Task #8721 (new)
BUG:Catch guest log in with specific message
| Reported by: | omero-qa | Owned by: | jamoore |
|---|---|---|---|
| Priority: | critical | Milestone: | OMERO-4.4.9 |
| Component: | Web | Keywords: | testing,phase1 |
| Cc: | web-team@… | Remaining Time: | 0.2d |
| Sprint: | n.a. | Resources: | n.a. |
| References: | n.a. | Referenced By: | n.a. |
Description
http://qa.openmicroscopy.org.uk/qa/feedback/4313/
Traceback (most recent call last):
File "/home/omero/apps/OMERO/OMERO.server/lib/python/django/core/handlers/base.py", line 92, in get_response
response = callback(request, *callback_args, **callback_kwargs)
File "/home/omero/apps/OMERO/OMERO.server/lib/python/omeroweb/webadmin/views.py", line 168, in wrapped
return f(request, *args, **kwargs)
File "/home/omero/apps/OMERO/OMERO.server/lib/python/omeroweb/webadmin/views.py", line 174, in wrapped
kwargs["firsttime"] = kwargs["conn"].isAnythingCreated()
File "/home/omero/apps/OMERO/OMERO.server-Beta-4.3.4/lib/python/omeroweb/webclient/webclient_gateway.py", line 259, in isAnythingCreated
if len(q.findAllByQuery(sql, p)) > 0:
File "/home/omero/apps/OMERO/OMERO.server/lib/python/omero/gateway/__init__.py", line 2959, in __call__
return self.handle_exception(e, *args, **kwargs)
File "/home/omero/apps/OMERO/OMERO.server-Beta-4.3.4/lib/python/omeroweb/webclient/webclient_gateway.py", line 1651, in handle_exception
e, *args, **kwargs)
File "/home/omero/apps/OMERO/OMERO.server/lib/python/omero/gateway/__init__.py", line 2956, in __call__
return self.f(*args, **kwargs)
File "/home/omero/apps/OMERO/OMERO.server/lib/python/omero_api_IQuery_ice.py", line 138, in findAllByQuery
return _M_omero.api.IQuery._op_findAllByQuery.invoke(self, ((query, params), _ctx))
SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: No matching roles found in [guest] for session ed989186-74fe-44df-bcfd-189867ff8a54 (allowed: [user])
at ome.security.basic.BasicMethodSecurity.checkMethod(BasicMethodSecurity.java:137)
at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:78)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy72.findAllByQuery(Unknown Source)
at sun.reflect.GeneratedMethodAccessor298.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179)
at ome.services.throttling.Callback.run(Callback.java:56)
at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:136)
at ome.services.blitz.impl.QueryI.findAllByQuery_async(QueryI.java:66)
at omero.api._IQueryTie.findAllByQuery_async(_IQueryTie.java:92)
at omero.api._IQueryDisp.___findAllByQuery(_IQueryDisp.java:366)
at omero.api._IQueryDisp.__dispatch(_IQueryDisp.java:496)
at IceInternal.Incoming.invoke(Incoming.java:159)
at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
at Ice.ConnectionI.message(ConnectionI.java:972)
at IceInternal.ThreadPool.run(ThreadPool.java:577)
at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)
serverExceptionClass = ome.conditions.SecurityViolation
message = No matching roles found in [guest] for session ed989186-74fe-44df-bcfd-189867ff8a54 (allowed: [user])
}
<WSGIRequest
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{'sessionid': 'a7040aa9541274491a74e46d35fc53c8'},
META:{'CONTENT_LENGTH': '',
'CONTENT_TYPE': 'text/plain',
'DJANGO_SETTINGS_MODULE': 'omeroweb.settings',
'GATEWAY_INTERFACE': 'CGI/1.1',
'HOME': '/home/omero',
'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
'HTTP_ACCEPT_LANGUAGE': 'es-es,es;q=0.8,en-us;q=0.5,en;q=0.3',
'HTTP_CONNECTION': 'keep-alive',
'HTTP_COOKIE': 'sessionid=a7040aa9541274491a74e46d35fc53c8',
'HTTP_HOST': '150.214.111.197:4080',
'HTTP_REFERER': 'http://150.214.111.197:4080/webclient/',
'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0',
'ICE_HOME': '/usr/share/Ice-3.3.1',
'JAVA_HOME': '/usr/lib/jvm/java-6-sun',
'LANG': 'en_US.UTF-8',
'LD_LIBRARY_PATH': '/usr/share/java:/usr/lib:',
'LOGNAME': 'omero',
'LS_COLORS': 'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:',
'MAIL': '/var/mail/omero',
'OMERO_HOME': '/home/omero/apps/OMERO/OMERO.server',
'PATH': '/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/usr/lib/jvm/java-6-sun/bin:/usr/share/Ice-3.3.1:/usr/lib/postgresql/8.4/bin:/home/omero/apps/OMERO/OMERO.server/bin',
'PATH_INFO': u'/webadmin/',
'POSTGRES_HOME': '/usr/lib/postgresql/8.4',
'PS1': '\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\u@\\h:\\w\\$ ',
'PWD': '/root',
'PYTHONPATH': '/usr/lib/pymodules/python2.6:/home/omero/apps/OMERO/OMERO.server/lib/python:/home/omero/apps/OMERO/OMERO.server/var/lib:/home/omero/apps/OMERO/OMERO.server/lib/fallback',
'QUERY_STRING': '',
'REMOTE_ADDR': '83.44.174.36',
'REMOTE_HOST': '',
'REQUEST_METHOD': 'GET',
'SCRIPT_NAME': u'',
'SERVER_NAME': 'ordenalfabetix',
'SERVER_PORT': '4080',
'SERVER_PROTOCOL': 'HTTP/1.1',
'SERVER_SOFTWARE': 'WSGIServer/0.1 Python/2.6.6',
'SHELL': '/bin/bash',
'SHLVL': '2',
'SSH_CLIENT': '192.168.242.6 41602 22',
'SSH_CONNECTION': '192.168.242.6 41602 192.168.142.145 22',
'SSH_TTY': '/dev/pts/0',
'TERM': 'xterm',
'TZ': 'Europe/London',
'USER': 'omero',
'_': '/home/omero/apps/OMERO/OMERO.server/bin/omero',
'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f7174fa91e0>,
'wsgi.file_wrapper': <class 'django.core.servers.basehttp.FileWrapper'>,
'wsgi.input': <socket._fileobject object at 0x334bd50>,
'wsgi.multiprocess': False,
'wsgi.multithread': True,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 0)}>
References
Change History
comment:1 Changed 14 months ago by atarkowska
- Priority changed from minor to critical
- Sprint set to 2012-05-22 (15)
- Milestone changed from Unscheduled to OMERO-Beta4.4
comment:5 Changed 13 months ago by jburel
- Sprint changed from 2012-05-22 (15) to 2012-06-05 (16)
Moved from sprint 2012-05-22 (15)
comment:6 Changed 13 months ago by atarkowska
- Owner changed from atarkowska to jmoore
Josh, could you please add isGuest to the event context, as I can only test guest user based on username. Guest cant use iQuery.
comment:7 Changed 13 months ago by jburel
- Sprint changed from 2012-06-05 (16) to 2012-06-19 (17)
Moved from sprint 2012-06-05 (16)
comment:8 Changed 13 months ago by atarkowska
Referring to the conversation with Josh in the past and other thoughts, the following issues are known as guest login:
- create omero session as anonymous user to get access only to the restricted number of methods in API marked as @PermitAll?
- enabling publi access to a specific account in webclient
# Enable public access to a specific account path/to/bin/omero config set omero.web.public.enabled True path/to/bin/omero config set omero.web.public.user <username> path/to/bin/omero config set omero.web.public.password <password>
The ticket above is mostly about the first problem where anonymous user is nothing else then user 'guest' in 'guest' group. Member of guest group can only access public method in the API.
It is not clear how both cases could be resolved via the same solution.
- Referring to the first
- Ola's suggestion was to give additional method 'createAnonymous' to give direct access to the server configuration and few additional methods.
path/to/bin/omero config set omero.anonymous.enabled True client = omero.client(host,port) conn = client.createAnonymous()
That would use 'guest account'. Guest user and group modification should be prohibited, but password, etc. (those details needs to be discussed).
- Josh's suggestion was to make 'guest' user member of 'user' group that gives standard access to the server.
Possibly more feedback/usecase needed.
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
