[CMS-12156] Content roots for different author groups: AccessDeniedException on hippo:request - Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Normal
Resolution: Won't Fix
Affects Version/s: 13.3.0
Fix Version/s: None
Component/s: None
Labels:
- client-service-team
- kpi-xm-old-feature

Flagged:

Flagged

Description

In case of multiple channels with different authors and editors, the access is restricted to the content path of the specific channel via security domains. In the CMS the user only sees the folders of the channel.

When an author of channel A initiates a publication request an AccessDeniedException occurs when an author or editor of channel B logs in the CMS:

30.08.2019 08:32:39 WARN  https-jsse-nio-8443-exec-1 [NodeIteratorImpl$FetchNext.perform:200] Failed to retrieve query result node b71e72b4-bc5c-4e2e-b564-1fe20fcb05f5
[INFO] [talledLocalContainer] javax.jcr.AccessDeniedException: cannot read item b71e72b4-bc5c-4e2e-b564-1fe20fcb05f5
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.ItemManager.createItemData(ItemManager.java:848) ~[jackrabbit-core-2.16.2-h3.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.ItemManager.getItemData(ItemManager.java:391) ~[jackrabbit-core-2.16.2-h3.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.ItemManager.getItem(ItemManager.java:328) ~[jackrabbit-core-2.16.2-h3.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.ItemManager.getItem(ItemManager.java:621) ~[jackrabbit-core-2.16.2-h3.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.query.lucene.NodeIteratorImpl$FetchNext.perform(NodeIteratorImpl.java:197) [jackrabbit-core-2.16.2-h3.jar:2.16.2-h3]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216) [jackrabbit-core-2.16.2-h3.jar:2.16.2-h3]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.query.lucene.NodeIteratorImpl.fetchNext(NodeIteratorImpl.java:183) [jackrabbit-core-2.16.2-h3.jar:2.16.2-h3]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.query.lucene.NodeIteratorImpl.initialize(NodeIteratorImpl.java:214) [jackrabbit-core-2.16.2-h3.jar:2.16.2-h3]
[INFO] [talledLocalContainer] 	at org.apache.jackrabbit.core.query.lucene.NodeIteratorImpl.hasNext(NodeIteratorImpl.java:163) [jackrabbit-core-2.16.2-h3.jar:2.16.2-h3]
[INFO] [talledLocalContainer] 	at org.hippoecm.repository.impl.RangeIteratorDecorator.hasNext(RangeIteratorDecorator.java:42) [hippo-repository-engine-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.frontend.plugins.reporting.ReportModel$1.hasNext(ReportModel.java:74) [hippo-cms-perspectives-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.markup.repeater.DefaultItemReuseStrategy$1.hasNext(DefaultItemReuseStrategy.java:68) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.markup.repeater.RefreshingView.addItems(RefreshingView.java:187) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.markup.repeater.RefreshingView.onPopulate(RefreshingView.java:97) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:124) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.internalBeforeRender(Component.java:950) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.beforeRender(Component.java:1018) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1826) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.onBeforeRender(Component.java:3918) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.frontend.service.render.AbstractRenderService.onBeforeRender(AbstractRenderService.java:525) [hippo-cms-api-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.internalBeforeRender(Component.java:950) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.beforeRender(Component.java:1018) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1826) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.onBeforeRender(Component.java:3918) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.frontend.service.render.AbstractRenderService.onBeforeRender(AbstractRenderService.java:525) [hippo-cms-api-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.internalBeforeRender(Component.java:950) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.beforeRender(Component.java:1018) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1826) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.onBeforeRender(Component.java:3918) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.internalBeforeRender(Component.java:950) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.beforeRender(Component.java:1018) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1826) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.onBeforeRender(Component.java:3918) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:143) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.internalBeforeRender(Component.java:950) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.beforeRender(Component.java:1018) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1826) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.onBeforeRender(Component.java:3918) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.internalBeforeRender(Component.java:950) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.beforeRender(Component.java:1018) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1826) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.onBeforeRender(Component.java:3918) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.frontend.plugins.standards.tabs.TabbedPanel.onBeforeRender(TabbedPanel.java:407) [hippo-cms-api-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.internalBeforeRender(Component.java:950) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.beforeRender(Component.java:1018) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1826) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.onBeforeRender(Component.java:3918) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.frontend.service.render.AbstractRenderService.onBeforeRender(AbstractRenderService.java:525) [hippo-cms-api-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.internalBeforeRender(Component.java:950) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.beforeRender(Component.java:1018) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1826) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.onBeforeRender(Component.java:3918) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Page.onBeforeRender(Page.java:801) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.frontend.PluginPage.onBeforeRender(PluginPage.java:252) [hippo-cms-engine-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.internalBeforeRender(Component.java:950) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.beforeRender(Component.java:1018) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.internalPrepareForRender(Component.java:2236) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Page.internalPrepareForRender(Page.java:242) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Component.render(Component.java:2327) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.Page.renderPage(Page.java:1018) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.frontend.PluginPage.renderPage(PluginPage.java:376) [hippo-cms-engine-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:124) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.frontend.Main$7$1.renderPage(Main.java:521) [hippo-cms-engine-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:236) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64) [wicket-request-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:284) [wicket-core-7.11.0.jar:7.11.0]
[INFO] [talledLocalContainer] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.hippoecm.frontend.plugins.login.ConcurrentLoginFilter.doFilter(ConcurrentLoginFilter.java:54) [hippo-cms-login-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.FilterChainInvokingValve.invoke(FilterChainInvokingValve.java:72) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.HstSitePipeline$Invocation.invokeNext(HstSitePipeline.java:288) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.JCRSessionStatefulConcurrencyValve.invoke(JCRSessionStatefulConcurrencyValve.java:56) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.HstSitePipeline$Invocation.invokeNext(HstSitePipeline.java:288) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.SubjectBasedSessionValve.invoke(SubjectBasedSessionValve.java:58) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.HstSitePipeline$Invocation.invokeNext(HstSitePipeline.java:288) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.SecurityValve.invoke(SecurityValve.java:177) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.HstSitePipeline$Invocation.invokeNext(HstSitePipeline.java:288) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.LocalizationValve.invoke(LocalizationValve.java:101) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.HstSitePipeline$Invocation.invokeNext(HstSitePipeline.java:288) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.CmsSecurityValve.invoke(CmsSecurityValve.java:60) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.HstSitePipeline$Invocation.invokeNext(HstSitePipeline.java:288) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.InitializationValve.invoke(InitializationValve.java:37) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.HstSitePipeline$Invocation.invokeNext(HstSitePipeline.java:288) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.HstSitePipeline.invokeValves(HstSitePipeline.java:173) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.HstSitePipeline.invoke(HstSitePipeline.java:155) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.core.container.HstRequestProcessorImpl.processRequest(HstRequestProcessorImpl.java:81) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.container.HstDelegateeFilterBean.doFilter(HstDelegateeFilterBean.java:497) [hst-core-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.container.DelegatingFilter.doFilter(DelegatingFilter.java:68) [hst-commons-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.hippoecm.hst.container.HstFilter.doFilter(HstFilter.java:51) [hst-commons-13.3.0.jar:13.3.0]
[INFO] [talledLocalContainer] 	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:96) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:41002) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [catalina.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-coyote.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-coyote.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836) [tomcat-coyote.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1839) [tomcat-coyote.jar:9.0.20]
[INFO] [talledLocalContainer] 	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:9.0.20]
[INFO] [talledLocalContainer] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_212-3-redhat]
[INFO] [talledLocalContainer] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_212-3-redhat]
[INFO] [talledLocalContainer] 	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:9.0.20]
[INFO] [talledLocalContainer] 	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_212-3-redhat]

This is caused by the query for the org.hippoecm.frontend.plugins.cms.dashboard.todo.TodoPlugin for the Pending Requests in the right column in the dashboard, as configured at /hippo:configuration/hippo:frontend/cms/cms-reports/todoReport/reporting:query.

It has hits for 'hippostdpubwf:request' nodes from the hidden content tree but actually retrieving the node throws the error.

Suggestion to at least improve the error handling (as it's difficult to exclude those search hits).

BTW also (easily) reproducible using the Domain Creation plugin on 12, see https://github.com/bloomreach-forge/domain-creation

Attachments

Activity

People

Assignee:: Jeroen Hoffman

Reporter:: Jeroen Hoffman

Owner:: Hippo Helpdesk

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 30/Aug/19 3:07 PM

Updated:: 27/Sep/19 3:31 PM

Resolved:: 27/Sep/19 3:31 PM