Hyland Connect

durrell · ‎03-03-2010

I can't create folders in any of my sites using Share. Alfresco Explorer and CIFS work perfectly fine.

Server is Ubuntu 8.10 running MySQL, Tomcat, and Alfresco 3.2r Enterprise.

I need this fixed in a bad way. Alfresco is essentially useless to me right now since all of my end users use Share.

Only thing is I'm running Enterprise 3.2r (upgrade path has been 3.1 > 3.2 > 3.2r).

I see this error when trying to create a folder:

org.alfresco.repo.security.permissions.AccessDeniedException: 02030046 Access Denied. You do not have the appropriate permissions to perform this operation.

Turning on repo security debugging I see the following in catalina.out:


15:04:45,898 User:darryl DEBUG [impl.acegi.ACLEntryVoter] Method: public abstract org.alfresco.service.cmr.repository.ChildAssociationRef org.alfresco.service.cmr.repository.NodeService.createNode(org.alfresco.service.cmr.repository.NodeRef,org.alfresco.service.namespace.QName,org.alfresco.service.namespace.QName,org.alfresco.service.namespace.QName,java.util.Map) throws org.alfresco.service.cmr.repository.InvalidNodeRefException,org.alfresco.service.cmr.dictionary.InvalidTypeException
15:04:45,900 User:darryl DEBUG [impl.acegi.ACLEntryVoter] Permission test on node /{http://www.alfresco.org/model/application/1.0}company_home/{http://www.alfresco.org/model/site/1.0}s...
15:04:45,900 User:darryl DEBUG [impl.acegi.ACLEntryVoter] Node ref is not null
15:04:45,911 User:darryl DEBUG [impl.acegi.ACLEntryAfterInvocationProvider] Method: public abstract org.alfresco.service.cmr.repository.ChildAssociationRef org.alfresco.service.cmr.repository.NodeService.createNode(org.alfresco.service.cmr.repository.NodeRef,org.alfresco.service.namespace.QName,org.alfresco.service.namespace.QName,org.alfresco.service.namespace.QName,java.util.Map) throws org.alfresco.service.cmr.repository.InvalidNodeRefException,org.alfresco.service.cmr.dictionary.InvalidTypeException
15:04:45,911 User:darryl DEBUG [impl.acegi.ACLEntryAfterInvocationProvider] Child Association access
15:04:45,912 User:admin DEBUG [impl.acegi.ACLEntryVoter] Method: public abstract org.alfresco.service.namespace.QName org.alfresco.service.cmr.repository.NodeService.getType(org.alfresco.service.cmr.repository.NodeRef) throws org.alfresco.service.cmr.repository.InvalidNodeRefException
15:04:45,912 User:admin DEBUG [impl.acegi.ACLEntryAfterInvocationProvider] Method: public abstract org.alfresco.service.namespace.QName org.alfresco.service.cmr.repository.NodeService.getType(org.alfresco.service.cmr.repository.NodeRef) throws org.alfresco.service.cmr.repository.InvalidNodeRefException
15:04:45,912 User:admin DEBUG [impl.acegi.ACLEntryAfterInvocationProvider] Uncontrolled object - access allowed for org.springframework.aop.framework.ReflectiveMethodInvocation
15:04:45,912 User:admin DEBUG [impl.acegi.ACLEntryVoter] Method: public abstract java.util.Set org.alfresco.service.cmr.repository.NodeService.getAspects(org.alfresco.service.cmr.repository.NodeRef) throws org.alfresco.service.cmr.repository.InvalidNodeRefException
15:04:45,912 User:admin DEBUG [impl.acegi.ACLEntryVoter] Permission test on node /{http://www.alfresco.org/model/application/1.0}company_home/{http://www.alfresco.org/model/site/1.0}s...
15:04:45,912 User:admin DEBUG [impl.acegi.ACLEntryVoter] Node ref is not null
15:04:46,035 User:darryl DEBUG [impl.acegi.ACLEntryVoter] Permission is denied‍‍‍‍‍‍‍‍‍‍‍‍‍

sselvan · ‎03-04-2010

This is clearly a permissions issue, as you know already.
Your role probably is a Consumer or something like that.

You might want to check the role and upgrade the roles.

Also, do not do any operation via Alfresco Explore on Share Sites Spaces - just FYI.
It is not recommended by Alfresco to touch the Sites spaces via Alfresco Explore.

That apart - if you fix your permissions of the users, you should be able to get to create spaces.

hope this helps!

durrell · ‎03-04-2010

Well that was my initial thought, but that error is coming from the Alfresco admin user (me). I can't even create content as an admin, so something is definitely fishy.

pmonks · ‎03-04-2010

What authentication mechanism are you using? Alfresco native or something else (LDAP, ActiveDirectory, etc.)?

Cheers,
Peter

durrell · ‎03-04-2010

I'm using LDAP for authentication via web and for synchronization. Using Kerberos for CIFS authentication only.

sselvan · ‎03-05-2010

Are you able to add content or any other operation other than space creation? If so, the reason could be that you installed Alfresco Entreprise version 3.2r and the 30-days trial duration might have expired?

This could be a probable reason. If not, ignore it.

Hope thus was helpful!

durrell · ‎03-07-2010

We can upload files and delete them. We can also manage files from CIFS or Alfresco. This problem seems to be limited only to Share.

nl_ubik · ‎04-14-2010

Hello,

Did you find a solution at your problem because we encountered the same and we didn't find any solution ?

Thanks

mruflin · ‎05-10-2010

If you don't have alfrescoNTLM in your authentication chain, then this is the issue:
https://issues.alfresco.com/jira/browse/ALF-2352

dacedos · ‎07-23-2010

I am facing a similar issue when I try to create content from a personal wizard. We got a solution, by enabling dual access (Alfresco & LDAP) the problem is solved but client seems not to like that possibility since he wants only LDAP authentication and updating to 3.3 is not a affordable for us.

Everything works fine while creating content using the standard actions. Fail comes from BaseContentWizard:448 when Alfresco tries to NodeService().createNode(…)

Exception is truly similar to the message Durrell exposed before:

org.alfresco.repo.security.permissions.AccessDeniedException: 06220012 Access Denied.  You do not have the appropriate permissions to perform this operation.
   at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
   at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:148)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
   at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
   at $Proxy11.createNode(Unknown Source)
   at org.alfresco.web.bean.content.BaseContentWizard.saveContent(BaseContentWizard.java:448)
   at com.sysdoc.actions.creation.CreateDocumentWizard.importDocument(CreateDocumentWizard.java:481)
   at com.sysdoc.actions.creation.CreateDocumentWizard$3.doWork(CreateDocumentWizard.java:1199)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:514)
   at com.sysdoc.actions.creation.CreateDocumentWizard.next(CreateDocumentWizard.java:1203)
   at org.alfresco.web.bean.wizard.WizardManager.next(WizardManager.java:560)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:616)
   at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)
   at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
   at javax.faces.component.UICommand.broadcast(UICommand.java:109)
   at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
   at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
   at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
   at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
   at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
   at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:110)
   at sun.reflect.GeneratedMethodAccessor373.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:616)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:122)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
   at $Proxy163.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:74)
   at sun.reflect.GeneratedMethodAccessor373.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:616)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:122)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
   at $Proxy163.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
   at java.lang.Thread.run(Thread.java:636)
Caused by: net.sf.acegisecurity.AccessDeniedException: Access is denied.
   at net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:86)
   at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:394)
   at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
   at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)
   … 60 more
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

That wizard works perfectly when we validate users in Alfresco and also when authentication is set to dual (LDAP and Alfresco) but it doesn't when LDAP is the only method.

Thanks!

Hyland Connect

Lost the ability to create folders in Share