Ticket #963 (closed Defect: fixed)
self-registration process is affected by change in dm4-config plugin / writing to Administration workspace
Reported by: | Malte | Owned by: | jri |
---|---|---|---|
Priority: | Major | Milestone: | Release 4.8.1 |
Component: | DeepaMehta Standard Distribution | Version: | 4.8 |
Keywords: | Cc: | jri, JuergeN | |
Complexity: | 3 | Area: | |
Module: |
Description
Is it the case that some config topics during account creation should be assigned to the "Administration" workspace? This should break user self registration as "Administration" is a confidential workspace and thus a self-registering users has no right to WRITE.
Apr 20, 2016 1:23:22 PM de.deepamehta.thymeleaf.provider.ThymeleafViewProcessor writeTo INFORMATION: Processing template "/views/sign-up.html" of plugin "DeepaMehta 4 Sign up" Apr 20, 2016 1:23:34 PM de.deepamehta.accesscontrol.AccessControlPlugin createUserAccount INFORMATION: Creating user account "tester" Apr 20, 2016 1:23:34 PM de.deepamehta.config.ConfigPlugin createConfigTopic INFORMATION: ### Creating config topic of type "dm4.files.disk_quota" for topic 5880 Apr 20, 2016 1:23:34 PM de.deepamehta.workspaces.WorkspacesPlugin workspaceAssignmentIsSuppressed INFORMATION: Standard workspace assignment for topic 5883 (typeUri="dm4.files.disk_quota", uri="") SUPPRESSED Apr 20, 2016 1:23:34 PM de.deepamehta.workspaces.WorkspacesPlugin workspaceAssignmentIsSuppressed INFORMATION: Standard workspace assignment for association 5886 (typeUri="dm4.config.configuration") SUPPRESSED Apr 20, 2016 1:23:34 PM de.deepamehta.core.util.UniversalExceptionMapper logException SCHWERWIEGEND: Request "GET /sign-up/handle/tester/-SHA256-56390e23069fa1252aa173b6aa9dd214fbe6e04b88fe2ab2c3ed19e20d84bc00/tester%40test.de" failed. Responding with 401 (Unauthorized). The original exception/error is: java.lang.RuntimeException: Creating simple user account FAILED! at org.deepamehta.plugins.signup.SignupPlugin.createSimpleUserAccount(SignupPlugin.java:420) at org.deepamehta.plugins.signup.SignupPlugin.handleSignupRequest(SignupPlugin.java:179) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.ResourceObjectRule.accept(ResourceObjectRule.java:100) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1480) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1411) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1360) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1350) at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:339) at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:300) at org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:93) at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:50) at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31) at org.apache.felix.http.base.internal.dispatch.FilterPipeline.dispatch(FilterPipeline.java:76) at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:49) at org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:67) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.RuntimeException: Creating user account "tester" failed at de.deepamehta.accesscontrol.AccessControlPlugin.createUserAccount(AccessControlPlugin.java:275) at org.deepamehta.plugins.signup.SignupPlugin.createSimpleUserAccount(SignupPlugin.java:379) ... 52 more Caused by: java.lang.RuntimeException: Creating topic 5879 failed (typeUri="dm4.accesscontrol.user_account") at de.deepamehta.core.impl.PersistenceLayer.createTopic(PersistenceLayer.java:156) at de.deepamehta.core.impl.PersistenceLayer.createTopic(PersistenceLayer.java:129) at de.deepamehta.core.impl.CoreServiceImpl.createTopic(CoreServiceImpl.java:118) at de.deepamehta.core.impl.CoreServiceImpl.createTopic(CoreServiceImpl.java:34) at de.deepamehta.accesscontrol.AccessControlPlugin$3.call(AccessControlPlugin.java:242) at de.deepamehta.accesscontrol.AccessControlPlugin$3.call(AccessControlPlugin.java:239) at de.deepamehta.core.impl.AccessControlImpl.runWithoutWorkspaceAssignment(AccessControlImpl.java:228) at de.deepamehta.accesscontrol.AccessControlPlugin.createUserAccount(AccessControlPlugin.java:239) ... 53 more Caused by: java.lang.RuntimeException: Storing the child topics of object 5879 failed ({dm4.accesscontrol.password=topic (id=-1, uri="null", typeUri="dm4.accesscontrol.password", value="-SHA256-56390e23069fa1252aa173b6aa9dd214fbe6e04b88fe2ab2c3ed19e20d84bc00", childTopics={}), relating association (id=-1, uri="null", typeUri="null", value="null", childTopics={}, null, null), dm4.accesscontrol.username=topic (id=5880, uri="", typeUri="dm4.accesscontrol.username", value="tester", childTopics={}), relating association (id=-1, uri="null", typeUri="null", value="null", childTopics={}, null, null)}) at de.deepamehta.core.impl.ValueStorage.storeChildTopics(ValueStorage.java:158) at de.deepamehta.core.impl.ValueStorage.storeValue(ValueStorage.java:101) at de.deepamehta.core.impl.PersistenceLayer.createTopic(PersistenceLayer.java:141) ... 60 more Caused by: java.lang.RuntimeException: Creating topic 5880 failed (typeUri="dm4.accesscontrol.username") at de.deepamehta.core.impl.PersistenceLayer.createTopic(PersistenceLayer.java:156) at de.deepamehta.core.impl.PersistenceLayer.createTopic(PersistenceLayer.java:129) at de.deepamehta.core.impl.ValueStorage.storeChildTopic(ValueStorage.java:168) at de.deepamehta.core.impl.ValueStorage.storeChildTopics(ValueStorage.java:144) ... 62 more Caused by: java.lang.RuntimeException: An error occurred in the PostCreateTopicListener of plugin "DeepaMehta 4 Config" at de.deepamehta.core.impl.EventManager.dispatchEvent(EventManager.java:96) at de.deepamehta.core.impl.EventManager.fireEvent(EventManager.java:59) at de.deepamehta.core.impl.PersistenceLayer.createTopic(PersistenceLayer.java:153) ... 65 more Caused by: java.lang.RuntimeException: Creating config topic of type "dm4.files.disk_quota" for topic 5880 failed at de.deepamehta.config.ConfigPlugin.createConfigTopic(ConfigPlugin.java:159) at de.deepamehta.config.ConfigPlugin.postCreateTopic(ConfigPlugin.java:128) at de.deepamehta.core.impl.CoreEvent$5.dispatch(CoreEvent.java:72) at de.deepamehta.core.impl.EventManager.dispatchEvent(EventManager.java:83) ... 67 more Caused by: java.lang.RuntimeException: Fetching topic failed (key="uri", value="dm4.workspaces.administration") at de.deepamehta.core.impl.PersistenceLayer.getTopicByValue(PersistenceLayer.java:90) at de.deepamehta.core.impl.PersistenceLayer.getTopicByUri(PersistenceLayer.java:81) at de.deepamehta.core.impl.AccessControlImpl.getWorkspace(AccessControlImpl.java:143) at de.deepamehta.core.impl.AccessControlImpl.getAdministrationWorkspaceId(AccessControlImpl.java:159) at de.deepamehta.config.ConfigPlugin.assignConfigTopicToWorkspace(ConfigPlugin.java:169) at de.deepamehta.config.ConfigPlugin.access$800(ConfigPlugin.java:29) at de.deepamehta.config.ConfigPlugin$1.call(ConfigPlugin.java:153) at de.deepamehta.config.ConfigPlugin$1.call(ConfigPlugin.java:146) at de.deepamehta.core.impl.AccessControlImpl.runWithoutWorkspaceAssignment(AccessControlImpl.java:228) at de.deepamehta.config.ConfigPlugin.createConfigTopic(ConfigPlugin.java:146) ... 70 more Caused by: de.deepamehta.core.service.accesscontrol.AccessControlException: user <anonymous> has no READ permission for object 3413 at de.deepamehta.accesscontrol.AccessControlPlugin.checkReadPermission(AccessControlPlugin.java:838) at de.deepamehta.accesscontrol.AccessControlPlugin.preGetTopic(AccessControlPlugin.java:463) at de.deepamehta.core.impl.CoreEvent$1.dispatch(CoreEvent.java:32) at de.deepamehta.core.impl.EventManager.dispatchEvent(EventManager.java:83) at de.deepamehta.core.impl.EventManager.fireEvent(EventManager.java:59) at de.deepamehta.core.impl.PersistenceLayer.checkReadAccess(PersistenceLayer.java:484) at de.deepamehta.core.impl.PersistenceLayer.checkReadAccessAndInstantiate(PersistenceLayer.java:457) at de.deepamehta.core.impl.PersistenceLayer.getTopicByValue(PersistenceLayer.java:87) ... 79 more
Maybe this permission error could be circumvented if the config module uses the privileged acCore.assignToWorkspace() method.
But also the request fails because the administration workspace cannot be fetched in first place. So, if the administration workspaces URI is know, no fetch should be involved and the privileged method would indeed provide us with a working solution:
acCore.assignToWorkspace(String workspaceUri);
Or what do you think?
Change History
comment:2 Changed 9 years ago by Malte
Then this issue might very well also apply for our planned adaption of the sign-up plugin:
- Store users mailboxes in the "Administration" workspace
Which i could not yet implement but which i would expect, by now, to trigger a similar exception since i cannot fetch the workspace in first place, right?
comment:5 follow-up: ↓ 6 Changed 9 years ago by Malte
BTW: I could get the sign-up plugin to work without your new call but after finding the privileged "acCore.getAdministrationWorkspaceId()" method. Are you sure about adding this "generic workspace" fetcher? OK, thanks, just wanted to let you know.
comment:6 in reply to: ↑ 5 Changed 9 years ago by jri
Replying to Malte:
BTW: I could get the sign-up plugin to work without your new call but after finding the privileged "acCore.getAdministrationWorkspaceId()" method. Are you sure about adding this "generic workspace" fetcher? OK, thanks, just wanted to let you know.
Yes, I'm sure acCore.getWorkspace() must be privileged. Even if you don't call it directly, it will be called indirectly when you create an user account. Namely when the Config service creates the new user's config topics which belong to the Administration workspace.
Note also that acCore.getAdministrationWorkspaceId() relies on acCore.getWorkspace().
See your stacktrace:
at de.deepamehta.core.impl.AccessControlImpl.getWorkspace(AccessControlImpl.java:143) at de.deepamehta.core.impl.AccessControlImpl.getAdministrationWorkspaceId(AccessControlImpl.java:159)
comment:7 Changed 8 years ago by Malte
- Status changed from accepted to closed
- Resolution set to fixed
Glad that we found out and adapted (see #976, #978), amazing i had completely forgotten about this issue in the matter of just four weeks...
Anyway, i could test it and the self-registration process is not affected anymore. Users mailboxes end up in the new "Administration" workspace automatically (and can thus edited by members of this workspace). The new sign-up plugin version compatible with 4.8.1. provides a migration which moves all existing mailboxes from the "System" to "Administration" workspace.
Two corrections:
Sorry for the confusion.