| java.lang.SecurityException: access denied (code 3a). [message #1798111] |
Mon, 12 November 2018 15:28  |
|
Dear All,
I would like to implement the authorization process in my application therefore I created for each outline a view permisssion and assign some of them to a user,
these permission are stored in db and then restored using the ServerAccessControlService in the server module,
my problem is the follwing, for the user admin I grant all permissions and for the other users I calculate the permission they have based on what they have in the database using this method
@Override
protected Permissions execLoadPermissions(String login) {
Permissions permissions = new Permissions();
permissions.add(new RemoteServiceAccessPermission("*.shared.*", "*"));
if (login.equals("admin")) {
LOG.warn("grant all permissions for user Admin");
permissions.add(new AllPermission());
} else {
try {
SQL.getConnection().createStatement().executeQuery(SQLs.DEFINE_DEFAULT_DATABASE);
// get simple class names from the databse
IntegerHolder user_id = new IntegerHolder();
SQL.selectInto(SQLs.SELECT_USER_ID, new NVPair("login", login), new NVPair("result", user_id));
// Getting Roles for Specific User
IntegerArrayHolder setOfRoles = new IntegerArrayHolder();
SQL.select(SQLs.SELECT_DISCTINCT_ROLES_IDS, new NVPair("user_id", user_id),
new NVPair("result", setOfRoles));
for (int i = 0; i < setOfRoles.getValue().length; i++) {
int role_id = setOfRoles.getValue()[i];
StringArrayHolder perm = new StringArrayHolder();
SQL.select(SQLs.SELECT_AL_ASSINED_PERMISSIONS, new NVPair("role_id", role_id),
new NVPair("result", perm));
for (int j = 0; j < perm.getValue().length; j++) {
try {
permissions.add((Permission) Class.forName(perm.getValue()[j]).newInstance());
} catch (Exception e) {
LOG.error("cannot find permission " + perm.getValue()[j] + ": " + e.getMessage());
}
}
}
} catch (ProcessingException e) {
LOG.error("cannot read permissions: " + e.getStackTrace());
} catch (SQLException e1) {
LOG.error("SQL execution exception : " + e1.getStackTrace());
}
}
return permissions;
}
this methode is return the given error when loggin in with specific user.
Does any one knows how to solve it ?
Kind Regards
Anis
|
|
|
| Re: java.lang.SecurityException: access denied (code 3a). [message #1798175 is a reply to message #1798111] |
Tue, 13 November 2018 15:37  |
|
Oueslati Anis wrote on Mon, 12 November 2018 10:28
this methode is return the given error when loggin in with specific user.
All calls over the service tunnel are secured by checking for the special "RemoteServiceAccessPermission". The "code 3a" message is thrown at exactly this check: org.eclipse.scout.rt.server.ServiceOperationInvoker.checkRemoteServiceAccessByPermission()
It seems that you have added the RemoteServiceAccessPermission to your permission collection. Maybe you have to check your package filter (first argument), or the packages of your service interfaces, respectively. Do they contain the word "shared"?
Otherwise, I suggest you make a breakpoint at the mentioned location and inspect the permission collection.
Regards,
Beat
|
|
|
| Re: java.lang.SecurityException: access denied (code 3a). [message #1798213 is a reply to message #1798175] |
Wed, 14 November 2018 09:30 |
|
Hello,
Yes it contains the word shared, but why the connection is working for Admin user to witch I gran t all permission and not for other users that I give only what they have in theire roles, I mean do I have to add more permissions than I have added or what ?
in other words in order to loggin you have to have a minimum set of permissions, what are these permissions.
Kind Regards
anis
|
|
|
| Re: java.lang.SecurityException: access denied (code 3a). [message #1798282 is a reply to message #1798213] |
Wed, 14 November 2018 22:09 |
|
Oueslati Anis wrote on Wed, 14 November 2018 04:30why the connection is working for Admin user to witch I gran t all permission
Permissions are checked by asking if the user's set of assigned permissions (the one you build in the AccessControlService) "implies" the given permission object. The java.security.AllPermission is a special permission that automatically implies any other permission. A user that possesses the AllPermission (like the admin user) can therefore pass all security checks.
To find out why a "normal" user does not pass the ServiceOperationInvoker's security check you have to set a break point at org.eclipse.scout.rt.server.ServiceOperationInvoker.checkRemoteServiceAccessByPermission() and debug the code. Most likely, the service interface's name does not match the pattern you put into RemoteServiceAccessPermission. I cannot say more based on the given information. java.security.Permission objects are not specific to Scout but are part of a standard Java environment. It might help to read about them.
Regards,
Beat
|
|
|
Powered by
FUDForum. Page generated in 0.05099 seconds
] 
Search
Help
Register
Login
Home
