AnsweredAssumed Answered

Webscript - Access Denied when amp installed on 5.2

Question asked by mtsiak on Jul 25, 2017
Latest reply on Aug 4, 2017 by mtsiak

We are trying to upgrade to 5.2 (201704) and to ubuntu 16.04. For some of our amps that contain webscripts the above exeption is thrown

 

 2017-07-24 16:15:37,472  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-5] Begin retry transaction block: required,readonly
 2017-07-24 16:15:37,479  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-5] End retry transaction block: required,readonly
 2017-07-24 16:15:37,493  DEBUG [app.servlet.WebScriptSSOAuthenticationFilter] [http-apr-8080-exec-8] Processing request: /alfresco/wcs/remoteadm/update/alfresco/site-data/module-deployments/IT%20Center%20Module.xml SID:null
 2017-07-24 16:15:37,494  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-8] Current authentication: unauthenticated
 2017-07-24 16:15:37,494  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-8] Authentication required: user
 2017-07-24 16:15:37,495  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-8] Guest login requested: false
 2017-07-24 16:15:37,502  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-8] Authentication: authenticated as mtsiak
 2017-07-24 16:15:37,503  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-8] Transactional Response bypassed for ReadWrite - buffersize=0
 2017-07-24 16:15:37,505  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-8] Begin retry transaction block: required,readwrite
 2017-07-24 16:15:37,523  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-8] Transaction exception: required: 06240050 Access Denied.  You do not have the appropriate permissions to perform this operation.
 2017-07-24 16:15:37,525  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-8] Transaction status: 1
 2017-07-24 16:15:37,525  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-8] End retry transaction block: required,readwrite
 2017-07-24 16:15:37,529  DEBUG [web.scripts.RepositoryContainer] [http-apr-8080-exec-8] Authentication reset: unauthenticated
 2017-07-24 16:15:37,532  ERROR [extensions.webscripts.AbstractRuntime] [http-apr-8080-exec-8] Exception from executeScript: 06240050 Access Denied.  You do not have the appropriate permissions to perform this operation.
 org.alfresco.repo.security.permissions.AccessDeniedException: 06240050 Access Denied.  You do not have the appropriate permissions to perform this operation.
        at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:57)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:166)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
        at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at com.sun.proxy.$Proxy55.getWriter(Unknown Source)
        at org.alfresco.repo.web.scripts.bean.ADMRemoteStore$5.doWork(ADMRemoteStore.java:595)
        at org.alfresco.repo.web.scripts.bean.ADMRemoteStore$5.doWork(ADMRemoteStore.java:581)
        at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:555)
        at org.alfresco.repo.web.scripts.bean.ADMRemoteStore$5.doWork(ADMRemoteStore.java:581)
        at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:555)
        at org.alfresco.repo.web.scripts.bean.ADMRemoteStore.updateDocument(ADMRemoteStore.java:580)
        at org.alfresco.repo.web.scripts.bean.BaseRemoteStore.execute(BaseRemoteStore.java:297)
        at org.alfresco.repo.web.scripts.RepositoryContainer$3.execute(RepositoryContainer.java:512)
        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:464)
        at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:587)
        at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:656)
        at org.alfresco.repo.web.scripts.RepositoryContainer.executeScriptInternal(RepositoryContainer.java:428)
        at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:308)
        at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:399)
        at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:210)
        at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:75)
        at sun.reflect.GeneratedMethodAccessor467.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:132)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at com.sun.proxy.$Proxy226.doFilter(Unknown Source)
        at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.alfresco.web.app.servlet.WebScriptSSOAuthenticationFilter.doFilter(WebScriptSSOAuthenticationFilter.java:121)
        at sun.reflect.GeneratedMethodAccessor467.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:119)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at com.sun.proxy.$Proxy226.doFilter(Unknown Source)
        at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.alfresco.web.app.servlet.WebscriptCookieAuthenticationFilter.doFilter(WebscriptCookieAuthenticationFilter.java:84)
        at sun.reflect.GeneratedMethodAccessor467.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:132)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
        at com.sun.proxy.$Proxy226.doFilter(Unknown Source)
        at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:89)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:68)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
        at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2466)
        at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2455)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
Caused by: net.sf.acegisecurity.AccessDeniedException: Access is denied.
        at net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:86)
        at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:398)
        at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.alfresco.repo.model.ml.MLContentInterceptor.invoke(MLContentInterceptor.java:136)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
        ... 80 more

 

 

Is there any setting when writting webscripts that we are not concidering? Is there any setting in the endpoints missing (we have set our sso)? We have synced our ldap, and for now none user is admin, if this matters (but why the rest of our webscripts do not throw such exeption).

 

Thanks in advance.

Outcomes