Menu
▾
▴
Re: [Exist-development] Bug in permissions or am I missing something?
|
From: Casey J. <cas...@jo...> - 2012-06-13 21:55:16
|
Thanks guys, I understand. On Wed, Jun 13, 2012 at 5:37 PM, Adam Retter <ad...@ex...> wrote: > This is not a bug. The answer is in the messages in the log, if not subtly > ;-) > > Basically the message you get is - > > "Permission denied to open collection: /db/organizations by > te...@ea..." > > The permissions on /db/organizations are 'rwxr-xr--' and the owner is > 'admin:dba', however the user 'te...@ea...' does not have > permission to open the collection. That is to say that you need to > grant execute 'x' access on the collection /db/organizations for that > account. > > > > On 13 June 2012 02:31, Casey Jordan <cas...@jo...> wrote: > > Hi all, > > > > Doing more stress testing on trunk and I started to get a lot of 401 > > unauthorized errors. I did some investigation and found something > strange. > > > > I have a collection /db/organizations owned by admin and group dba, but > with > > world readable permissions (rwxr-x-r--). > > > > When I login as my test user (not guest) via oXygen I get a permission > > denied error. Looking at the logs I see: > > > > 2012-06-12 21:23:16,109 [eXistThread-37] DEBUG (SecurityManagerImpl.java > > [authenticate]:395) - Authentication try for 'te...@ea...'. > > 2012-06-12 21:23:16,109 [eXistThread-37] DEBUG (SecurityManagerImpl.java > > [authenticate]:436) - Authenticated by 'exist' as '[auth] <account > > name="te...@ea..." id="11"><group name="__test-org" > > id="12"></group><group name="__test-org__contributor-dita-langref" > > id="17"></group><group name="__test-org-dita-langref" > > id="16"></group></user>'. > > 2012-06-12 21:23:16,109 [eXistThread-37] ERROR (ExistCollection.java > > [initMetadata]:117) - org.exist.security.PermissionDeniedException: > > Permission denied to open collection: /db/organizations by > > te...@ea... > > 2012-06-12 21:23:16,110 [eXistThread-37] DEBUG (MiltonResource.java > > [authenticate]:343) - User 'te...@ea...' has been authenticated. > > 2012-06-12 21:23:16,111 [eXistThread-37] INFO (MiltonResource.java > > [authorise]:350) - PROPFIND /db/organizations (write=false) > > 2012-06-12 21:23:16,112 [eXistThread-37] DEBUG (MiltonResource.java > > [authorise]:402) - User te...@ea... is NOT authorized to read > > resource, abort. > > > > > > However the admin client is reporting to me that I should have read > > permissions (See first screenshot) > > > > I also tried logging in to admin client as that user, and experienced the > > same thing: > > > > Failed to invoke method describeCollection in class > > org.exist.xmlrpc.RpcConnection: Permission denied to open collection: > > /db/organizations by te...@ea... > > > > org.xmldb.api.base.XMLDBException: Failed to invoke method > > describeCollection in class org.exist.xmlrpc.RpcConnection: Permission > > denied to open collection: /db/organizations by te...@ea... > > at > > > org.exist.xmldb.RemoteCollection.readCollection(RemoteCollection.java:461) > > at > > > org.exist.xmldb.RemoteCollection.listChildCollections(RemoteCollection.java:278) > > at > > > org.exist.client.InteractiveClient.getResources(InteractiveClient.java:371) > > at > > org.exist.client.InteractiveClient.process(InteractiveClient.java:556) > > at > org.exist.client.ClientFrame$ProcessThread.run(ClientFrame.java:1662) > > Caused by: org.apache.xmlrpc.XmlRpcException: Failed to invoke method > > describeCollection in class org.exist.xmlrpc.RpcConnection: Permission > > denied to open collection: /db/organizations by te...@ea... > > at > > > org.apache.xmlrpc.client.XmlRpcStreamTransport.readResponse(XmlRpcStreamTransport.java:197) > > at > > > org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:156) > > at > > > org.apache.xmlrpc.client.XmlRpcHttpTransport.sendRequest(XmlRpcHttpTransport.java:143) > > at > > > org.apache.xmlrpc.client.XmlRpcSunHttpTransport.sendRequest(XmlRpcSunHttpTransport.java:69) > > at > > > org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:56) > > at > org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:167) > > at > org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:158) > > at > org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:147) > > at > > > org.exist.xmldb.RemoteCollection.readCollection(RemoteCollection.java:459) > > ... 4 more > > Caused by: org.apache.xmlrpc.XmlRpcException: Failed to invoke method > > describeCollection in class org.exist.xmlrpc.RpcConnection: Permission > > denied to open collection: /db/organizations by te...@ea... > > at > > > org.apache.xmlrpc.client.XmlRpcStreamTransport.readResponse(XmlRpcStreamTransport.java:197) > > at > > > org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:156) > > at > > > org.apache.xmlrpc.client.XmlRpcHttpTransport.sendRequest(XmlRpcHttpTransport.java:143) > > at > > > org.apache.xmlrpc.client.XmlRpcSunHttpTransport.sendRequest(XmlRpcSunHttpTransport.java:69) > > at > > > org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:56) > > at > org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:167) > > at > org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:158) > > at > org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:147) > > at > > > org.exist.xmldb.RemoteCollection.readCollection(RemoteCollection.java:459) > > at > > > org.exist.xmldb.RemoteCollection.listChildCollections(RemoteCollection.java:278) > > at > > > org.exist.client.InteractiveClient.getResources(InteractiveClient.java:371) > > at > > org.exist.client.InteractiveClient.process(InteractiveClient.java:556) > > at > org.exist.client.ClientFrame$ProcessThread.run(ClientFrame.java:1662) > > > > > > and in the logs: > > > > 2012-06-12 21:28:42,981 [eXistThread-44] DEBUG (SecurityManagerImpl.java > > [authenticate]:395) - Authentication try for 'te...@ea...'. > > 2012-06-12 21:28:42,981 [eXistThread-44] DEBUG (SecurityManagerImpl.java > > [authenticate]:436) - Authenticated by 'exist' as '[auth] <account > > name="te...@ea..." id="11"><group name="__test-org" > > id="12"></group><group name="__test-org__contributor-dita-langref" > > id="17"></group><group name="__test-org-dita-langref" > > id="16"></group></user>'. > > 2012-06-12 21:28:42,981 [eXistThread-44] DEBUG (RpcConnection.java > > [handleException]:120) - Permission denied to open collection: > > /db/organizations by te...@ea... > > org.exist.security.PermissionDeniedException: Permission denied to open > > collection: /db/organizations by te...@ea... > > at > org.exist.storage.NativeBroker.openCollection(NativeBroker.java:893) > > at > org.exist.storage.NativeBroker.openCollection(NativeBroker.java:738) > > at > > org.exist.xmlrpc.RpcConnection.describeCollection(RpcConnection.java:730) > > at > > org.exist.xmlrpc.RpcConnection.describeCollection(RpcConnection.java:711) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:616) > > at > > > org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.invoke(ReflectiveXmlRpcHandler.java:115) > > at > > > org.apache.xmlrpc.server.ReflectiveXmlRpcHandler.execute(ReflectiveXmlRpcHandler.java:106) > > at > > > org.apache.xmlrpc.server.XmlRpcServerWorker.execute(XmlRpcServerWorker.java:46) > > at > org.apache.xmlrpc.server.XmlRpcServer.execute(XmlRpcServer.java:86) > > at > > > org.apache.xmlrpc.server.XmlRpcStreamServer.execute(XmlRpcStreamServer.java:200) > > at > > > org.apache.xmlrpc.webserver.XmlRpcServletServer.execute(XmlRpcServletServer.java:112) > > at > > org.apache.xmlrpc.webserver.XmlRpcServlet.doPost(XmlRpcServlet.java:196) > > at org.exist.xmlrpc.RpcServlet.doPost(RpcServlet.java:68) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) > > at > > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:598) > > at > > > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:486) > > at > > > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119) > > at > > > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:542) > > at > > > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:233) > > at > > > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1065) > > at > > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:413) > > at > > > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:192) > > at > > > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:999) > > at > > > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) > > at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:224) > > at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:98) > > at org.exist.http.urlrewrite.Forward.doRewrite(Forward.java:47) > > at > > > org.exist.http.urlrewrite.XQueryURLRewrite.service(XQueryURLRewrite.java:211) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) > > at > > org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:598) > > at > > > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:486) > > at > > > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119) > > at > > > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:499) > > at > > > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:233) > > at > > > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1065) > > at > > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:413) > > at > > > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:192) > > at > > > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:999) > > at > > > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) > > at > > > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149) > > at > > > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111) > > at org.eclipse.jetty.server.Server.handle(Server.java:350) > > at > > > org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:454) > > at > > > org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:900) > > at > > > org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:954) > > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:851) > > at > org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) > > at > > > org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:77) > > at > > > org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:606) > > at > > > org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:46) > > at > > > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:603) > > at > > > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:538) > > at java.lang.Thread.run(Thread.java:636) > > > > Anyone know whats going on here? > > > > -- > > -- > > Casey Jordan > > easyDITA a product of Jorsek LLC > > "CaseyDJordan" on LinkedIn, Twitter & Facebook > > (585) 348 7399 > > easydita.com > > > > > > This message is intended only for the use of the Addressee(s) and may > > contain information that is privileged, confidential, and/or exempt from > > disclosure under applicable law. If you are not the intended recipient, > > please be advised that any disclosure copying, distribution, or use of > > the information contained herein is prohibited. If you have received > > this communication in error, please destroy all copies of the message, > > whether in electronic or hard copy format, as well as attachments, and > > immediately contact the sender by replying to this e-mail or by phone. > > Thank you. > > > > > > > ------------------------------------------------------------------------------ > > Live Security Virtual Conference > > Exclusive live event will cover all the ways today's security and > > threat landscape has changed and how IT managers can respond. Discussions > > will include endpoint security, mobile security and the latest in malware > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > _______________________________________________ > > Exist-development mailing list > > Exi...@li... > > https://lists.sourceforge.net/lists/listinfo/exist-development > > > > > > -- > Adam Retter > > eXist Developer > { United Kingdom } > ad...@ex... > irc://irc.freenode.net/existdb > -- -- Casey Jordan easyDITA a product of Jorsek LLC "CaseyDJordan" on LinkedIn, Twitter & Facebook (585) 348 7399 easydita.com This message is intended only for the use of the Addressee(s) and may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, please be advised that any disclosure copying, distribution, or use of the information contained herein is prohibited. If you have received this communication in error, please destroy all copies of the message, whether in electronic or hard copy format, as well as attachments, and immediately contact the sender by replying to this e-mail or by phone. Thank you. |
