Trouble detect when click on Notification button from web App
Closed this issue · 1 comments
i've tested the web front dockdockuPlm ran with
npm run dev
I was connected with an administrator account. Once connected, i've selected a workspace and clicked on notification button and the user was disconnected with this message :
you not allowed to access this resource, you must be connected
In server side the following logs was displayed :
[2018-08-14T10:31:28.835+0200] [Payara 4.1] [INFOS] [] [javax.enterprise.system.core.security] [tid: _ThreadID=28 _ThreadName=http-thread-pool::http-listener-1(5)] [timeMillis: 1534235488835] [levelValue: 800] [[ JACC Policy Provider: Failed Permission Check, context(eplmp-server-ear/eplmp-server-ejb_jar)- permission(("javax.security.jacc.EJBMethodPermission" "UserManagerBean" "checkWorkspaceReadAccess,Local,java.lang.String"))]]
[2018-08-14T10:31:28.838+0200] [Payara 4.1] [AVERTISSEMENT] [AS-EJB-00056] [javax.enterprise.ejb.container] [tid: _ThreadID=28 _ThreadName=http-thread-pool::http-listener-1(5)] [timeMillis: 1534235488838] [levelValue: 900] [[
A system exception occurred during an invocation on EJB UserManagerBean, method: public org.polarsys.eplmp.core.common.User org.polarsys.eplmp.server.UserManagerBean.checkWorkspaceReadAccess(java.lang.String) throws org.polarsys.eplmp.core.exceptions.UserNotFoundException,org.polarsys.eplmp.core.exceptions.UserNotActiveException,org.polarsys.eplmp.core.exceptions.WorkspaceNotFoundException,org.polarsys.eplmp.core.exceptions.WorkspaceNotEnabledException]
[2018-08-14T10:31:28.838+0200] [Payara 4.1] [AVERTISSEMENT] [] [javax.enterprise.ejb.container] [tid: _ThreadID=28 _ThreadName=http-thread-pool::http-listener-1(5)] [timeMillis: 1534235488838] [levelValue: 900] [[
javax.ejb.AccessLocalException: Client not authorized for this invocation
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1976)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:210)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:90)
at com.sun.proxy.$Proxy489.checkWorkspaceReadAccess(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.weld.util.reflection.Reflections.invokeAndUnwrap(Reflections.java:433)
BUG DETECTED
After than, i've tried to reconnect the same user and the same error was appeared and the connection was impossible (each time i've tried to log in it had redirected me to log in page ).
Seems to be the same error for customization request. After analyse the code, seems than 'admin' user have not the right to do this. So, don't you think than this will be better to remove this action from the panel of possibilities when 'admin' user try to see information about user's workspace ?