Ticket #892 (closed Defect: fixed)

Opened 5 years ago

Last modified 5 years ago

Login failure

Reported by: JuergeN Owned by: jri
Priority: Major Milestone: Release 4.8
Component: DeepaMehta Standard Distribution Version: 4.7
Keywords: Cc:
Complexity: 3 Area:
Module:

Description

It seems that with 'dm4.security.read_requires_login=true' the is an ACL error in 4.7. The system cannon open the login dialogue:

Nov 20, 2015 5:12:27 PM de.deepamehta.core.util.UniversalExceptionMapper logException
SCHWERWIEGEND: Request "GET /de.deepamehta.webclient" failed. Responding with 401 (Unauthorized). The original exception/error is:
javax.ws.rs.WebApplicationException
	at de.deepamehta.plugins.accesscontrol.AccessControlPlugin.throw401Unauthorized(AccessControlPlugin.java:694)
	at de.deepamehta.plugins.accesscontrol.AccessControlPlugin.checkAuthorization(AccessControlPlugin.java:623)
	at de.deepamehta.plugins.accesscontrol.AccessControlPlugin.requestFilter(AccessControlPlugin.java:591)
	at de.deepamehta.plugins.accesscontrol.AccessControlPlugin.resourceRequestFilter(AccessControlPlugin.java:519)
	at de.deepamehta.core.impl.CoreEvent$21.deliver(CoreEvent.java:242)
	at de.deepamehta.core.impl.EventManager.deliverEvent(EventManager.java:97)
	at de.deepamehta.core.impl.EventManager.fireEvent(EventManager.java:63)
	at de.deepamehta.core.impl.EmbeddedService.fireEvent(EmbeddedService.java:531)
	at de.deepamehta.core.impl.WebPublishingService.resourceRequestFilter(WebPublishingService.java:275)
	at de.deepamehta.core.impl.WebPublishingService.access$200(WebPublishingService.java:34)
	at de.deepamehta.core.impl.WebPublishingService$BundleHTTPContext.handleSecurity(WebPublishingService.java:324)
	at org.apache.felix.http.base.internal.context.ServletContextImpl.handleSecurity(ServletContextImpl.java:335)
	at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:337)
	at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:300)
	at org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:93)
	at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:50)
	at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
	at org.apache.felix.http.base.internal.dispatch.FilterPipeline.dispatch(FilterPipeline.java:76)
	at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:49)
	at org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:67)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
	at org.eclipse.jetty.server.Server.handle(Server.java:370)
	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)
	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
	at java.lang.Thread.run(Thread.java:745)

Change History

comment:1 Changed 5 years ago by jri

  • Status changed from new to accepted

comment:2 Changed 5 years ago by Jörg Richter <jri@…>

In 16685b03b230b03be462976f0c0a5bff66b086cb/deepamehta:

Core fix: read_requires_login=true works (#892).

If dm4.security.read_requires_login is set to true and the webclient is launched the browser's own login dialog appears.

This was broken in DM 4.7
Thank you, JuergeN, for reporting!

UniversalExceptionMapper?: for a failed static resource request the response headers and entity are properly set.

See #892.
See #484.

comment:3 Changed 5 years ago by jri

  • Status changed from accepted to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.