search

tian-zhihui / cordysfilecon

Automatically exported from code.google.com/p/cordysfilecon
Apache License 2.0
0 stars 0 forks source link

Unable to use FileConnector on CU18 #33

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Install connector 1.2.20
2. Make file service container within System
3. Call file connector method with WS-Security within the context of another 
Organization

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:v1="http://www.zorgregistratie.nl/azr/schema/AZRMessagingService/v1" 
xmlns:v11="http://www.zorgregistratie.nl/azr/CDM/Metadata/v1">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>test@ciber.nl</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">test</wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
  <soapenv:Body>
    <WriteFile xmlns="http://schemas.cordys.com/1.0/ac/FileConnector">
      <filename>/opt/</filename>
      <append>PARAMETER</append>
      <encoded>PARAMETER</encoded>
      <charset>PARAMETER</charset>
      <data>PARAMETER</data>
    </WriteFile>
  </soapenv:Body>
</soapenv:Envelope>

What is the expected output? What do you see instead?
I expect that the method is called, instead i get the following error:
   <soapenv:Header>
      <header xmlns="http://schemas.cordys.com/General/1.0/">
         <sender>
            <reply-to>cn=File Connector,cn=CVZ File Connector,cn=soap nodes,o=system,cn=cordys,cn=development,o=local</reply-to>
            <organizationalContext/>
            <component>cn=CVZ File Connector,cn=soap nodes,o=system,cn=cordys,cn=development,o=local</component>
         </sender>
      </header>
   </soapenv:Header>
   <soapenv:Body>
      <soapenv:Fault>
         <faultcode xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/">ns0:Client</faultcode>
         <faultstring xml:lang="en-US">Access is denied for the method 'WriteFile'.</faultstring>
         <faultactor>http://schemas.cordys.com/1.0/ac/FileConnector</faultactor>
         <detail>
            <cordys:FaultDetails xmlns:cordys="http://schemas.cordys.com/General/1.0/">
               <cordys:LocalizableMessage>
                  <cordys:MessageCode>Cordys.ESBServer.Messages.accessDeniedOnMethod</cordys:MessageCode>
                  <cordys:Insertion>WriteFile</cordys:Insertion>
               </cordys:LocalizableMessage>
            </cordys:FaultDetails>
         </detail>
      </soapenv:Fault>
   </soapenv:Body>
</soapenv:Envelope>
Also when I put the everyone Role of the file connector.

What version of the product are you using? On what operating system?
I use CU18 on Linux

Original issue reported on code.google.com by rvdkimme...@gmail.com on 22 Aug 2011 at 7:03

GoogleCodeExporter commented 8 years ago 
Please give write permission for the cordys user on the directory /opt/. By 
default cordys user will have write permission only on the directory 
CORDYS_INSTALL_DIR/Web/.

try this:(assuming that CORDYS_INSTALL_DIR = /opt/Cordys/definst/)
<WriteFile xmlns="http://schemas.cordys.com/1.0/ac/FileConnector">
      <filename>/opt/Cordys/definst/Web/test.txt</filename>
      <append></append>
      <encoded></encoded>
      <charset></charset>
      <data>hello!!</data>
</WriteFile>

Original comment by srkrish...@cordys.com on 22 Aug 2011 at 7:31

GoogleCodeExporter commented 8 years ago 
This is not a right problem on the directory, but a ACL problem. There is no 
ACL on the everyone Role defined and no other Roles are defined. In this case 
the methods are blocked. Only when you have the Developer Role, you can execute 
the methods. This is done for testing purposes. However this is not what you 
want in production.

The solution would be to add an ACL to a Role and rebuild within BOP4?

Original comment by rvdkimme...@gmail.com on 23 Aug 2011 at 6:15

GoogleCodeExporter commented 8 years ago 
I have build the file connector with ACL and now it works fine

Original comment by rvdkimme...@gmail.com on 28 Sep 2011 at 12:39

GoogleCodeExporter commented 8 years ago 
Is this something that would benefit others as well?  Or is this something 
custom?

Maybe you can share a patch which could be incorporated into the file connector 
future versions.

Original comment by ma...@vandeveen.com on 29 Sep 2011 at 12:47

GoogleCodeExporter commented 8 years ago 
I have made a custom ACL file for our purposes, but it could be used as a basis 
to have a more elaborated ACL on the file connector.

Original comment by rvdkimme...@gmail.com on 29 Sep 2011 at 12:56

GoogleCodeExporter commented 8 years ago 
Okay, Then let's keep it custom. Nice to here that you were able to fix this 
yourself.

Original comment by mvdv...@cordys.com on 1 Oct 2011 at 9:41