Hyland Connect

cfox · ‎11-25-2009

I am using the share proxy url to access many custom repository webscripts. However one reports back with "You do not have the appropriate permissions to perform this operation."   What are the possible causes?
Version Enterprise 3.1

Craig

Here is the error response:

{
    "status" :
{
    "code" : 500,
    "name" : "Internal Error",
    "description" : "An error inside the HTTP server which prevented it from fulfilling the request."
},

"message" : "Wrapped Exception (with status template): Failed to execute script '\/COP-Mindshare\/AuthorCountsDetailByCategory\/categoryAuthorDetailCounts.get.js (in repository store workspace:\/\/SpacesStore\/Company Home\/Data Dictionary\/Web Scripts Extensions)': Access Denied. You do not have the appropriate permissions to perform this operation.",
"exception" : "org.alfresco.web.scripts.WebScriptException - Wrapped Exception (with status template): Failed to execute script '\/COP-Mindshare\/AuthorCountsDetailByCategory\/categoryAuthorDetailCounts.get.js (in repository store workspace:\/\/SpacesStore\/Company Home\/Data Dictionary\/Web Scripts Extensions)': Access Denied. You do not have the appropriate permissions to perform this operation.",

"callstack" :
[
     ""      ,"net.sf.acegisecurity.AccessDeniedException: Access is denied."
      ,"net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:86)"
      ,"net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:394)"
      ,"net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)"
      ,"org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)"
      ,"org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)"
      ,"org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)"
      ,"org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:275)"
      ,"org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)"
      ,"org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)"
      ,"org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)"
      ,"org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)"
      ,"org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)"
      ,"$Proxy7.getProperties(Unknown Source)"
      ,"org.alfresco.repo.jscript.ScriptNode.getProperties(ScriptNode.java:588)"
      ,"org.alfresco.repo.jscript.ScriptNode.getName(ScriptNode.java:314)"
      ,"sun.reflect.GeneratedMethodAccessor852.invoke(Unknown Source)"
      ,"sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)"
      ,"java.lang.reflect.Method.invoke(Method.java:597)"
      ,"org.mozilla.javascript.MemberBox.invoke(MemberBox.java:155)"
      ,"org.mozilla.javascript.JavaMembers.get(JavaMembers.java:117)"
      ,"org.mozilla.javascript.NativeJavaObject.get(NativeJavaObject.java:113)"
      ,"org.mozilla.javascript.ScriptableObject.getProperty(ScriptableObject.java:1544)"
      ,"org.mozilla.javascript.ScriptRuntime.getObjectProp(ScriptRuntime.java:1375)"
      ,"org.mozilla.javascript.ScriptRuntime.getObjectProp(ScriptRuntime.java:1364)"
      ,"org.mozilla.javascript.gen.c494._c0(workspace:\/\/SpacesStore\/Company Home\/Data Dictionary\/Web Scripts Extensions\/COP-Mindshare\/AuthorCountsDetailByCategory\/categoryAuthorDetailCounts.get.js:59)"
      ,"org.mozilla.javascript.gen.c494.call(workspace:\/\/SpacesStore\/Company Home\/Data Dictionary\/Web Scripts Extensions\/COP-Mindshare\/AuthorCountsDetailByCategory\/categoryAuthorDetailCounts.get.js)"
      ,"org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:393)"
      ,"org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:2834)"
      ,"org.mozilla.javascript.gen.c494.call(workspace:\/\/SpacesStore\/Company Home\/Data Dictionary\/Web Scripts Extensions\/COP-Mindshare\/AuthorCountsDetailByCategory\/categoryAuthorDetailCounts.get.js)"
      ,"org.mozilla.javascript.gen.c494.exec(workspace:\/\/SpacesStore\/Company Home\/Data Dictionary\/Web Scripts Extensions\/COP-Mindshare\/AuthorCountsDetailByCategory\/categoryAuthorDetailCounts.get.js)"
      ,"org.alfresco.repo.jscript.RhinoScriptProcessor.executeScriptImpl(RhinoScriptProcessor.java:449)"
      ,"org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:174)"
      ,"org.alfresco.repo.processor.ScriptServiceImpl.executeScript(ScriptServiceImpl.java:274)"
      ,"org.alfresco.repo.web.scripts.RepositoryScriptProcessor.executeScript(RepositoryScriptProcessor.java:108)"
      ,"org.alfresco.web.scripts.AbstractWebScript.executeScript(AbstractWebScript.java:827)"
      ,"org.alfresco.web.scripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:90)"
      ,"org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:319)"
      ,"org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:322)"
      ,"org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:229)"
      ,"org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:368)"
      ,"org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:390)"
      ,"org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:273)"
      ,"org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:261)"
      ,"org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:139)"
      ,"org.alfresco.web.scripts.servlet.WebScriptServlet.service(WebScriptServlet.java:122)"
      ,"javax.servlet.http.HttpServlet.service(HttpServlet.java:717)"
      ,"org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)"
      ,"org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)"
      ,"org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)"
      ,"org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)"
      ,"org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)"
      ,"org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)"
      ,"org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)"
      ,"org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)"
      ,"org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)"
      ,"org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)"
      ,"org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)"
      ,"java.lang.Thread.run(Thread.java:619)"
      ,"org.alfresco.repo.security.permissions.AccessDeniedException: Access Denied. You do not have the appropriate permissions to perform this operation."
      ,"org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)"
      ,"org.alfresco.scripts.ScriptException: Failed to execute script '\/COP-Mindshare\/AuthorCountsDetailByCategory\/categoryAuthorDetailCounts.get.js (in repository store workspace:\/\/SpacesStore\/Company Home\/Data Dictionary\/Web Scripts Extensions)': Access Denied. You do not have the appropriate permissions to perform this operation."
      ,"org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:178)"
      ,"org.alfresco.web.scripts.WebScriptException: Wrapped Exception (with status template): Failed to execute script '\/COP-Mindshare\/AuthorCountsDetailByCategory\/categoryAuthorDetailCounts.get.js (in repository store workspace:\/\/SpacesStore\/Company Home\/Data Dictionary\/Web Scripts Extensions)': Access Denied. You do not have the appropriate permissions to perform this operation."
      ,"org.alfresco.web.scripts.AbstractWebScript.createStatusException(AbstractWebScript.java:622)"

],

"server" : "Alfresco Enterprise v3.1.0 (142) schema 1,008",
"time" : "Nov 25, 2009 3:48:06 PM"
}

mikeh · ‎12-02-2009

Looks like there's a node coming up in your webscript to which the executing user doesn't have permission to read the properties of.

Does it work if you go to the webscript directly (i.e. bypass the Share proxy)?

You can also wrap the problematic line of your webscript (line #59) ina try… catch block and logger.log() to determine which nodeRef is causing the problem. This might help track down why you're getting the Access Denied exception.

Thanks,
Mike

cfox · ‎12-09-2009

I solved the issue.

My server is running Enterprise 3.1. I found that when my script accessed the property cm:homeFolder it caused a security violation. I dont need this information so I just eliminated it.

I also found on Community 3.2 this error does NOT occur. There is no security violation.

mikeh · ‎12-10-2009

There have been some changes around accessing paths, etc. which means an administrator can remove the EVERYONE group from Data Dictionary for example and users would still be able to access scripts within by directly addressing them. It's possible a bug has crept in, so please raise a JIRA issue if you've got a reproducible case around that area.

Many thanks,
Mike

Hyland Connect

Repository webscript permission problem.