Hyland Connect

mrudmann · ‎02-01-2007

I am running Alfresco 1.4 with Tomcat and MySQL.

I activated the audit feature and am now Alfresco is acting strange for non admin users such that it won't permit these users to access areas of Alfresco which they should definitely be able to do so (like My Alfresco, etc.)

Upon looking in the catalina.out log file, I now see that there is some type of permissions problem. Non admin users are creating exception dumps in the log file and there is an accompanying message indication "Accessdeniedexception" etc.

Your help is greatly appreciated!

—————— part of the log file is shown below ——————

here is another exception that is thrown in the log file…

INFO: Server startup in 56614 ms
16:02:27,718 ERROR [[localhost].[/alfresco].[jsp]] Servlet.service() for servlet jsp threw exception
org.alfresco.repo.audit.AuditException: Failed to audit exception
        at org.alfresco.repo.audit.AuditComponentImpl.auditImpl(AuditComponentImpl.java:229)
        at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:156)
        at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:61)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:170)

…some more of the log file…

Caused by: org.alfresco.repo.security.permissions.AccessDeniedException: Access Denied. You do not have the appropriate permissions to perform this operation

andy · ‎02-02-2007

Hi

Can you post your audit configuration and I will take a look.

Regards

Andy

mrudmann · ‎02-02-2007

A comment…

I noticed that when I "invited" the user to the space and gave them a role, the exceptions went away in the log file fo rthis user. What does not seem right, however, is that exceptions are thrown when a user who is not invited to the space logs in. Perhaps my config is not right? I only changed one item in the auditConfig - I set enable=true.

Here is the full auditConfug.xml…

<?xml version='1.0' encoding='UTF-8'?>

<!– Default Audit Configuration –>

<Audit xmlns="http://www.alfresco.org/model/audit/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" enabled="true" auditInternal="false" mode="all">

    <!–                –>
    <!– Global options –>
    <!–                –>

    <!– Do not record any additional information –>

    <RecordOptions>
        <recordPath>false</recordPath>
        <recordFilters>false</recordFilters>
        <recordSerializedReturnValue>false</recordSerializedReturnValue>
        <recordSerializedExceptions>false</recordSerializedExceptions>
        <recordSerializedMethodArguments>false</recordSerializedMethodArguments>
        <recordSerializedKeyPropertiesBeforeInvocation>false</recordSerializedKeyPropertiesBeforeInvocation>
        <recordSerializedKeyPropertiesAferInvocation>false</recordSerializedKeyPropertiesAferInvocation>
    </RecordOptions>

    <!–                          –>
    <!– Specific service options –>
    <!–                          –>

    <Service name="ServiceRegistry" mode="none" enabled="false"/>

    <!– The action service –>

    <Service name="ActionService" mode="none">
        <Method name="executeAction" mode="all" auditInternal="true"/>
        <Method name="saveAction" mode="all"/>
        <Method name="removeAction" mode="all"/>
        <Method name="removeAllActions" mode="all"/>
    </Service>

    <!– The COCI Service –>

    <Service name="CheckOutCheckInService">
        <Method name="getWorkingCopy" mode="none"/>
    </Service>

    <!– The DictionaryService –>
    <!– There are no audtiable methods in the data dictionary service –>
    <Service name="DictionaryService" mode="none" enabled="false"/>

    <!– The Lock Service –>

    <Service name="LockService">
        <Method name="getLockStatus" mode="none"/>
        <Method name="getLockType" mode="none"/>
        <Method name="getLocks" mode="none"/>
    </Service>

    <!– The File/Folder Service –>

    <Service name="FileFolderService" mode="none">
        <Method name="rename" mode="all"/>
        <Method name="move" mode="all"/>
        <Method name="copy" mode="all" auditInternal="true"/>
        <Method name="create" mode="all"/>
        <Method name="delete" mode="all"/>
        <Method name="makeFolders" mode="all"/>
        <Method name="getWriter" mode="all"/>
    </Service>

    <Service name="ContentService" mode="none">
        <Method name="getWriter" mode="all"/>
    </Service>

    <Service name="CopyService" mode="none">
        <Method name="copy" mode="all" auditInternal="true"/>
    </Service>

    <!– The MimetypeService –>
    <!– There are no audtiable methods in the mime type service –>
    <Service name="MimetypeService" mode="none" enabled="false"/>

    <Service name="NodeService" mode="none">
        <Method name="createStore" mode="all"/>
        <Method name="createNode" mode="all"/>
        <Method name="moveNode" mode="all"/>
        <Method name="setChildAssociationIndex" mode="all"/>
        <Method name="setType" mode="all"/>
        <Method name="addAspect" mode="all"/>
        <Method name="removeAspect" mode="all"/>
        <Method name="deleteNode" mode="all"/>
        <Method name="addChild" mode="all"/>
        <Method name="removeChild" mode="all"/>
        <Method name="setProperties" mode="all"/>
        <Method name="setProperty" mode="all"/>
        <Method name="createAssociation" mode="all"/>
        <Method name="removeAssociation" mode="all"/>
        <Method name="restoreNode" mode="all"/>
    </Service>

    <Service name="ScriptService" auditInternal="true"/>

    <Service name="TemplateService" auditInternal="true">
        <Method name="getTemplateProcessor" mode="none"/>
    </Service>

    <Service name="RuleService" mode="none" auditInternal="true">
        <Method name="disableRules" mode="all"/>
        <Method name="enableRules" mode="all"/>
        <Method name="disableRule" mode="all"/>
        <Method name="enableRule" mode="all"/>
        <Method name="createRule" mode="all"/>
        <Method name="saveRule" mode="all"/>
        <Method name="removeRule" mode="all"/>
        <Method name="removeAllRules" mode="all"/>
    </Service>

    <Service name="CategoryService" mode="none">
        <Method name="createClassifiction" mode="all"/>
        <Method name="createRootCategory" mode="all"/>
        <Method name="createCategory" mode="all"/>
        <Method name="deleteClassification" mode="all"/>
        <Method name="deleteCategory" mode="all"/>
    </Service>

    <Service name="SearchService" mode="none" enabled="false"/>

    <Service name="AuthenticationService" mode="none">
        <Method name="createAuthentication" mode="all"/>
        <Method name="updateAuthentication" mode="all"/>
        <Method name="setAuthentication" mode="all"/>
        <Method name="deleteAuthentication" mode="all"/>
        <Method name="setAuthenticationEnabled" mode="all"/>
        <Method name="authenticate" mode="all"/>
        <Method name="authenticateAsGuest" mode="all"/>
        <Method name="authenticationExists" mode="all"/>
        <Method name="invalidateUserSession" mode="all"/>
        <Method name="invalidateTicket" mode="all"/>
        <Method name="validate" mode="all"/>
        <Method name="clearCurrentSecurityContext" mode="all"/>
    </Service>

    <Service name="AuthorityService" mode="none">
        <Method name="createAuthority" mode="all"/>
        <Method name="addAuthority" mode="all"/>
        <Method name="removeAuthority" mode="all"/>
        <Method name="deleteAuthority" mode="all"/>
    </Service>

    <Service name="OwnableService" mode="none">
        <Method name="setOwner" mode="all"/>
        <Method name="takeOwnership" mode="all"/>
    </Service>

    <Service name="PermissionService" mode="none">
        <Method name="deletePermissions" mode="all"/>
        <Method name="clearPermission" mode="all"/>
        <Method name="deletePermission" mode="all"/>
        <Method name="setPermission" mode="all"/>
        <Method name="setInheritParentPermissions" mode="all"/>
    </Service>

    <Service name="PersonService" mode="none">
        <Method name="setCreateMissingPeople" mode="all"/>
        <Method name="setPersonProperties" mode="all"/>
        <Method name="createPerson" mode="all"/>
        <Method name="deletePerson" mode="all"/>
    </Service>

    <Service name="VersionService" mode="none">
        <Method name="createVersion" mode="all"/>
        <Method name="revert" mode="all"/>
        <Method name="restore" mode="all"/>
        <Method name="deleteVersionHistory" mode="all"/>
    </Service>

    <Service name="ExporterService"/>

    <Service name="ImporterService"/>

    <Service name="RepositoryExporterService"/>

    <Service name="DescriptorService" mode="none" enabled="false"/>

    <Service name="LicenseService" mode="none" enabled="false"/>

    <Service name="NamespaceService" mode="none" enabled="false"/>

    <Service name="TransactionService" mode="none" enabled="false"/>

    <Service name="WorkflowService" auditInternal="true">
        <Method name="isDefinitionDeployed" mode="none"/>
        <Method name="getDefinitions" mode="none"/>
        <Method name="getDefinitionById" mode="none"/>
        <Method name="getDefinitionByName" mode="none"/>
        <Method name="getActiveWorkflows" mode="none"/>
        <Method name="getWorkflowPaths" mode="none"/>
        <Method name="getTasksForWorkflowPath" mode="none"/>
        <Method name="getTaskById" mode="none"/>
        <Method name="getAssignedTasks" mode="none"/>
        <Method name="getPooledTasks" mode="none"/>
    </Service>

</Audit>

andy · ‎02-05-2007

Hi

Auditing will log exceptions.

The exception should be logged - and you should still see the original exception (it should not fail to audit the exception).

I will check this out.

FYI: In the audit config mode can be : none, all, success, fail.

Regards

Andy

mrudmann · ‎02-05-2007

Andy,
Thanks for the reply.

FYI…

I didn't interrogate the table to see if the exceptions were written to the audit tables. However, what concerned me most was that a user name which was not invited to a space, was totally locked up. this particular user could not access any links and some of the screen display was flaky (I could see a jsp tag bleed through on the dash).

Once I invited this user to the space, all worked well and auditing could be turned on. However, I now had to have this user permitted to use the space.

Thanks for your research. I am eager to resolve this so I can turn auditing back on. So, if you need more info from me, feel free to ask.

Thanks!
-Matt

andy · ‎02-05-2007

Hi

I have just tried this against 2.0 and all is fine.

There may be an issue displaying some templates when the parent of a node is not visable to the user. The exception is audited and reported as expected.

Can you send the permission structure. Have you got any custom templates shown? What do they do? If they fail you can end up with a munged page. That is my guess. (You can go to another page and hide the custom template - if this works then it is the template)

Regards

Andy

mrudmann · ‎02-05-2007

Andy,

We have a user named EMS, this user has been assigned All roles to a space called "EMS document Manager." When this user logs in and if the audit feature is turned on, all links on the dash are "dead" in that they don't work. Also, we have setup this user so that the components visible are the "My Tasks to Do" component.

Does this user have to be added to the "Company Home" and "Users" spaces as well via the "manage space users" function? I wouldn't think an explicit addition like this would be required, but when I added the EMS user to the "Company Home" space, the audit feature could successfully be turned on. Further, we are not using a custom template.

The home space for this user is as follows:
/Company Home/Users/EMS Document Manager

this is the tag information that is "bleeding through" on the screen: <td style="padding:2px;text-align:left"

Any help is appreciated.

-Matt

andy · ‎02-06-2007

Hi

Have you changed anything in the permssion model?

What exacly breaks in the dashboard?
Can you reconfigure it and show the dashlets in a different order, or add them one at a time? Does this have any effect on what is shown?

I think there is an error displaying something in a dashlet for some reason.

Regards

Andy

meenakshipmv · ‎01-23-2012

Hi Andy,
                 I am using Alfresco 2.1 and when trying to deploy the war it is throwing the same exception and i couldnt find the solution.. Please send me the soln… As soon as possible. For reference i am sending bit exception displayed in console

org.alfresco.repo.audit.AuditException: Failed to audit exception
        at org.alfresco.repo.audit.AuditComponentImpl.auditImpl(AuditComponentIm
pl.java:275)
        at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.j
ava:191)
        at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInte
rceptor.java:69)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:176)
        at org.springframework.transaction.interceptor.TransactionInterceptor.in
voke(TransactionInterceptor.java:107)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:176)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynami
cAopProxy.java:210)
        at $Proxy43.createPackage(Unknown Source)
        at org.alfresco.repo.workflow.WorkflowInterpreter.executeCommand(Workflo
wInterpreter.java:1275)
        at org.alfresco.repo.workflow.WorkflowInterpreter.access$100(WorkflowInt
erpreter.java:83)
        at org.alfresco.repo.workflow.WorkflowInterpreter$1$1.doWork(WorkflowInt
erpreter.java:288)
        at org.alfresco.repo.workflow.WorkflowInterpreter$1$1.doWork(WorkflowInt
erpreter.java:286)
        at org.alfresco.repo.transaction.TransactionUtil.executeInTransaction(Tr
ansactionUtil.java:189)
        at org.alfresco.repo.transaction.TransactionUtil.executeInUserTransactio
n(TransactionUtil.java:89)
        at org.alfresco.repo.workflow.WorkflowInterpreter$1.doWork(WorkflowInter
preter.java:284)
        at org.alfresco.repo.workflow.WorkflowInterpreter$1.doWork(WorkflowInter
preter.java:282)
        at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(Au
thenticationUtil.java:260)
        at org.alfresco.repo.workflow.WorkflowInterpreter.interpretCommand(Workf
lowInterpreter.java:280)
        at org.alfresco.repo.workflow.WorkflowInterpreter.onBootstrap(WorkflowIn
terpreter.java:149)
        at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLi
fecycleBean.java:62)
        at org.springframework.context.event.SimpleApplicationEventMulticaster$1
.run(SimpleApplicationEventMulticaster.java:77)
        at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecut
or.java:49)
        at org.springframework.context.event.SimpleApplicationEventMulticaster.m
ulticastEvent(SimpleApplicationEventMulticaster.java:75)
        at org.springframework.context.support.AbstractApplicationContext.publis
hEvent(AbstractApplicationContext.java:241)
        at org.springframework.context.support.AbstractApplicationContext.refres
h(AbstractApplicationContext.java:349)
        at org.springframework.web.context.support.AbstractRefreshableWebApplica
tionContext.refresh(AbstractRefreshableWebApplicationContext.java:156)
        at org.springframework.web.context.ContextLoader.createWebApplicationCon
text(ContextLoader.java:246)
        at org.springframework.web.context.ContextLoader.initWebApplicationConte
xt(ContextLoader.java:184)
        at org.springframework.web.context.ContextLoaderListener.contextInitiali
zed(ContextLoaderListener.java:49)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContex
t.java:3764)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4
216)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase
.java:760)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:74
0)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)

        at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)

        at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714
)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490
)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java
:311)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(Lifecycl
eSupport.java:120)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)

        at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)

        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443
)
        at org.apache.catalina.core.StandardService.start(StandardService.java:4
48)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:700
)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

Hyland Connect

Failed audit exception