Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » scout » java.lang.SecurityException: access denied (code 3a).(Error)
java.lang.SecurityException: access denied (code 3a). [message #1798111] Mon, 12 November 2018 15:28 Go to next message
Oueslati Anis is currently offline Oueslati AnisFriend
Messages: 30
Registered: June 2014
Member
Dear All,
I would like to implement the authorization process in my application therefore I created for each outline a view permisssion and assign some of them to a user,
these permission are stored in db and then restored using the ServerAccessControlService in the server module,
my problem is the follwing, for the user admin I grant all permissions and for the other users I calculate the permission they have based on what they have in the database using this method
	@Override
	protected Permissions execLoadPermissions(String login) {
		Permissions permissions = new Permissions();
		permissions.add(new RemoteServiceAccessPermission("*.shared.*", "*"));

		if (login.equals("admin")) {
			LOG.warn("grant all permissions for user Admin");
			permissions.add(new AllPermission());
		} else {
			try {

				SQL.getConnection().createStatement().executeQuery(SQLs.DEFINE_DEFAULT_DATABASE);

				// get simple class names from the databse
				IntegerHolder user_id = new IntegerHolder();
				SQL.selectInto(SQLs.SELECT_USER_ID, new NVPair("login", login), new NVPair("result", user_id));

				// Getting Roles for Specific User
				IntegerArrayHolder setOfRoles = new IntegerArrayHolder();
				SQL.select(SQLs.SELECT_DISCTINCT_ROLES_IDS, new NVPair("user_id", user_id),
						new NVPair("result", setOfRoles));

				for (int i = 0; i < setOfRoles.getValue().length; i++) {
					int role_id = setOfRoles.getValue()[i];
					StringArrayHolder perm = new StringArrayHolder();
					SQL.select(SQLs.SELECT_AL_ASSINED_PERMISSIONS, new NVPair("role_id", role_id),
							new NVPair("result", perm));
					for (int j = 0; j < perm.getValue().length; j++) {
						try {
							permissions.add((Permission) Class.forName(perm.getValue()[j]).newInstance());
						} catch (Exception e) {
							LOG.error("cannot find permission " + perm.getValue()[j] + ": " + e.getMessage());
						}
					}

				}
			} catch (ProcessingException e) {
				LOG.error("cannot read permissions: " + e.getStackTrace());
			} catch (SQLException e1) {
				LOG.error("SQL execution exception : " + e1.getStackTrace());

			}
		}
		return permissions;
	}

this methode is return the given error when loggin in with specific user.
Does any one knows how to solve it ?
Kind Regards
Anis
Re: java.lang.SecurityException: access denied (code 3a). [message #1798175 is a reply to message #1798111] Tue, 13 November 2018 15:37 Go to previous messageGo to next message
Beat Schwarzentrub is currently offline Beat SchwarzentrubFriend
Messages: 112
Registered: November 2010
Senior Member
Oueslati Anis wrote on Mon, 12 November 2018 10:28

this methode is return the given error when loggin in with specific user.


All calls over the service tunnel are secured by checking for the special "RemoteServiceAccessPermission". The "code 3a" message is thrown at exactly this check: org.eclipse.scout.rt.server.ServiceOperationInvoker.checkRemoteServiceAccessByPermission()

It seems that you have added the RemoteServiceAccessPermission to your permission collection. Maybe you have to check your package filter (first argument), or the packages of your service interfaces, respectively. Do they contain the word "shared"?

Otherwise, I suggest you make a breakpoint at the mentioned location and inspect the permission collection.

Regards,
Beat
Re: java.lang.SecurityException: access denied (code 3a). [message #1798213 is a reply to message #1798175] Wed, 14 November 2018 09:30 Go to previous messageGo to next message
Oueslati Anis is currently offline Oueslati AnisFriend
Messages: 30
Registered: June 2014
Member
Hello,
Yes it contains the word shared, but why the connection is working for Admin user to witch I gran t all permission and not for other users that I give only what they have in theire roles, I mean do I have to add more permissions than I have added or what ?
in other words in order to loggin you have to have a minimum set of permissions, what are these permissions.
Kind Regards
anis
Re: java.lang.SecurityException: access denied (code 3a). [message #1798282 is a reply to message #1798213] Wed, 14 November 2018 22:09 Go to previous message
Beat Schwarzentrub is currently offline Beat SchwarzentrubFriend
Messages: 112
Registered: November 2010
Senior Member
Oueslati Anis wrote on Wed, 14 November 2018 04:30
why the connection is working for Admin user to witch I gran t all permission


Permissions are checked by asking if the user's set of assigned permissions (the one you build in the AccessControlService) "implies" the given permission object. The java.security.AllPermission is a special permission that automatically implies any other permission. A user that possesses the AllPermission (like the admin user) can therefore pass all security checks.

To find out why a "normal" user does not pass the ServiceOperationInvoker's security check you have to set a break point at org.eclipse.scout.rt.server.ServiceOperationInvoker.checkRemoteServiceAccessByPermission() and debug the code. Most likely, the service interface's name does not match the pattern you put into RemoteServiceAccessPermission. I cannot say more based on the given information. java.security.Permission objects are not specific to Scout but are part of a standard Java environment. It might help to read about them.

Regards,
Beat
Previous Topic:Multisession login
Next Topic:Form Field in Menu
Goto Forum:
  


Current Time: Thu Oct 17 10:04:00 GMT 2019

Powered by FUDForum. Page generated in 0.02057 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top