[JBoss Portal Users] - Re: Dashboard: permission denied for role created using Sync
by javaspack
After looking around in the JIRA issues, I found this:
https://jira.jboss.org/jira/browse/JBPORTAL-2261
which is very similar to the problem I am experiencing. I use my own login module, and then the SynchronizingLoginModule (not LDAP)
<login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional">
<module-option name="synchronizeIdentity">false</module-option>
<module-option name="synchronizeRoles">false</module-option>
<module-option name="preserveRoles">true</module-option>
<module-option name="additionalRole">Authenticated</module-option>
<module-option name="defaultAssignedRole">User</module-option>
<module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
<module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
<module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
<module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
</login-module>
When I try it, the client give this error:
HTTP Status 403 - Access to the specified resource () has been forbidden.
On the JBoss side, my stack track shows:
2009-11-25 11:31:16,188 DEBUG [org.jboss.portal.core.model.portal.control.portal.DefaultPortalControlPolicy] Rendering portlet window produced an error
org.jboss.portal.core.controller.AccessDeniedException: View permission not granted has denied access: dashboard:/ssoUser
at org.jboss.portal.core.model.portal.command.PortalObjectCommand.enforceSecurity(PortalObjectCommand.java:91)
at org.jboss.portal.core.aspects.controller.PolicyEnforcementInterceptor.invoke(PolicyEnforcementInterceptor.java:66)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.controller.node.PortalNodeInterceptor.invoke(PortalNodeInterceptor.java:81)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.controller.BackwardCompatibilityInterceptor.invoke(BackwardCompatibilityInterceptor.java:48)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.controller.ControlInterceptor.invoke(ControlInterceptor.java:56)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.controller.NavigationalStateInterceptor.invoke(NavigationalStateInterceptor.java:42)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.controller.ajax.AjaxInterceptor.invoke(AjaxInterceptor.java:55)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.controller.ResourceAcquisitionInterceptor.invoke(ResourceAcquisitionInterceptor.java:50)
at org.jboss.portal.core.controller.ControllerInterceptor.invoke(ControllerInterceptor.java:40)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
at org.jboss.portal.core.controller.ControllerContext.execute(ControllerContext.java:134)
at org.jboss.portal.core.controller.Controller.processCommand(Controller.java:279)
at org.jboss.portal.core.controller.Controller.handle(Controller.java:261)
at org.jboss.portal.server.RequestControllerDispatcher.invoke(RequestControllerDispatcher.java:51)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:131)
at org.jboss.portal.core.cms.aspect.IdentityBindingInterceptor.invoke(IdentityBindingInterceptor.java:47)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.server.aspects.server.ContentTypeInterceptor.invoke(ContentTypeInterceptor.java:68)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.server.PortalContextPathInterceptor.invoke(PortalContextPathInterceptor.java:45)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.server.LocaleInterceptor.invoke(LocaleInterceptor.java:96)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:196)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.server.aspects.server.SignOutInterceptor.invoke(SignOutInterceptor.java:98)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.impl.api.user.UserEventBridgeTriggerInterceptor.invoke(UserEventBridgeTriggerInterceptor.java:65)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.server.IdentityCacheInterceptor.invoke(IdentityCacheInterceptor.java:68)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.core.aspects.server.TransactionInterceptor.org$jboss$portal$core$aspects$server$TransactionInterceptor$invoke$aop(TransactionInterceptor.java:49)
at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$RequiresNew.invoke(TxInterceptor.java:253)
at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$RequiresNew.invoke(TxInterceptor.java:262)
at org.jboss.portal.core.aspects.server.TransactionInterceptor$invoke_N5143606530999904530.invokeNext(TransactionInterceptor$invoke_N5143606530999904530.java)
at org.jboss.portal.core.aspects.server.TransactionInterceptor.invoke(TransactionInterceptor.java)
at org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.server.aspects.LockInterceptor$InternalLock.invoke(LockInterceptor.java:69)
at org.jboss.portal.server.aspects.LockInterceptor.invoke(LockInterceptor.java:130)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
at org.jboss.portal.server.servlet.PortalServlet.service(PortalServlet.java:252)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:524)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:595)
Is there something I'm missing. Doesn't the Synchronize login module add the 'User' role which gives rights. I have verified that User is part of my Roles, but I still don't have permission.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4267565#4267565
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4267565
14 years, 7 months
[JBoss Cache Users] - Re: Can't acquire lock in 0 ms
by bstansberry@jboss.com
The 0 ms is coming from MVCCLockInterceptor:
| @Override
| public Object handleInvalidateCommand(InvocationContext ctx, InvalidateCommand command) throws Throwable
| {
| // this should be handled the same as a recursive evict command.
| ctx.getOptionOverrides().setLockAcquisitionTimeout(0);
| if (!command.getFqn().isRoot()) helper.wrapNodesRecursivelyForRemoval(ctx, command.getFqn());
| return invokeNextInterceptor(ctx, command);
| }
I personally don't understand the reasoning behind that; the semantics of an invalidation are not the same as an evict, since an invalidation is concerned with data correctness while an evict is concerned with the lesser issue of managing memory.
Perhaps some of the folks who wrote this piece can comment?
This exception is thrown when a lock is attempted on a remote node. One thing I can think of is that with INVALIDATION_SYNC there is no point waiting more than 0 ms to acquire the lock since whatever is holding the lock on this node is before releasing it also going to send an invalidation message. Which won't succeed because whatever sent this message will be holding a lock. So might as well fail promptly.
The above logic doesn't hold true with INVALIDATION_ASYNC though.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4267549#4267549
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4267549
14 years, 7 months