Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #4245 (closed)

Opened 9 years ago

Closed 8 years ago

BUG:F3202 Login as guest, should be prohibited

Reported by: omero-qa Owned by: cxallan
Priority: critical Milestone: OMERO-4.4
Component: Web Version: n.a.
Keywords: n.a. Cc: ben@…, jamoore, atarkowska
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description (last modified by atarkowska)

Web needs to handle unexpected 'guest' login in a better way.

http://qa.openmicroscopy.org.uk/qa/feedback/3202/

Comment: I can login with the guest account, but I cannot seem to access any data, even though guest is the member of a collaborative group and I can see the tag cloud for these images.

Thanks!
Ben

Traceback (most recent call last):

  File "/opt/OMERO.server-Beta-4.2.2/lib/python/django/core/handlers/base.py", line 92, in get_response
    response = callback(request, *callback_args, **callback_kwargs)

  File "/opt/OMERO.server-Beta-4.2.2/lib/python/omeroweb/webclient/views.py", line 155, in wrapped
    return f(request, *args, **kwargs)

  File "/opt/OMERO.server-Beta-4.2.2/lib/python/omeroweb/webclient/views.py", line 510, in load_template
    empty_label = "*%s (%s)" % (conn.getUser().getFullName(), conn.getUser().omeName)

AttributeError: 'NoneType' object has no attribute 'getFullName'


<WSGIRequest
GET:<QueryDict: {u'experimenter': [u'204']}>,
POST:<QueryDict: {}>,
COOKIES:{'BX': '7sjbe553p82l6&b=3&s=gn',
 '__utma': '257215512.1919754153823261700.1251952357.1296863271.1297028981.171',
 '__utmb': '257215512.1.10.1297028981',
 '__utmc': '257215512',
 '__utmz': '257215512.1295995210.169.11.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=sussex%20biobus',
 'sessionid': 'cc44a6c83ef046970a7e84ea1128ea13'},
META:{'DOCUMENT_ROOT': '/var/www/html',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
 'HTTP_ACCEPT_ENCODING': 'gzip,deflate',
 'HTTP_ACCEPT_LANGUAGE': 'en-us,en;q=0.5',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_COOKIE': 'BX=7sjbe553p82l6&b=3&s=gn; __utma=257215512.1919754153823261700.1251952357.1296863271.1297028981.171; __utmz=257215512.1295995210.169.11.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=sussex%20biobus; sessionid=cc44a6c83ef046970a7e84ea1128ea13; __utmc=257215512; __utmb=257215512.1.10.1297028981',
 'HTTP_HOST': 'data.biobus.org',
 'HTTP_KEEP_ALIVE': '115',
 'HTTP_REFERER': 'http://data.biobus.org/webclient/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13',
 'PATH': '/sbin:/usr/sbin:/bin:/usr/bin',
 'PATH_INFO': u'/webclient/usertags/',
 'PATH_TRANSLATED': '/opt/OMERO.server-Beta-4.2.2/var/omero.fcgi/webclient/usertags/',
 'QUERY_STRING': 'experimenter=204',
 'REMOTE_ADDR': '160.39.238.120',
 'REMOTE_PORT': '58568',
 'REQUEST_METHOD': 'GET',
 'REQUEST_URI': '/webclient/usertags/?experimenter=204',
 'SCRIPT_FILENAME': '/opt/OMERO.server-Beta-4.2.2/var/omero.fcgi',
 'SCRIPT_NAME': u'',
 'SERVER_ADDR': '128.122.52.185',
 'SERVER_ADMIN': 'ben@biobus.org',
 'SERVER_NAME': 'biobus',
 'SERVER_PORT': '80',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SIGNATURE': '<address>Apache/2.2.3 (Red Hat) Server at <a href="mailto:ben@biobus.org">biobus</a> Port 80</address>\n',
 'SERVER_SOFTWARE': 'Apache/2.2.3 (Red Hat)',
 'wsgi.errors': <flup.server.fcgi_base.TeeOutputStream object at 0x21c3aa10>,
 'wsgi.input': <flup.server.fcgi_base.InputStream object at 0x21c3a690>,
 'wsgi.multiprocess': True,
 'wsgi.multithread': False,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}>

Change History (7)

comment:1 Changed 9 years ago by atarkowska

  • Description modified (diff)

comment:2 Changed 8 years ago by jmoore

  • Cc jmoore added

comment:3 Changed 8 years ago by atarkowska

Because #6235 looks very similar, we could possibly include it in unittests.

comment:4 Changed 8 years ago by jmoore

  • Component changed from from QA to Web

comment:5 Changed 8 years ago by atarkowska

  • Milestone changed from Unscheduled to OMERO-Beta4.4
  • Priority changed from minor to critical

With the latest develop the error looks like:

SecurityViolation at /webclient/userdata/

exception ::omero::SecurityViolation
{
    serverStackTrace = ome.conditions.SecurityViolation: No matching roles found in [guest] for session b64ea887-1a9c-4bc9-b849-61c47ab96443 (allowed: [user])
	at ome.security.basic.BasicMethodSecurity.checkMethod(BasicMethodSecurity.java:137)
	at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:82)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy73.findByQuery(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179)
	at ome.services.throttling.Callback.run(Callback.java:56)
	at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
	at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:136)
	at ome.services.blitz.impl.QueryI.findByQuery_async(QueryI.java:92)
	at omero.api._IQueryTie.findByQuery_async(_IQueryTie.java:113)
	at omero.api._IQueryDisp.___findByQuery(_IQueryDisp.java:342)
	at omero.api._IQueryDisp.__dispatch(_IQueryDisp.java:508)
	at IceInternal.Incoming.invoke(Incoming.java:159)
	at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
	at Ice.ConnectionI.message(ConnectionI.java:972)
	at IceInternal.ThreadPool.run(ThreadPool.java:577)
	at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)

    serverExceptionClass = ome.conditions.SecurityViolation
    message = No matching roles found in [guest] for session b64ea887-1a9c-4bc9-b849-61c47ab96443 (allowed: [user])
}

comment:6 Changed 8 years ago by atarkowska

  • Cc atarkowska added
  • Owner changed from atarkowska to cxallan

Chris could you please review that issue in terms of #6342

comment:7 Changed 8 years ago by cxallan

  • Resolution set to duplicate
  • Status changed from new to closed

Closing as a duplicate. To be handling in the context of #6341.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.86604 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!