Task #12763 (new)
Opened 9 years ago
Last modified 8 years ago
Bug: 500 in web uncaught on user deactivation
Reported by: | jamoore | Owned by: | wmoore |
---|---|---|---|
Priority: | major | Milestone: | Unscheduled |
Component: | Web | Version: | 5.0.8 |
Keywords: | n.a. | Cc: | ux@… |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description
While testing https://github.com/openmicroscopy/openmicroscopy/pull/3441, a ServerError? 500 was raised when the user was no longer active while trying to open the browser hierarchy.
Traceback (most recent call last): File "/opt/hudson/workspace/OMERO-5.1-merge-deploy/src/dist/lib/python/django/core/handlers/base.py", line 114, in get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/opt/hudson/workspace/OMERO-5.1-merge-deploy/src/dist/lib/python/omeroweb/decorators.py", line 469, in wrapped retval = f(request, *args, **kwargs) File "/opt/hudson/workspace/OMERO-5.1-merge-deploy/src/dist/lib/python/omeroweb/decorators.py", line 519, in wrapper context = f(request, *args, **kwargs) File "/opt/hudson/workspace/OMERO-5.1-merge-deploy/src/dist/lib/python/omeroweb/webclient/views.py", line 489, in load_data manager.listOrphanedImages(filter_user_id, page) File "/opt/hudson/workspace/OMERO-5.1-merge-deploy/src/dist/lib/python/omeroweb/webclient/controller/container.py", line 462, in listOrphanedImages self.experimenter = self.conn.getObject("Experimenter", eid) File "/opt/hudson/workspace/OMERO-5.1-merge-deploy/src/dist/lib/python/omero/gateway/__init__.py", line 2918, in getObject query, params, self.SERVICE_OPTS) File "/opt/hudson/workspace/OMERO-5.1-merge-deploy/src/dist/lib/python/omero/gateway/__init__.py", line 4103, in __call__ return self.handle_exception(e, *args, **kwargs) File "/opt/hudson/workspace/OMERO-5.1-merge-deploy/src/dist/lib/python/omeroweb/webclient/webclient_gateway.py", line 2069, in handle_exception e, *args, **kwargs) File "/opt/hudson/workspace/OMERO-5.1-merge-deploy/src/dist/lib/python/omero/gateway/__init__.py", line 4100, in __call__ return self.f(*args, **kwargs) File "/opt/hudson/workspace/OMERO-5.1-merge-deploy/src/dist/lib/python/omero_api_IQuery_ice.py", line 201, in findByQuery return _M_omero.api.IQuery._op_findByQuery.invoke(self, ((query, params), _ctx)) SecurityViolation: exception ::omero::SecurityViolation { serverStackTrace = ome.conditions.SecurityViolation: No matching roles found in [a080dc22-b8d6-4209-a0b3-696321b3981e] for session 430b6190-3b59-4c79-9557-a5272d0cd103 (allowed: [user]) at ome.security.basic.BasicMethodSecurity.checkMethod(BasicMethodSecurity.java:137) at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:81) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy80.findByQuery(Unknown Source) at sun.reflect.GeneratedMethodAccessor410.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179) at ome.services.throttling.Callback.run(Callback.java:56) at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56) at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:149) at ome.services.blitz.impl.QueryI.findByQuery_async(QueryI.java:92) at sun.reflect.GeneratedMethodAccessor409.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at omero.cmd.CallContext.invoke(CallContext.java:78) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy81.findByQuery_async(Unknown Source) at omero.api._IQueryTie.findByQuery_async(_IQueryTie.java:122) at omero.api._IQueryDisp.___findByQuery(_IQueryDisp.java:354) at omero.api._IQueryDisp.__dispatch(_IQueryDisp.java:520) at IceInternal.Incoming.invoke(Incoming.java:159) at Ice.ConnectionI.invokeAll(ConnectionI.java:2357) at Ice.ConnectionI.dispatch(ConnectionI.java:1208) at Ice.ConnectionI.message(ConnectionI.java:1163) at IceInternal.ThreadPool.run(ThreadPool.java:302) at IceInternal.ThreadPool.access$300(ThreadPool.java:12) at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:643) at java.lang.Thread.run(Thread.java:744) serverExceptionClass = ome.conditions.SecurityViolation message = No matching roles found in [a080dc22-b8d6-4209-a0b3-696321b3981e] for session 430b6190-3b59-4c79-9557-a5272d0cd103 (allowed: [user]) } <WSGIRequest path:/merge/webclient/load_data/orphaned/, GET:<QueryDict: {u'view': [u'icon']}>, POST:<QueryDict: {}>, COOKIES:{'csrftoken': 'PdhATU5Xarr9bMXIiGkn9aEA6seE9ZkH', 'sessionid': 'cfy7t2if9lx9f39yv4ak36acuc3eczn9'}, META:{'CONTENT_LENGTH': '', 'CONTENT_TYPE': '', u'CSRF_COOKIE': u'PdhATU5Xarr9bMXIiGkn9aEA6seE9ZkH', 'HTTPS': 'on', 'HTTP_ACCEPT': 'text/html, */*; q=0.01', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, sdch', 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.8,de;q=0.6', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_COOKIE': 'csrftoken=PdhATU5Xarr9bMXIiGkn9aEA6seE9ZkH; sessionid=cfy7t2if9lx9f39yv4ak36acuc3eczn9', 'HTTP_HOST': 'trout.openmicroscopy.org', 'HTTP_REFERER': 'https://trout.openmicroscopy.org/merge/webclient/', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36', 'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest', 'PATH_INFO': u'/webclient/load_data/orphaned/', 'QUERY_STRING': 'view=icon', 'REQUEST_METHOD': 'GET', 'SCRIPT_INFO': '/merge', 'SCRIPT_NAME': u'/merge', 'SERVER_NAME': 'ome-c6100-3', 'SERVER_PORT': '443', 'SERVER_PROTOCOL': 'HTTP/1.1', 'wsgi.errors': <flup.server.fcgi_base.TeeOutputStream object at 0x6354410>, 'wsgi.input': <flup.server.fcgi_base.InputStream object at 0x6c66fd0>, 'wsgi.multiprocess': True, 'wsgi.multithread': False, 'wsgi.run_once': False, 'wsgi.url_scheme': 'https', 'wsgi.version': (1, 0)}>
Change History (11)
comment:1 Changed 9 years ago by atarkowska
comment:2 Changed 9 years ago by wmoore
- Owner set to wmoore
Sorry - Josh, how did you get this? You logged in as a user, then as an Admin you disabled that user? Then the user got this error?
comment:3 Changed 9 years ago by wmoore
- Component changed from General to Web
comment:4 Changed 9 years ago by jamoore
- login as user A
- in another browser, login as root and deactivate user A
- as user A, try to do anything --> 500
comment:5 Changed 9 years ago by wmoore
I think the nicest solution as Ola suggests is to log out the user when they are deactivated.
Is that possible?
Adding exception handling for this to all API calls would be a lot of work for a very edge-case scenario.
comment:6 Changed 9 years ago by jamoore
We can easily change the exception if that would help.
As for closing all the sessions, that likely falls under "a lot of work" as well. Would a single method "openSessionForUser" suffice which the client could invoke and actively kill before deactivating? Alternatively, ISession.getMyOpenSession exists which could be used via a sudo.
comment:7 Changed 9 years ago by jamoore
- Milestone changed from 5.1.1 to 5.1.2
Likely going with the exception solution, but not for 5.1.1
comment:8 Changed 9 years ago by wmoore
- Milestone changed from 5.1.2 to 5.1.3
comment:9 Changed 9 years ago by jamoore
- Milestone changed from 5.1.4 to OMERO-5.1.4
Splitting 5.1.4 due to milestone decoupling
comment:10 Changed 9 years ago by sbesson
- Milestone changed from OMERO-5.1.4 to 5.x
As discussed with Will earlier today, pushing the non-critical Web tickets out of 5.1.4
comment:11 Changed 8 years ago by jamoore
- Milestone changed from 5.x to Unscheduled
Perhaps user deactivation should also kill all active sessions?