OK, with the debug logging you suggested enabled, I see the following:
DEBUG 2008-02-18 20:15:09,732 UISecurityInterceptor:intercept -
Entering UISecurityInterceptor
DEBUG 2008-02-18 20:15:09,734 UISecurityInterceptor:intercept - action
is UISecurityEnforced ... enforcing security rules
DEBUG 2008-02-18 20:15:22,118 UISecurityInterceptor:intercept -
Entering UISecurityInterceptor
DEBUG 2008-02-18 20:15:22,258 UISecurityInterceptor:intercept -
Entering UISecurityInterceptor
DEBUG 2008-02-18 20:15:22,259 UISecurityInterceptor:intercept - action
is UISecurityEnforced ... enforcing security rules
DEBUG 2008-02-18 20:15:22,266 UISecurityInterceptor:intercept -
DENIED: user does not have role = editor
That's logging in with user ericw. If I don't have the editor role,
then why does the main page have links for New Entry, Settings, etc?
Logging in with with my admin user, I get the same debug messages. Now
let's look at the database.
mysql> select rolleruser.username, rolename from rolleruser,userrole
where rolleruser.id=userrole.userid;
+-----------+----------+
| username | rolename |
+-----------+----------+
| adminUser | admin |
| ericw | admin |
| ericw2 | editor |
| ericw3 | editor |
+-----------+----------+
4 rows in set (0.00 sec)
So clearly, neither my admin user nor my main user have the editor
role. I checked the database I was using for 3.1 on my old system, and
it returns the same results for the same query. So the lack of the
editor role causing problems for admin users appears to be a new
behavior in 4.0.
I took a swing at fixing this by executing the following insert
statements:
mysql> insert into userrole (id, rolename, username, userid) values
('Manual','editor','ericw','024172062206108769688734800021');
Query OK, 1 row affected (0.00 sec)
mysql> insert into userrole (id, rolename, username, userid) values
('Manual2','editor','adminUser','024172062206108769634171900001');
Query OK, 1 row affected (0.00 sec)
Where the userid field for these users matches the corresponding id
field in rolleruser.
This seems to have solved the problem. Not sure how I got into this
state. Thanks for the right debug statement syntax; that got right to
the root of the problem.
-Eric
On Feb 18, 2008, at 6:40 PM, Dave wrote:
On Feb 17, 2008 5:55 PM, Eric Wittle <[EMAIL PROTECTED]> wrote:
I was running 3.1 with Mysql 4.1 on an older server. I bought a new
better server, and decided to migrate Roller and upgrade it.
I successfully migrated roller (was able to run 3.1 just fine), but
after the 4.0 upgrade, I'm having problems.
The upgrade is partially successful; I can access my blog as an
anonymous user. However, when I log in, I get:
Permission Denied
Possible causes:
You requested a weblog entry that you do not have permission to edit
(perhaps one you've already submitted for review?).
You tried to save an object from "stale" web page, left by an earlier
login under a different user account.
You logged in using incorrect capitalization of your username. To
resolve this problem, logout and login again with your correct
username.
Your blog server's database connection is misconfigured. To resolve
this problem, see your system administrator.
The URL which is generating this page is:
http://wittle.net:8080/roller/roller-ui/menu.rol
, which as far as I know is the general UI for administering my blog.
I get the same permission denied results when I log in as the admin
user, but the URL is different. My regular blog URL
(http://wittle.net:8080/roller/ericw/
) works regardless of whether I'm logged in or not, or which account
I'm logged in with.
I cannot see anything interesting in the log file. (The last line in
the roller.log file is recording that it is initializing the Velocity
Rendering Engine, and this message is > 10 minutes old).
I doubt that this problem is any of the first three possibilities
listed above, and I can't find any details on the fourth item. It
seems unlikely the connection itself is misconfigured; if so how
would
Roller be able to display the main view?
I'm looking for help on how to triage this further. My database has
been upgraded from the 1.X series of Roller, and I've had problems in
the past where old content in the DB has caused problems with newer
releases. I'm also running mysql 5.X on the new system, and was
running 4.1 on the old system.
Any help taking the next step in triage would be appreciated.
Hi Eric,
That is baffling. Please try turning on some debugging and report
back.
Add this to your roller-custom.properties:
log4j
.category
.org
.apache.roller.weblogger.ui.struts2.util.UISecurityInterceptor=DEBUG
That should tell you the reason why you are getting "Permission
Denied" (I hope).
- Dave
