[jboss-jira] [JBoss JIRA] Resolved: (JBPORTAL-1378) Access denied while viewing document in CMSAdmin Portlet
Sohil Shah (JIRA)
jira-events at lists.jboss.org
Wed May 9 19:19:02 EDT 2007
[ http://jira.jboss.com/jira/browse/JBPORTAL-1378?page=all ]
Sohil Shah resolved JBPORTAL-1378.
----------------------------------
Fix Version/s: 2.6 Final
Resolution: Done
> Access denied while viewing document in CMSAdmin Portlet
> --------------------------------------------------------
>
> Key: JBPORTAL-1378
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-1378
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal CMS
> Affects Versions: 2.6.CR1
> Environment: Fedora Linux, JBoss 4.0.5.GA, JBoss Portal 2.6.CR1
> Reporter: Chunyun Zhao
> Assigned To: Sohil Shah
> Fix For: 2.6 Final
>
>
> Viewing the document that doesn't have Anonymous READ permission assigned in CMSAdmin Portlet causes "Access to this resource is denied". I've checked that the authenticated portal user has the read/write access to the document.
> Here is the stack trace:
> org.jboss.portal.cms.CMSException: Access to this resource is denied
> at org.jboss.portal.cms.impl.interceptors.ACLInterceptor.invoke(ACLInterceptor.java:257)
> at org.jboss.portal.cms.CMSInterceptor.invoke(CMSInterceptor.java:36)
> at org.jboss.portal.common.invocation.Invocation.invokeNext(Invocation.java:115)
> at org.jboss.portal.common.invocation.Invocation.invoke(Invocation.java:157)
> at org.jboss.portal.cms.impl.jcr.JCRCMS.execute(JCRCMS.java:593)
> at sun.reflect.GeneratedMethodAccessor1778.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
> at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
> at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
> at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
> at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
> at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
> at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
> at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
> at org.jboss.mx.util.JMXInvocationHandler.invoke(JMXInvocationHandler.java:287)
> at $Proxy636.execute(Unknown Source)
> at org.jboss.portal.core.cms.servlet.CMSPreviewServlet.doGet(CMSPreviewServlet.java:60)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
> at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
> My obveration is that the portal security context is not propogated to portal-cms web application within which CMSPreviewServlet is deployed, and CMSPreviewServlet is trying to get the file from CMS anonymously.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list