Task #8687 (closed)
Opened 12 years ago
Closed 12 years ago
Bug: share connection use by default
Reported by: | wmoore | Owned by: | wmoore |
---|---|---|---|
Priority: | blocker | Milestone: | OMERO-4.4 |
Component: | Web | Version: | n.a. |
Keywords: | n.a. | Cc: | web-team@… |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | 2012-05-22 (15) |
Description
Just by logging on to gretzky, which has recent 8610 branch
* 2820b86 (team/merge-green, merge-green) Web keepalive ping. Closes #8550 * ad5f2ce Cleaning and moving webclient/templates/base/includes * 888f3f8 In-line label for Search filter. See #8623 * 76b2a36 Only show Search filter AFTER search. See #8263
first attempt to browse the data tree gives an error
ome.model.containers.Project:Id_3106 not contained in share
Blitz log has
2012-05-02 13:19:20,488 INFO [ ome.security.basic.BasicEventContext] (l.Server-3) cctx: group=3,share=21998
OMEROweb.log
2012-05-02 13:30:54,931 INFO [ omero.gateway] (proc.18215) connect:1671 created connection (uuid=a4816974-266d-421f-b4f3-e70eb5e02b50) 2012-05-02 13:30:54,976 WARNI [ omero.gateway] (proc.18215) debug:3188 SecurityViolation on <class 'webclient.webclient_gateway.OmeroWebSafeCallWrapper'> to <f23a7c5b-5a50-41d9-a7e4-f34ae3e113acomero.api.IQuery> findAllByQuery(('select obj from Project obj join fetch obj.details.owner as owner join fetch obj.details.group join fetch obj.details.creationEvent where owner.id = (:eid)', object #0 (::omero::sys::Parameters) { map = { key = eid value = object #1 (::omero::RLong) { _val = 0 } } theFilter = object #2 (::omero::sys::Filter) { unique = <nil> ownerId = <object #1> groupId = <nil> offset = <nil> limit = <nil> startTime = <nil> endTime = <nil> } theOptions = <nil> }, {'omero.share': '21998', 'omero.group': '0'}), {}) Traceback (most recent call last): File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/omero/gateway/__init__.py", line 3206, in __call__ return self.f(*args, **kwargs) File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/omero_api_IQuery_ice.py", line 139, in findAllByQuery return _M_omero.api.IQuery._op_findAllByQuery.invoke(self, ((query, params), _ctx)) SecurityViolation: exception ::omero::SecurityViolation { serverStackTrace = ome.conditions.SecurityViolation: ome.model.containers.Project:Id_3106 not contained in share at ome.security.sharing.SharingACLVoter.throwLoadViolation(SharingACLVoter.java:73) at ome.security.CompositeACLVoter.throwLoadViolation(CompositeACLVoter.java:86)
Attachments (3)
Change History (12)
Changed 12 years ago by rkferguson
Changed 12 years ago by rkferguson
comment:1 Changed 12 years ago by rkferguson
comment:2 Changed 12 years ago by rkferguson
- Cc rkferguson added; gferguson removed
comment:3 Changed 12 years ago by wmoore
Blitz and OMEROweb logs attached.
Blitz log hightlights:
At this point, every cctx is group=3
2012-05-02 12:46:37,339 INFO [ ome.security.basic.BasicEventContext] (l.Server-9) cctx: group=3 2012-05-02 12:46:37,339 INFO [ ome.security.basic.EventHandler] (l.Server-9) Auth: user=3,group=3,event=null(User),sess=2ea93eec-88c8-4ccc-93e9-e19a783f7c10,share=-1 2012-05-02 12:46:37,340 INFO [ org.perf4j.TimingLogger] (l.Server-9) start[1335959197338] time[2] tag[omero.call.exception] 2012-05-02 12:46:37,340 WARN [ ome.services.util.ServiceHandler] (l.Server-9) Unknown exception thrown. java.lang.NullPointerException at ome.services.ThumbnailBean.newContext(ThumbnailBean.java:658) at ome.services.ThumbnailBean.setPixelsId(ThumbnailBean.java:272)
First mention of '21998' in the logs
2012-05-02 12:46:38,870 INFO [ omero.cmd.SessionI] (l.Server-6) Added servant to adapter: 2ea93eec-88c8-4ccc-93e9-e19a783f7c10/cc56943f-67d9-434c-8bb0-b85c7fdc72d5omero.api.IShare(omero.api._IShareTie@5746b3eb) 2012-05-02 12:46:38,871 INFO [ ome.security.basic.EventHandler] (l.Server-3) Auth: user=3,group=3,event=null(User),sess=2ea93eec-88c8-4ccc-93e9-e19a783f7c10,share=-1 2012-05-02 12:46:38,871 INFO [ ome.services.util.ServiceHandler] (l.Server-2) Meth: interface ome.api.IShare.getShare 2012-05-02 12:46:38,871 INFO [ ome.services.util.ServiceHandler] (l.Server-2) Args: [21998]
All future cctx logs look like this
2012-05-02 12:46:38,900 INFO [ ome.security.basic.BasicEventContext] (l.Server-0) cctx: group=3,share=21998
comment:4 Changed 12 years ago by wmoore
This bug persisted for all OMERO.web users (Me, Gus, Emma) until $ omero web stop / start. The user=3 above is "will".
comment:5 Changed 12 years ago by atarkowska
- Owner changed from atarkowska to wmoore
It seams like ome.conditions.SecurityViolation? is related to the way {'omero.group'} is set. Will you mentioned that user who logged in used your account, but as you can see the omero.group is set to 0 is group called 'system' as far as I can see you have now Admin privileges in gretzky (you are not a member of system group). I would suggest review how CONFIGSERVICE_OPTS? are set up in the omero.python gateway as this seams to case a lots of issues. More detailed use-case related to Thumbnail store is described in #8685
comment:6 Changed 12 years ago by atarkowska
- Cc web-team@… added; rkferguson cxallan removed
comment:7 Changed 12 years ago by jburel
- Sprint changed from 2012-05-08 (14) to 2012-05-22 (15)
Moved from sprint 2012-05-08 (14)
comment:8 Changed 12 years ago by Aleksandra Tarkowska <A.Tarkowska@…>
(In [2e08771d8967edc3f9758e39c828bda3ea052b8b/ome.git] on branch develop) adjusting integration test ishare.test8513, see #8685 and #8687 for comments
comment:9 Changed 12 years ago by wmoore
- Resolution set to duplicate
- Status changed from new to closed
Duplicate #8685
I first got the error when I tried to click on an image in the search results in the middle pane. Everything was working fine up to then - I had done the search about a minute before I clicked on the result.