| java.lang.SecurityException: access denied (code 3a). [message #1798111] |
Mon, 12 November 2018 10:28  |
Eclipse User |
|
|
|
Dear All,
I would like to implement the authorization process in my application therefore I created for each outline a view permisssion and assign some of them to a user,
these permission are stored in db and then restored using the ServerAccessControlService in the server module,
my problem is the follwing, for the user admin I grant all permissions and for the other users I calculate the permission they have based on what they have in the database using this method
@Override
protected Permissions execLoadPermissions(String login) {
Permissions permissions = new Permissions();
permissions.add(new RemoteServiceAccessPermission("*.shared.*", "*"));
if (login.equals("admin")) {
LOG.warn("grant all permissions for user Admin");
permissions.add(new AllPermission());
} else {
try {
SQL.getConnection().createStatement().executeQuery(SQLs.DEFINE_DEFAULT_DATABASE);
// get simple class names from the databse
IntegerHolder user_id = new IntegerHolder();
SQL.selectInto(SQLs.SELECT_USER_ID, new NVPair("login", login), new NVPair("result", user_id));
// Getting Roles for Specific User
IntegerArrayHolder setOfRoles = new IntegerArrayHolder();
SQL.select(SQLs.SELECT_DISCTINCT_ROLES_IDS, new NVPair("user_id", user_id),
new NVPair("result", setOfRoles));
for (int i = 0; i < setOfRoles.getValue().length; i++) {
int role_id = setOfRoles.getValue()[i];
StringArrayHolder perm = new StringArrayHolder();
SQL.select(SQLs.SELECT_AL_ASSINED_PERMISSIONS, new NVPair("role_id", role_id),
new NVPair("result", perm));
for (int j = 0; j < perm.getValue().length; j++) {
try {
permissions.add((Permission) Class.forName(perm.getValue()[j]).newInstance());
} catch (Exception e) {
LOG.error("cannot find permission " + perm.getValue()[j] + ": " + e.getMessage());
}
}
}
} catch (ProcessingException e) {
LOG.error("cannot read permissions: " + e.getStackTrace());
} catch (SQLException e1) {
LOG.error("SQL execution exception : " + e1.getStackTrace());
}
}
return permissions;
}
this methode is return the given error when loggin in with specific user.
Does any one knows how to solve it ?
Kind Regards
Anis
|
|
|
|
|
| Re: java.lang.SecurityException: access denied (code 3a). [message #1798282 is a reply to message #1798213] |
Wed, 14 November 2018 17:09  |
| Eclipse User |
|
|
|
Oueslati Anis wrote on Wed, 14 November 2018 04:30why the connection is working for Admin user to witch I gran t all permission
Permissions are checked by asking if the user's set of assigned permissions (the one you build in the AccessControlService) "implies" the given permission object. The java.security.AllPermission is a special permission that automatically implies any other permission. A user that possesses the AllPermission (like the admin user) can therefore pass all security checks.
To find out why a "normal" user does not pass the ServiceOperationInvoker's security check you have to set a break point at org.eclipse.scout.rt.server.ServiceOperationInvoker.checkRemoteServiceAccessByPermission() and debug the code. Most likely, the service interface's name does not match the pattern you put into RemoteServiceAccessPermission. I cannot say more based on the given information. java.security.Permission objects are not specific to Scout but are part of a standard Java environment. It might help to read about them.
Regards,
Beat
|
|
|
Powered by
FUDForum. Page generated in 0.36448 seconds
Home