Jetspeed 2
  1. Jetspeed 2
  2. JS2-382

HTTP Status 403 - SecurityConstraintsImpl.checkConstraints(): Access for view not permitted

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.3
    • Fix Version/s: 2.1.4
    • Component/s: None
    • Labels:
      None
    • Environment:
      jboss(3.2.5)4.0.2. jetspeed2-M3 .windows xp

      Description

      I have deployed jetspeed2-M3 on jboss(3.2.5)4.0.2. I use admin(user) login ,changing a portlet location or adding a portlet with tool. When I restart jboss, the erroe on the browser is:HTTP Status 403 - SecurityConstraintsImpl.checkConstraints(): Access for view not permitted, Access to the specified resource (SecurityConstraintsImpl.checkConstraints(): Access for view not permitted.) has been forbidden.
      Can you give me some helps?

        Activity

        Hide
        Ate Douma added a comment -

        I'm resolving this one again as already been resolved.
        I cannot reproduce with Tomcat.

        There might be a problem on other application servers if using JAAS/container authentication when the container is not providing (or allowing to) principal instances implementing the Jetspeed UserPricipal,RolePrincipal and GroupPrincipal interfaces.

        However this is how the Jetspeed security system works.
        For JBoss this is possible to configure right, for WebLogic I don't know.
        But it is always possible to workaround all this by using PortalFilter based security integration where you can setup (wrap/inject) this appropriate as needed for Jetspeed.

        Show
        Ate Douma added a comment - I'm resolving this one again as already been resolved. I cannot reproduce with Tomcat. There might be a problem on other application servers if using JAAS/container authentication when the container is not providing (or allowing to) principal instances implementing the Jetspeed UserPricipal,RolePrincipal and GroupPrincipal interfaces. However this is how the Jetspeed security system works. For JBoss this is possible to configure right, for WebLogic I don't know. But it is always possible to workaround all this by using PortalFilter based security integration where you can setup (wrap/inject) this appropriate as needed for Jetspeed.
        Hide
        Jan-Helge Bergesen added a comment -

        ... and it would seem like the cause of this is the org.apache.jetspeed.security.impl.SecurityValveImpl.getUserPrincipal().

        The AbstractBaseElement aparently assumes that the outcome of this valve, is a UserPrincipalImpl - which it will only be in case of the "anon-user" case.

        Show
        Jan-Helge Bergesen added a comment - ... and it would seem like the cause of this is the org.apache.jetspeed.security.impl.SecurityValveImpl.getUserPrincipal(). The AbstractBaseElement aparently assumes that the outcome of this valve, is a UserPrincipalImpl - which it will only be in case of the "anon-user" case.
        Hide
        Jan-Helge Bergesen added a comment -

        Hello.
        I'm experiencing something similar on JS2 2.1.3, attempted deployed on WebLogic 9.2.

        I've debugged my way down to org.apache.jetspeed.om.page.psml.AbstractBaseElement line 277.
        WebLogic provides a single principal of class WLSUserImpl, which none of the "if()"s match.
        Thus all the lists provided to SecurityConstraintsImpl is null.

        Am I maybe missing something recarding the construction of the JetSpeed specific principals (i.e mapping)?

        Show
        Jan-Helge Bergesen added a comment - Hello. I'm experiencing something similar on JS2 2.1.3, attempted deployed on WebLogic 9.2. I've debugged my way down to org.apache.jetspeed.om.page.psml.AbstractBaseElement line 277. WebLogic provides a single principal of class WLSUserImpl, which none of the "if()"s match. Thus all the lists provided to SecurityConstraintsImpl is null . Am I maybe missing something recarding the construction of the JetSpeed specific principals (i.e mapping)?
        Hide
        David Sean Taylor added a comment -

        updating fix version to 2.1.4

        Show
        David Sean Taylor added a comment - updating fix version to 2.1.4
        Hide
        David Sean Taylor added a comment -

        I guess we can reopen this and try to reproduce again. Its been a long time, maybe something was introduced...

        Show
        David Sean Taylor added a comment - I guess we can reopen this and try to reproduce again. Its been a long time, maybe something was introduced...
        Hide
        Ate Douma added a comment -

        Seems caused by JS2-139 which is fixed.

        Show
        Ate Douma added a comment - Seems caused by JS2-139 which is fixed.
        Hide
        lisheng added a comment -

        Thanks ,james liao !
        I have solved the question,if someone have this issue,I think I can give you a little help.

        Show
        lisheng added a comment - Thanks ,james liao ! I have solved the question,if someone have this issue,I think I can give you a little help.
        Hide
        Jian Liao added a comment -

        This issue had been fixed in J2-M4.
        Please upgrade to it or apply the patch for JS2-139.
        This issue is caused by it(http://issues.apache.org/jira/browse/JS2-139).

        Show
        Jian Liao added a comment - This issue had been fixed in J2-M4. Please upgrade to it or apply the patch for JS2-139 . This issue is caused by it( http://issues.apache.org/jira/browse/JS2-139 ).

          People

          • Assignee:
            Unassigned
            Reporter:
            lisheng
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development