: Access Denied.
You are not authorized. {org.wso2.carbon.security.ui.client.SecurityAdminClient}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Mashup-dev mailing list
[email protected]
https://wso2.org/cgi-bin/mailman/listinfo/mashup-dev
