5 Replies Latest reply on Nov 25, 2009 1:45 PM by Sean Whyte

    Dashboard: permission denied for role created using Synchron

    bhanu b Newbie

      Hi,
      Am using a custom login module to authenticate users. The users and roles are then being synchronized to the jboss portal using the SynchronizingLoginModule.

      This is working fine as i am able to view the roles and the users created using the "Admin" portlet.

      However for all users / roles created by this mechanism, the user is not able to view his "Dashboard".
      On clicking the "Dashboard" link i get the following error on the error page:

      Access to the specified resource () has been forbidden.

      And the JBoss Portal console shows the following stack trace:

      12:05:02,530 ERROR [DefaultPortalControlPolicy] Rendering portlet window produced an error
      org.jboss.portal.core.controller.AccessDeniedException: View permission not granted has denied access: dashboard:/portalsu
       at org.jboss.portal.core.model.portal.command.PortalObjectCommand.enforceSecurity(PortalObjectCommand.java:90)
       at org.jboss.portal.core.aspects.controller.PolicyEnforcementInterceptor.invoke(PolicyEnforcementInterceptor.java:66)
       at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.aspects.controller.node.PortalNodeInterceptor.invoke(PortalNodeInterceptor.java:81)
       at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.aspects.controller.ControlInterceptor.invoke(ControlInterceptor.java:56)
       at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.aspects.controller.NavigationalStateInterceptor.invoke(NavigationalStateInterceptor.java:42)
       at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.controller.ajax.AjaxInterceptor.invoke(AjaxInterceptor.java:56)
       at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.aspects.controller.ResourceAcquisitionInterceptor.invoke(ResourceAcquisitionInterceptor.java:50)
       at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
       at org.jboss.portal.core.controller.ControllerContext.execute(ControllerContext.java:134)
       at org.jboss.portal.core.controller.Controller.processCommand(Controller.java:235)
       at org.jboss.portal.core.controller.Controller.handle(Controller.java:217)
       at org.jboss.portal.server.RequestControllerDispatcher.invoke(RequestControllerDispatcher.java:51)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:131)
       at org.jboss.portal.core.cms.aspect.IdentityBindingInterceptor.invoke(IdentityBindingInterceptor.java:47)
       at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.server.aspects.server.ContentTypeInterceptor.invoke(ContentTypeInterceptor.java:68)
       at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.aspects.server.PortalContextPathInterceptor.invoke(PortalContextPathInterceptor.java:45)
       at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.aspects.server.LocaleInterceptor.invoke(LocaleInterceptor.java:96)
       at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:246)
       at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.server.aspects.server.SignOutInterceptor.invoke(SignOutInterceptor.java:98)
       at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.impl.api.user.UserEventBridgeTriggerInterceptor.invoke(UserEventBridgeTriggerInterceptor.java:65)
       at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.aspects.server.IdentityCacheInterceptor.invoke(IdentityCacheInterceptor.java:68)
       at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.core.aspects.server.TransactionInterceptor.org$jboss$portal$core$aspects$server$TransactionInterceptor$invoke$aop(TransactionInterceptor.java:49)
       at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
       at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
       at org.jboss.aspects.tx.TxInterceptor$RequiresNew.invoke(TxInterceptor.java:253)
       at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
       at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
       at org.jboss.aspects.tx.TxInterceptor$RequiresNew.invoke(TxInterceptor.java:262)
       at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
       at org.jboss.portal.core.aspects.server.TransactionInterceptor.invoke(TransactionInterceptor.java)
       at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.server.aspects.LockInterceptor$InternalLock.invoke(LockInterceptor.java:69)
       at org.jboss.portal.server.aspects.LockInterceptor.invoke(LockInterceptor.java:130)
       at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
       at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
       at org.jboss.portal.server.servlet.PortalServlet.service(PortalServlet.java:250)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
       at java.lang.Thread.run(Thread.java:613)
      
      


      Q1) Is this a permission that i need to explicitly enable for all users / role. If so how do i do this, as i can find no reference in the UserGuide or the Reference Guide to this permission.
      Q2) If not, is this a bug with my Custom Login Module or the SynchronizingLoginModule.

      I am using JBoss portal version : 2.6.6 GA bundled
      regards,

        • 1. Re: Dashboard: permission denied for role created using Sync
          Kobye Novice

          I encounter the same problem.

          I think it's a bug.

          I should keep debug until it is resolved.

          • 2. Re: Dashboard: permission denied for role created using Sync
            Kobye Novice

            I use jboss portal 2.66ga, jboss4.23-jdk6 and mysql5.

            • 3. Re: Dashboard: permission denied for role created using Sync
              Kobye Novice

              I use cas as SSO solution.
              if logined as admin,and use admin portal,
              when turn back to the other portal from admin portal,
              the fatal error will happen.

              • 4. Re: Dashboard: permission denied for role created using Sync
                Sean Whyte Newbie

                Was this ever resolved?

                I have the same problem on jboss portal 2.7.2 bundled with JBoss 4.2.3.

                I also use a custom login module because I do SSO.

                But it doesn't matter who I am logged in as (even an Admin user), I still can't access the dashboard.

                • 5. Re: Dashboard: permission denied for role created using Sync
                  Sean Whyte Newbie

                  After looking around in the JIRA issues, I found this:
                  https://jira.jboss.org/jira/browse/JBPORTAL-2261
                  which is very similar to the problem I am experiencing. I use my own login module, and then the SynchronizingLoginModule (not LDAP)


                  <login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional">
                  <module-option name="synchronizeIdentity">false</module-option>
                  <module-option name="synchronizeRoles">false</module-option>
                  <module-option name="preserveRoles">true</module-option>
                  <module-option name="additionalRole">Authenticated</module-option>
                  <module-option name="defaultAssignedRole">User</module-option>
                  <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
                  <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
                  <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
                  <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
                  </login-module>


                  When I try it, the client give this error:
                  HTTP Status 403 - Access to the specified resource () has been forbidden.

                  On the JBoss side, my stack track shows:
                  2009-11-25 11:31:16,188 DEBUG [org.jboss.portal.core.model.portal.control.portal.DefaultPortalControlPolicy] Rendering portlet window produced an error
                  org.jboss.portal.core.controller.AccessDeniedException: View permission not granted has denied access: dashboard:/ssoUser
                  at org.jboss.portal.core.model.portal.command.PortalObjectCommand.enforceSecurity(PortalObjectCommand.java:91)
                  at org.jboss.portal.core.aspects.controller.PolicyEnforcementInterceptor.invoke(PolicyEnforcementInterceptor.java:66)
                  at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.aspects.controller.node.PortalNodeInterceptor.invoke(PortalNodeInterceptor.java:81)
                  at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.aspects.controller.BackwardCompatibilityInterceptor.invoke(BackwardCompatibilityInterceptor.java:48)
                  at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.aspects.controller.ControlInterceptor.invoke(ControlInterceptor.java:56)
                  at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.aspects.controller.NavigationalStateInterceptor.invoke(NavigationalStateInterceptor.java:42)
                  at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.controller.ajax.AjaxInterceptor.invoke(AjaxInterceptor.java:55)
                  at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.aspects.controller.ResourceAcquisitionInterceptor.invoke(ResourceAcquisitionInterceptor.java:50)
                  at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
                  at org.jboss.portal.core.controller.ControllerContext.execute(ControllerContext.java:134)
                  at org.jboss.portal.core.controller.Controller.processCommand(Controller.java:279)
                  at org.jboss.portal.core.controller.Controller.handle(Controller.java:261)
                  at org.jboss.portal.server.RequestControllerDispatcher.invoke(RequestControllerDispatcher.java:51)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:131)
                  at org.jboss.portal.core.cms.aspect.IdentityBindingInterceptor.invoke(IdentityBindingInterceptor.java:47)
                  at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.server.aspects.server.ContentTypeInterceptor.invoke(ContentTypeInterceptor.java:68)
                  at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.aspects.server.PortalContextPathInterceptor.invoke(PortalContextPathInterceptor.java:45)
                  at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.aspects.server.LocaleInterceptor.invoke(LocaleInterceptor.java:96)
                  at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:196)
                  at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.server.aspects.server.SignOutInterceptor.invoke(SignOutInterceptor.java:98)
                  at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.impl.api.user.UserEventBridgeTriggerInterceptor.invoke(UserEventBridgeTriggerInterceptor.java:65)
                  at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.aspects.server.IdentityCacheInterceptor.invoke(IdentityCacheInterceptor.java:68)
                  at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.core.aspects.server.TransactionInterceptor.org$jboss$portal$core$aspects$server$TransactionInterceptor$invoke$aop(TransactionInterceptor.java:49)
                  at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
                  at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
                  at org.jboss.aspects.tx.TxInterceptor$RequiresNew.invoke(TxInterceptor.java:253)
                  at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
                  at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
                  at org.jboss.aspects.tx.TxInterceptor$RequiresNew.invoke(TxInterceptor.java:262)
                  at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
                  at org.jboss.portal.core.aspects.server.TransactionInterceptor.invoke(TransactionInterceptor.java)
                  at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.server.aspects.LockInterceptor$InternalLock.invoke(LockInterceptor.java:69)
                  at org.jboss.portal.server.aspects.LockInterceptor.invoke(LockInterceptor.java:130)
                  at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
                  at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
                  at org.jboss.portal.server.servlet.PortalServlet.service(PortalServlet.java:252)
                  at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
                  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                  at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
                  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
                  at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
                  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
                  at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
                  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                  at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
                  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
                  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
                  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
                  at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
                  at java.lang.Thread.run(Thread.java:595)


                  Is there something I'm missing. Doesn't the Synchronize login module add the 'User' role which gives rights. I have verified that User is part of my Roles, but I still don't have permission.