search

docdoku / docdoku-plm

The project purpose is to develop a comprehensive, robust open source PLM (Product LifeCycle Management) solution.
http://www.docdokuplm.com
GNU Affero General Public License v3.0
241 stars 98 forks source link

Trouble detect when click on Notification button from web App #1179

Closed ludoBarel closed 6 years ago

ludoBarel commented 6 years ago

i've tested the web front dockdockuPlm ran with

npm run dev

I was connected with an administrator account. Once connected, i've selected a workspace and clicked on notification button and the user was disconnected with this message :

you not allowed to access this resource, you must be connected

In server side the following logs was displayed :

[2018-08-14T10:31:28.835+0200] [Payara 4.1] [INFOS] [] [javax.enterprise.system.core.security] [tid: _ThreadID=28 _ThreadName=http-thread-pool::http-listener-1(5)] [timeMillis: 1534235488835] [levelValue: 800] [[ JACC Policy Provider: Failed Permission Check, context(eplmp-server-ear/eplmp-server-ejb_jar)- permission(("javax.security.jacc.EJBMethodPermission" "UserManagerBean" "checkWorkspaceReadAccess,Local,java.lang.String"))]]

[2018-08-14T10:31:28.838+0200] [Payara 4.1] [AVERTISSEMENT] [AS-EJB-00056] [javax.enterprise.ejb.container] [tid: _ThreadID=28 _ThreadName=http-thread-pool::http-listener-1(5)] [timeMillis: 1534235488838] [levelValue: 900] [[ A system exception occurred during an invocation on EJB UserManagerBean, method: public org.polarsys.eplmp.core.common.User org.polarsys.eplmp.server.UserManagerBean.checkWorkspaceReadAccess(java.lang.String) throws org.polarsys.eplmp.core.exceptions.UserNotFoundException,org.polarsys.eplmp.core.exceptions.UserNotActiveException,org.polarsys.eplmp.core.exceptions.WorkspaceNotFoundException,org.polarsys.eplmp.core.exceptions.WorkspaceNotEnabledException]

[2018-08-14T10:31:28.838+0200] [Payara 4.1] [AVERTISSEMENT] [] [javax.enterprise.ejb.container] [tid: _ThreadID=28 _ThreadName=http-thread-pool::http-listener-1(5)] [timeMillis: 1534235488838] [levelValue: 900] [[

javax.ejb.AccessLocalException: Client not authorized for this invocation at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1976) at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:210) at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90) at com.sun.proxy.$Proxy489.checkWorkspaceReadAccess(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.weld.util.reflection.Reflections.invokeAndUnwrap(Reflections.java:433)

BUG DETECTED

After than, i've tried to reconnect the same user and the same error was appeared and the connection was impossible (each time i've tried to log in it had redirected me to log in page ).

ludoBarel commented 6 years ago

Seems to be the same error for customization request. After analyse the code, seems than 'admin' user have not the right to do this. So, don't you think than this will be better to remove this action from the panel of possibilities when 'admin' user try to see information about user's workspace ?