Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #9314 (closed)

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

Bug: Can't log in as guest

Reported by: rleigh Owned by: wmoore
Priority: critical Milestone: OMERO-4.4.4
Component: Web Version: n.a.
Keywords: n.a. Cc:
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: 2012-07-31 (1)

Description

When using gretsky or the virtualbox image:

Traceback (most recent call last):

  File "/home/omero/OMERO-CURRENT/lib/python/django/core/handlers/base.py", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)

  File "/home/omero/OMERO-CURRENT/lib/python/omeroweb/decorators.py", line 337, in wrapped
    retval = f(request, *args, **kwargs)

  File "/home/omero/OMERO-CURRENT/lib/python/omeroweb/decorators.py", line 372, in wrapper
    context = f(request, *args, **kwargs)

  File "/home/omero/OMERO-CURRENT/lib/python/omeroweb/webclient/views.py", line 335, in load_template
    s = conn.groupSummary(active_group)

  File "/home/omero/OMERO-CURRENT/lib/python/omero/gateway/__init__.py", line 2367, in groupSummary
    default = self.getObject("ExperimenterGroup", gid)

  File "/home/omero/OMERO-CURRENT/lib/python/omero/gateway/__init__.py", line 2485, in getObject
    result = self.getQueryService().findByQuery(query, params, self.SERVICE_OPTS)

  File "/home/omero/OMERO-CURRENT/lib/python/omero/gateway/__init__.py", line 3270, in __call__
    return self.handle_exception(e, *args, **kwargs)

  File "/home/omero/OMERO-CURRENT/lib/python/omeroweb/webclient/webclient_gateway.py", line 1875, in handle_exception
    e, *args, **kwargs)

  File "/home/omero/OMERO-CURRENT/lib/python/omero/gateway/__init__.py", line 3267, in __call__
    return self.f(*args, **kwargs)

  File "/home/omero/OMERO-CURRENT/lib/python/omero_api_IQuery_ice.py", line 133, in findByQuery
    return _M_omero.api.IQuery._op_findByQuery.invoke(self, ((query, params), _ctx))

SecurityViolation: exception ::omero::SecurityViolation
{
    serverStackTrace = ome.conditions.SecurityViolation: No matching roles found in [guest] for session c9d567a3-58ac-44cb-bff2-bd4e9b7d50b1 (allowed: [user])
	at ome.security.basic.BasicMethodSecurity.checkMethod(BasicMethodSecurity.java:137)
	at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:81)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy75.findByQuery(Unknown Source)
	at sun.reflect.GeneratedMethodAccessor739.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179)
	at ome.services.throttling.Callback.run(Callback.java:56)
	at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
	at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:137)
	at ome.services.blitz.impl.QueryI.findByQuery_async(QueryI.java:92)
	at sun.reflect.GeneratedMethodAccessor738.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at omero.cmd.CallContext.invoke(CallContext.java:59)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy76.findByQuery_async(Unknown Source)
	at omero.api._IQueryTie.findByQuery_async(_IQueryTie.java:113)
	at omero.api._IQueryDisp.___findByQuery(_IQueryDisp.java:342)
	at omero.api._IQueryDisp.__dispatch(_IQueryDisp.java:508)
	at IceInternal.Incoming.invoke(Incoming.java:159)
	at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
	at Ice.ConnectionI.message(ConnectionI.java:972)
	at IceInternal.ThreadPool.run(ThreadPool.java:577)
	at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)

    serverExceptionClass = ome.conditions.SecurityViolation
    message = No matching roles found in [guest] for session c9d567a3-58ac-44cb-bff2-bd4e9b7d50b1 (allowed: [user])
}


<WSGIRequest
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{'sessionid': 'fe6496fdc9d811bc5e4bd89ef50a34ea'},
META:{'DOCUMENT_ROOT': '/var/www',
 'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
 'HTTP_ACCEPT_LANGUAGE': 'en-gb,en;q=0.5',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_COOKIE': 'sessionid=fe6496fdc9d811bc5e4bd89ef50a34ea',
 'HTTP_HOST': 'gretzky.openmicroscopy.org.uk',
 'HTTP_REFERER': 'http://gretzky.openmicroscopy.org.uk/webclient/login/?url=%2Fwebclient%2F',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:13.0) Gecko/20100101 Firefox/13.0.1',
 'PATH': '/usr/local/bin:/usr/bin:/bin',
 'PATH_INFO': u'/webclient/',
 'PATH_TRANSLATED': '/home/omero/OMERO-CURRENT/var/omero.fcgi/webclient/',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '10.12.1.40',
 'REMOTE_PORT': '50927',
 'REQUEST_METHOD': 'GET',
 'REQUEST_URI': '/webclient/',
 'SCRIPT_FILENAME': '/home/omero/OMERO-CURRENT/var/omero.fcgi',
 'SCRIPT_NAME': u'',
 'SERVER_ADDR': '134.36.65.227',
 'SERVER_ADMIN': 'webmaster@localhost',
 'SERVER_NAME': 'gretzky.openmicroscopy.org.uk',
 'SERVER_PORT': '80',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SIGNATURE': '<address>Apache/2.2.14 (Ubuntu) Server at gretzky.openmicroscopy.org.uk Port 80</address>\n',
 'SERVER_SOFTWARE': 'Apache/2.2.14 (Ubuntu)',
 'wsgi.errors': <flup.server.fcgi_base.TeeOutputStream object at 0x7f5d98831910>,
 'wsgi.input': <flup.server.fcgi_base.InputStream object at 0x7f5d98831f50>,
 'wsgi.multiprocess': True,
 'wsgi.multithread': False,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}>

Change History (8)

comment:1 Changed 12 years ago by jmoore

  • Milestone changed from OMERO-Beta4.4 to OMERO-Beta4.4.1

It's currently expected to not be able to login as guest. Moving to 4.4.1 for catching the exception (or preventing the login in the first place).

comment:2 Changed 12 years ago by wmoore

  • Owner changed from web-team@… to wmoore
  • Sprint set to 2012-07-31 (1)

comment:3 Changed 12 years ago by wmoore

  • Status changed from new to accepted

comment:4 Changed 12 years ago by wmoore

Don't allow login as "guest" https://github.com/will-moore/openmicroscopy/commit/1cf025b255b2c968d00bd03ddc9e14f5d05aa39a

Not sure if we want to have a special error message when user tries to login as 'guest'?

comment:5 Changed 12 years ago by jmoore

Will, probably the thing to do is to login (which works for guest) but then if the user (even if not named "guest") is not in the "user" group, then to display, this user cannot login or "is not active" or whatever.

comment:6 Changed 12 years ago by wmoore

  • Resolution set to fixed
  • Status changed from accepted to closed

Check if logged in user is in "user" group. Give a special message if "guest". https://github.com/will-moore/openmicroscopy/commit/fc492100732bb4d51599e14662cb323d424de671

comment:7 Changed 12 years ago by Will Moore <will@…>

  • Milestone changed from OMERO-4.4.1 to OMERO-4.4.2

(In [ed668692e427dfb8657e91d173e0d9fe53320c8d/ome.git] on branch develop) Don't allow login as 'guest'. See #9314

comment:8 Changed 12 years ago by Will Moore <will@…>

(In [4e8578ba1254d0e14c661c0a9fac7abf37f4ef62/ome.git] on branch develop) Login check if user is in 'user' group. Message if 'guest'. See #9314

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.67563 sec.)

We're Hiring!