5 Replies Latest reply on Nov 25, 2009 1:45 PM by javaspack

Dashboard: permission denied for role created using Synchron

jaded Aug 7, 2008 2:47 AM

Hi,
Am using a custom login module to authenticate users. The users and roles are then being synchronized to the jboss portal using the SynchronizingLoginModule.

This is working fine as i am able to view the roles and the users created using the "Admin" portlet.

However for all users / roles created by this mechanism, the user is not able to view his "Dashboard".
On clicking the "Dashboard" link i get the following error on the error page:

Access to the specified resource () has been forbidden.

And the JBoss Portal console shows the following stack trace:

12:05:02,530 ERROR [DefaultPortalControlPolicy] Rendering portlet window produced an error
org.jboss.portal.core.controller.AccessDeniedException: View permission not granted has denied access: dashboard:/portalsu
 at org.jboss.portal.core.model.portal.command.PortalObjectCommand.enforceSecurity(PortalObjectCommand.java:90)
 at org.jboss.portal.core.aspects.controller.PolicyEnforcementInterceptor.invoke(PolicyEnforcementInterceptor.java:66)
 at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.core.aspects.controller.node.PortalNodeInterceptor.invoke(PortalNodeInterceptor.java:81)
 at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.core.aspects.controller.ControlInterceptor.invoke(ControlInterceptor.java:56)
 at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.core.aspects.controller.NavigationalStateInterceptor.invoke(NavigationalStateInterceptor.java:42)
 at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.core.controller.ajax.AjaxInterceptor.invoke(AjaxInterceptor.java:56)
 at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.core.aspects.controller.ResourceAcquisitionInterceptor.invoke(ResourceAcquisitionInterceptor.java:50)
 at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
 at org.jboss.portal.core.controller.ControllerContext.execute(ControllerContext.java:134)
 at org.jboss.portal.core.controller.Controller.processCommand(Controller.java:235)
 at org.jboss.portal.core.controller.Controller.handle(Controller.java:217)
 at org.jboss.portal.server.RequestControllerDispatcher.invoke(RequestControllerDispatcher.java:51)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:131)
 at org.jboss.portal.core.cms.aspect.IdentityBindingInterceptor.invoke(IdentityBindingInterceptor.java:47)
 at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.server.aspects.server.ContentTypeInterceptor.invoke(ContentTypeInterceptor.java:68)
 at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.core.aspects.server.PortalContextPathInterceptor.invoke(PortalContextPathInterceptor.java:45)
 at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.core.aspects.server.LocaleInterceptor.invoke(LocaleInterceptor.java:96)
 at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:246)
 at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.server.aspects.server.SignOutInterceptor.invoke(SignOutInterceptor.java:98)
 at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.core.impl.api.user.UserEventBridgeTriggerInterceptor.invoke(UserEventBridgeTriggerInterceptor.java:65)
 at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.core.aspects.server.IdentityCacheInterceptor.invoke(IdentityCacheInterceptor.java:68)
 at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.core.aspects.server.TransactionInterceptor.org$jboss$portal$core$aspects$server$TransactionInterceptor$invoke$aop(TransactionInterceptor.java:49)
 at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
 at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
 at org.jboss.aspects.tx.TxInterceptor$RequiresNew.invoke(TxInterceptor.java:253)
 at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
 at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
 at org.jboss.aspects.tx.TxInterceptor$RequiresNew.invoke(TxInterceptor.java:262)
 at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
 at org.jboss.portal.core.aspects.server.TransactionInterceptor.invoke(TransactionInterceptor.java)
 at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.server.aspects.LockInterceptor$InternalLock.invoke(LockInterceptor.java:69)
 at org.jboss.portal.server.aspects.LockInterceptor.invoke(LockInterceptor.java:130)
 at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
 at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
 at org.jboss.portal.server.servlet.PortalServlet.service(PortalServlet.java:250)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
 at java.lang.Thread.run(Thread.java:613)

Q1) Is this a permission that i need to explicitly enable for all users / role. If so how do i do this, as i can find no reference in the UserGuide or the Reference Guide to this permission.
Q2) If not, is this a bug with my Custom Login Module or the SynchronizingLoginModule.

I am using JBoss portal version : 2.6.6 GA bundled
regards,

1. Re: Dashboard: permission denied for role created using Sync

sportsbaby1980 Oct 7, 2008 1:39 AM (in response to jaded)

I encounter the same problem.

I think it's a bug.

I should keep debug until it is resolved.
Actions
2. Re: Dashboard: permission denied for role created using Sync

sportsbaby1980 Oct 7, 2008 1:42 AM (in response to jaded)

I use jboss portal 2.66ga, jboss4.23-jdk6 and mysql5.
Actions
3. Re: Dashboard: permission denied for role created using Sync

sportsbaby1980 Oct 7, 2008 1:46 AM (in response to jaded)

I use cas as SSO solution.
if logined as admin,and use admin portal,
when turn back to the other portal from admin portal,
the fatal error will happen.
Actions
4. Re: Dashboard: permission denied for role created using Sync

javaspack Oct 15, 2009 3:05 PM (in response to jaded)

Was this ever resolved?

I have the same problem on jboss portal 2.7.2 bundled with JBoss 4.2.3.

I also use a custom login module because I do SSO.

But it doesn't matter who I am logged in as (even an Admin user), I still can't access the dashboard.
Actions
5. Re: Dashboard: permission denied for role created using Sync

javaspack Nov 25, 2009 1:45 PM (in response to jaded)

After looking around in the JIRA issues, I found this:
https://jira.jboss.org/jira/browse/JBPORTAL-2261
which is very similar to the problem I am experiencing. I use my own login module, and then the SynchronizingLoginModule (not LDAP)

<login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional">
<module-option name="synchronizeIdentity">false</module-option>
<module-option name="synchronizeRoles">false</module-option>
<module-option name="preserveRoles">true</module-option>
<module-option name="additionalRole">Authenticated</module-option>
<module-option name="defaultAssignedRole">User</module-option>
<module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
<module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
<module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
<module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
</login-module>

When I try it, the client give this error:
HTTP Status 403 - Access to the specified resource () has been forbidden.

On the JBoss side, my stack track shows:
2009-11-25 11:31:16,188 DEBUG [org.jboss.portal.core.model.portal.control.portal.DefaultPortalControlPolicy] Rendering portlet window produced an error
org.jboss.portal.core.controller.AccessDeniedException: View permission not granted has denied access: dashboard:/ssoUser
at org.jboss.portal.core.model.portal.command.PortalObjectCommand.enforceSecurity(PortalObjectCommand.java:91)
at org.jboss.portal.core.aspects.controller.PolicyEnforcementInterceptor.invoke(PolicyEnforcementInterceptor.java:66)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.controller.node.PortalNodeInterceptor.invoke(PortalNodeInterceptor.java:81)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.controller.BackwardCompatibilityInterceptor.invoke(BackwardCompatibilityInterceptor.java:48)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.controller.ControlInterceptor.invoke(ControlInterceptor.java:56)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.controller.NavigationalStateInterceptor.invoke(NavigationalStateInterceptor.java:42)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.controller.ajax.AjaxInterceptor.invoke(AjaxInterceptor.java:55)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.controller.ResourceAcquisitionInterceptor.invoke(ResourceAcquisitionInterceptor.java:50)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
at org.jboss.portal.core.controller.ControllerContext.execute(ControllerContext.java:134)
at org.jboss.portal.core.controller.Controller.processCommand(Controller.java:279)
at org.jboss.portal.core.controller.Controller.handle(Controller.java:261)
at org.jboss.portal.server.RequestControllerDispatcher.invoke(RequestControllerDispatcher.java:51)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:131)
at org.jboss.portal.core.cms.aspect.IdentityBindingInterceptor.invoke(IdentityBindingInterceptor.java:47)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.server.aspects.server.ContentTypeInterceptor.invoke(ContentTypeInterceptor.java:68)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.server.PortalContextPathInterceptor.invoke(PortalContextPathInterceptor.java:45)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.server.LocaleInterceptor.invoke(LocaleInterceptor.java:96)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:196)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.server.aspects.server.SignOutInterceptor.invoke(SignOutInterceptor.java:98)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.impl.api.user.UserEventBridgeTriggerInterceptor.invoke(UserEventBridgeTriggerInterceptor.java:65)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.server.IdentityCacheInterceptor.invoke(IdentityCacheInterceptor.java:68)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.server.TransactionInterceptor.org$jboss$portal$core$aspects$server$TransactionInterceptor$invoke$aop(TransactionInterceptor.java:49)
at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$RequiresNew.invoke(TxInterceptor.java:253)
at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$RequiresNew.invoke(TxInterceptor.java:262)
at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
at org.jboss.portal.core.aspects.server.TransactionInterceptor.invoke(TransactionInterceptor.java)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.server.aspects.LockInterceptor$InternalLock.invoke(LockInterceptor.java:69)
at org.jboss.portal.server.aspects.LockInterceptor.invoke(LockInterceptor.java:130)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
at org.jboss.portal.server.servlet.PortalServlet.service(PortalServlet.java:252)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:595)

Is there something I'm missing. Doesn't the Synchronize login module add the 'User' role which gives rights. I have verified that User is part of my Roles, but I still don't have permission.
Actions

Go to original post