Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #12923 (new)

Opened 4 years ago

Last modified 4 years ago

RFE: Improve handling of "User 452 is not a member of group 106" security violation from server

Reported by: mtbcarroll Owned by: wmoore
Priority: minor Milestone: Permissions
Component: Web Version: 5.1.2
Keywords: n.a. Cc: web-team@…
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description

In discussing https://www.openmicroscopy.org/qa2/qa/feedback/11123/ it is suggested that there may be some bug that we ought to be handling better.

ome.conditions.SecurityViolation: User 452 is not a member of group 106 and cannot login
at ome.security.basic.BasicSecuritySystem.loadEventContext(BasicSecuritySystem.java:391)
at ome.security.basic.EventHandler.doLogin(EventHandler.java:210)
at ome.security.basic.EventHandler.invoke(EventHandler.java:146)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:249)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:121)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy80.findByQuery(Unknown Source)
at sun.reflect.GeneratedMethodAccessor330.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:98)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy80.findByQuery(Unknown Source)
at sun.reflect.GeneratedMethodAccessor337.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179)
at ome.services.throttling.Callback.run(Callback.java:56)
at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:149)
at ome.services.blitz.impl.QueryI.findByQuery_async(QueryI.java:92)
...

Change History (4)

comment:1 Changed 4 years ago by jamoore

  • Cc web-team@… added; server@… removed
  • Component changed from Services to Web
  • Milestone changed from Unscheduled to 5.1.3
  • Owner changed from jamoore to wmoore

Sorry, if I wasn't clear. The SecurityViolation? is correct, it's just that the calling code would need to handle this at something other than the ERROR level. Putting in 5.1.3 just so that got changes don't lead to the line numbers no longer being applicable.

comment:2 Changed 4 years ago by jamoore

  • Milestone changed from 5.1.4 to OMERO-5.1.4

Splitting 5.1.4 due to milestone decoupling

comment:3 Changed 4 years ago by sbesson

  • Milestone changed from OMERO-5.1.4 to 5.x

As discussed with Will earlier today, pushing the non-critical Web tickets out of 5.1.4

comment:4 Changed 4 years ago by jamoore

  • Milestone changed from 5.x to Permissions
Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.89565 sec.)

We're Hiring!