Task #2609 (closed)
Opened 14 years ago
Closed 14 years ago
BUG: Guest account has no password set in database
| Reported by: | atarkowska | Owned by: | atarkowska |
|---|---|---|---|
| Priority: | blocker | Milestone: | OMERO-Beta4.2.1 |
| Component: | Configuration | Version: | n.a. |
| Keywords: | n.a. | Cc: | |
| Resources: | n.a. | Referenced By: | n.a. |
| References: | n.a. | Remaining Time: | n.a. |
| Sprint: | n.a. |
Description (last modified by atarkowska)
omero=> select * from password;
experimenter_id | hash | dn
-----------------+--------------------------+-----------------------------------------------------
0 | vvFwuczAmpyoRC0Nsv8FCw== |
1 | |
2 | vvFwuczAmpyoRC0Nsv8FCw== |
...
Then error occurred
File "/Users/ola/Dev/omero/dist/lib/python/omero_api_IAdmin_ice.py", line 386, in getEventContext
return _M_omero.api.IAdmin._op_getEventContext.invoke(self, ((), _ctx))
SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: No matching roles found in [guest] for session 2c4d28e1-92a4-49fe-8516-604007507b01 (allowed: [user])
at ome.security.basic.BasicMethodSecurity.checkMethod(BasicMethodSecurity.java:136)
at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:78)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:40)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy65.getEventContext(Unknown Source)
at sun.reflect.GeneratedMethodAccessor248.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:592)
at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179)
at ome.services.throttling.Callback.run(Callback.java:56)
at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:132)
at ome.services.blitz.impl.AdminI.getEventContext_async(AdminI.java:211)
at omero.api._IAdminTie.getEventContext_async(_IAdminTie.java:197)
at omero.api._IAdminDisp.___getEventContext(_IAdminDisp.java:1368)
at omero.api._IAdminDisp.__dispatch(_IAdminDisp.java:1519)
at IceInternal.Incoming.invoke(Incoming.java:159)
at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
at Ice.ConnectionI.message(ConnectionI.java:972)
at IceInternal.ThreadPool.run(ThreadPool.java:577)
at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)
serverExceptionClass = ome.conditions.SecurityViolation
message = No matching roles found in [guest] for session 2c4d28e1-92a4-49fe-8516-604007507b01 (allowed: [user])
}
When I changed the password on the db level to "guest", there is no problem with connection.
Change History (8)
comment:1 Changed 14 years ago by atarkowska
- Description modified (diff)
- Owner set to jmoore
comment:2 Changed 14 years ago by atarkowska
- Description modified (diff)
comment:3 Changed 14 years ago by atarkowska
- Description modified (diff)
comment:4 Changed 14 years ago by jmoore
comment:5 Changed 14 years ago by jmoore
comment:6 Changed 14 years ago by jmoore
(In [7623]) Permitting "guest" user to call IAdmin.getEventContext and other methods (See #2609)
original-svn-id: file:///home/svn/omero/branches/Beta4.2@7615 05709c45-44f0-0310-885b-81a1db45b4a6
comment:7 Changed 14 years ago by jmoore
- Owner changed from jmoore to atarkowska
There was some discussion on devteam about the fact that the OmeroClients SDKs prevent "" as a password. No clear TODO came from that discussion, since there is a workaround of passing any string "SUPER_SECRET", "guest", etc. for any user who has an empty password. Ola and Carlos are examining usage in the blitz gateway and so I'm passing this off.
There may need to be some refactoring of the guest usage in general, including the SDKs allowing "" as password, the UIs not displaying a password box at all for user == "guest", etc. If that's the case, a "Guest" story should be created with all the individual tasks.
comment:8 Changed 14 years ago by atarkowska
- Resolution set to fixed
- Status changed from new to closed
The exception that's returned doesn't say that the user doesn't have a password set, but rather that the user doesn't have permissions to run the getEventContext. I'm fairly sure, that even after you set the password, the IAdmin.getEventContext would still fail. If you think otherwise, I'll need to see a test.
The fact that the "guest" users password is blank is fine. It means that any password will suffice. (Just not the blank password "" since the omero.client object doesn't allow an empty password for historical reasons)
However, there is a problem here. The guest user does need access to more methods. Do you know which methods you'll be using? Then for 4.2.1, we can add the @PermitAll annotation to let the guest user in.