[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-1378) Access denied while viewing document in CMSAdmin Portlet
Chunyun Zhao (JIRA)
jira-events at lists.jboss.org
Wed May 2 22:49:30 EDT 2007
Access denied while viewing document in CMSAdmin Portlet
--------------------------------------------------------
Key: JBPORTAL-1378
URL: http://jira.jboss.com/jira/browse/JBPORTAL-1378
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal CMS
Affects Versions: 2.6.CR1
Environment: Fedora Linux, JBoss 4.0.5.GA, JBoss Portal 2.6.CR1
Reporter: Chunyun Zhao
Assigned To: Sohil Shah
Viewing the document that doesn't have Anonymous READ permission assigned in CMSAdmin Portlet causes "Access to this resource is denied". I've checked that the authenticated portal user has the read/write access to the document.
Here is the stack trace:
org.jboss.portal.cms.CMSException: Access to this resource is denied
at org.jboss.portal.cms.impl.interceptors.ACLInterceptor.invoke(ACLInterceptor.java:257)
at org.jboss.portal.cms.CMSInterceptor.invoke(CMSInterceptor.java:36)
at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
at org.jboss.portal.cms.impl.jcr.JCRCMS.execute(JCRCMS.java:593)
at sun.reflect.GeneratedMethodAccessor1778.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.mx.util.JMXInvocationHandler.invoke(JMXInvocationHandler.java:287)
at $Proxy636.execute(Unknown Source)
at org.jboss.portal.core.cms.servlet.CMSPreviewServlet.doGet(CMSPreviewServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
My obveration is that the portal security context is not propogated to portal-cms web application within which CMSPreviewServlet is deployed, and CMSPreviewServlet is trying to get the file from CMS anonymously.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list