Hi,
I detected an issue related to secureHash url and indirectly with the
allowSameURLMultipleTimes when it's setted as true.
I'm using a 3.1.2 Snapshot version I donwloaded the 5/5 from the svn branch and
disconnected from the apache svn, so I have no further updates
SecureHash url is created with an administrator user (swCetir in the case) for
an external user (moderator)
ExternalUserDTO Json in construction
properties.addProperty("login", 1111L);
properties.addProperty("firstname", "moderator");
properties.addProperty("lastname", "grabable");
properties.addProperty("propilePictureUrl", StringUtils.EMPTY);
properties.addProperty("email", "[email protected]<mailto:[email protected]>");
properties.addProperty("externalId", 1111L);
properties.addProperty("externalType", "tipo_cetir");
RoomOptionsDTO Json in construction
properties.addProperty("roomId", 11L);
properties.addProperty("moderator", Boolean.TRUE);
properties.addProperty("showAudioVideoTest", Boolean.FALSE);
properties.addProperty("allowSameURLMultipleTimes", Boolean.TRUE);
properties.addProperty("recordingId", 11L);
properties.addProperty("showNickNameDialog", Boolean.FALSE);
properties.addProperty("allowRecording", Boolean.TRUE);
Resulting in an url like
"http://localhost:5080/openmeetings/?secureHash=dbc154dc-7bb4-4d2d-9993-d3f4e54fbe3f";
Now, the 1st time the url is called, the traces I added show the user used to
check permission is administrator user (swCetir)
DEBUG 05-26 10:33:10.095 MainService.java 311480 361
org.apache.openmeetings.core.remote.MainService [RTMPConnectionExecutor-1] -
users_id: 2
DEBUG 05-26 10:33:10.131 AuthLevelUtil.java 311516 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] -
rights: Dashboard
DEBUG 05-26 10:33:10.146 AuthLevelUtil.java 311531 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] -
rights: Soap
DEBUG 05-26 10:33:10.153 AuthLevelUtil.java 311538 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] -
rights: Login
DEBUG 05-26 10:33:10.157 AuthLevelUtil.java 311542 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] -
rights: Room
DEBUG 05-26 10:33:10.182 AuthLevelUtil.java 311567 36
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-1] -
Level Soap :: [GRANTED]
2nd and next tries, it uses external user (moderator)
DEBUG 05-26 10:33:29.290 MainService.java 330675 361
org.apache.openmeetings.core.remote.MainService [RTMPConnectionExecutor-2] -
users_id: 3
DEBUG 05-26 10:33:29.315 AuthLevelUtil.java 330700 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] -
rights: Dashboard
DEBUG 05-26 10:33:29.319 AuthLevelUtil.java 330704 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] -
rights: Login
DEBUG 05-26 10:33:29.331 AuthLevelUtil.java 330716 65
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] -
rights: Room
DEBUG 05-26 10:33:29.342 AuthLevelUtil.java 330727 36
org.apache.openmeetings.db.util.AuthLevelUtil [RTMPConnectionExecutor-2] -
Level Soap :: [DENIED]
Resulting in a popup error: "Unknown error. Please report this to the
administrator. [334]"
If allowSameURLMultipleTimes is setted as false, error shown is: "This session
hash has already been used [787]", but it still checks the rights of the
administrator user
Best regards.
Pablo Vidal Figueiras
[email protected]<mailto:[email protected]>
981926047
................................................................................
BALIDEA
Consulting & Programming
Avda. Finisterre, 281, 1º / 15008 A Coruña
Tel.: 981 93 78 76 / Fax: 981 93 78 21 /
[email protected]<mailto:[email protected]> /
www.balidea.com<http://www.balidea.com/>
________________________________
Antes de imprimir este mensaje, asegúrese de que es necesario hacerlo.
Aviso Legal: La información contenida en este mensaje y sus posibles documentos
adjuntos es privada y confidencial y está dirigida únicamente a su
destinatario/a. Si usted no es el/la destinatario/a original de este mensaje,
por favor elimínelo. Cualquier uso de este mensaje o sus adjuntos sin
autorización está prohibida por ley.
_____
Before printing this message, make sure it is really necessary.
Legal Notice: The information contained in this message and its possible
attachments are private and confidential and is intended solely for the
addressee shown. If you are not the intended recipient of this message, please
delete it. Any use of this message or its attachments without permission is
prohibited by law.
