incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reto Bachmann-Gmür (JIRA) <j...@apache.org>
Subject [jira] Commented: (CLEREZZA-34) cookie authentication module requires anonymous to have read access to content graph
Date Tue, 15 Dec 2009 14:05:18 GMT

    [ https://issues.apache.org/jira/browse/CLEREZZA-34?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12790747#action_12790747
] 

Reto Bachmann-Gmür commented on CLEREZZA-34:
--------------------------------------------

For things to work typerendering should read the content-graph as priviledged, the exception
one gets is:

java.security.AccessControlException: access denied (org.apache.clerezza.rdf.core.access.security.TcPermission
http://tpf.localhost/content.graph read)
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342)
	at java.security.AccessController.checkPermission(AccessController.java:553)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at org.apache.clerezza.rdf.core.access.TcManager.getMGraph(TcManager.java:351)
	at org.apache.clerezza.platform.graphprovider.content.ContentGraphProvider.getContentGraph(ContentGraphProvider.java:113)
	at org.apache.clerezza.platform.typerendering.RenderletRendererFactoryImpl.getRenderer(RenderletRendererFactoryImpl.java:115)
	at org.apache.clerezza.platform.typerendering.RenderletRendererFactoryImpl.createRenderer(RenderletRendererFactoryImpl.java:110)
	at org.apache.clerezza.platform.typerendering.GenericGraphNodeMBW.writeTo(GenericGraphNodeMBW.java:138)
	at org.apache.clerezza.platform.typerendering.GenericGraphNodeMBW.writeTo(GenericGraphNodeMBW.java:74)
	at org.apache.clerezza.triaxrs.ResponseProcessor$1.writeTo(ResponseProcessor.java:314)
	at org.apache.clerezza.triaxrs.ResponseProcessor$1.access$200(ResponseProcessor.java:261)
	at org.apache.clerezza.triaxrs.ResponseProcessor$1$3.run(ResponseProcessor.java:294)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:416)
	at org.apache.clerezza.triaxrs.ResponseProcessor$1.writeTo(ResponseProcessor.java:290)
	at org.wymiwyg.wrhapi.osgi.OsgiWebServerFactory$1.service(OsgiWebServerFactory.java:110)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
	at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:502)
	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:389)
	at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.handle(HttpServiceServletHandler.java:64)
	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
	at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.handle(HttpServiceContext.java:111)
	at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:64)
	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
	at org.mortbay.jetty.Server.handle(Server.java:326)
	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534)
	at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:864)
	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:539)
	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
	at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
	at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:520)


> cookie authentication module requires anonymous to have read access to content graph
> ------------------------------------------------------------------------------------
>
>                 Key: CLEREZZA-34
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-34
>             Project: Clerezza
>          Issue Type: Bug
>            Reporter: Reto Bachmann-Gmür
>            Assignee: Reto Bachmann-Gmür
>
> On Tue, Dec 15, 2009 at 2:29 PM, Oliver Strässer <oliver.straesser@getunik.com>
wrote:
>     I want to protect the hole clerezza system, so that no not allowed user can view
or enter the system.
>      
>     in the past i delete the anonymous right for reading the content.graph - if i do
this in the newest versio, i got an exception because the cookie ?! bundle needs to read the
content graph.
>      
>      
>     so my question:
>      
>     how can i protect the system?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message