I’m getting an error on startup. This is after importing a 6.0.8 solution into 6.1.2, and it happens during authentication. The location of the problem is this line in the authentication solution:
var returnUID = security.createUser(selpaHyphenUser,fsUserInfo['usr_password_hash'],fsUserInfo['usr_user_info_id'])
The error in the console is:
Can't create user: Design-Designer, only admin users can create/change security stuff
> com.servoy.j2db.persistence.RepositoryException: You don't have access to view this data
Why do you create a user in the authenticator solution?
You can call security.login() in there with a user that does not exist, only the groups have to exist.
When this error is thrown you should see some info in the log file as well.
we do the same inside our authenticator solution, because that’s the only way to make the auto enter’s work with colums like: created_by & modified_by.
(besides that we don’t use the servoy-security, but has our own security)
We tried to login first with an admin account, inside the authenticator, and than create the user, but that also does not work!
so for now, we enabled the property in the servoy-admin page, to access the repository-tables.
For auto-enter creation-username/creation-useruid to work, the user does not have to exist in Servoy security, there is no need to create a user for that.
I commented out that line, and the error went away. Thank you for pointing out that the user doesn’t need to exist.
I’m mystified that the user doesn’t have to exist first, and also that the error never occurred in the previous version (6.0.8). If security.login() doesn’t verify against some sort of internal password mechanism, then why can’t we bypass the internal mechanism entirely, for the user to get into the program?
Thank you
Don
Here are the messages from the server log related to the error,
2012-11-28 01:55 authenticator ERROR com.servoy.j2db.util.Debug Can't create user: Design-Designer, only admin users can create/change security stuff A4A8AC95-872C-4209-AA5C-17B51449A2F8 SELPA_authenticate
com.servoy.j2db.persistence.RepositoryException: You don't have access to view this data
at com.servoy.eclipse.core.repository.EclipseUserManager.checkForAdminUser(EclipseUserManager.java:102)
at com.servoy.eclipse.model.repository.WorkspaceUserManager.createUser(WorkspaceUserManager.java:1947)
at com.servoy.eclipse.core.repository.SwitchableEclipseUserManager.createUser(SwitchableEclipseUserManager.java:182)
at com.servoy.j2db.scripting.JSSecurity.js_createUser(JSSecurity.java:671)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:158)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:311)
at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1768)
at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:837)
at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:158)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:406)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3192)
at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:156)
at com.servoy.j2db.scripting.ScriptEngine.executeFunction(ScriptEngine.java:574)
at com.servoy.j2db.debug.RemoteDebugScriptEngine.executeFunction(RemoteDebugScriptEngine.java:398)
at com.servoy.j2db.scripting.ScopesScope.executeGlobalFunction(ScopesScope.java:172)
at com.servoy.j2db.FormManager.makeSolutionSettings(FormManager.java:384)
at com.servoy.j2db.debug.DebugHeadlessClient$DebugWebFormManager.makeSolutionSettings(DebugHeadlessClient.java:77)
at com.servoy.j2db.FormManager$1.run(FormManager.java:162)
at com.servoy.j2db.server.headlessclient.SessionClient.invokeAndWait(SessionClient.java:1218)
at com.servoy.j2db.server.headlessclient.SessionClient.invokeLater(SessionClient.java:1208)
at com.servoy.j2db.FormManager.propertyChange(FormManager.java:158)
at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:339)
at javax.swing.event.SwingPropertyChangeSupport.firePropertyChange(SwingPropertyChangeSupport.java:75)
at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:276)
at com.servoy.j2db.J2DBGlobals.firePropertyChange(J2DBGlobals.java:90)
at com.servoy.j2db.server.headlessclient.SessionClient.solutionLoaded(SessionClient.java:507)
at com.servoy.j2db.ClientState.loadSolutionsAndModules(ClientState.java:1428)
at com.servoy.j2db.server.headlessclient.SessionClient.loadSolution(SessionClient.java:283)
at com.servoy.j2db.debug.DebugHeadlessClient.loadSolution(DebugHeadlessClient.java:178)
at com.servoy.j2db.server.headlessclient.SessionClient.loadSolution(SessionClient.java:258)
at com.servoy.j2db.server.main.Zp.run(Zp.java:18)
at java.lang.Thread.run(Thread.java:680)
2012-11-28 01:55 authenticator ERROR com.servoy.j2db.util.Debug Access to repository server denied to client code, see admin property servoy.application_server.allowClientRepositoryAccess A4A8AC95-872C-4209-AA5C-17B51449A2F8 SELPA_authenticate
java.lang.IllegalAccessException
at com.servoy.eclipse.core.repository.EclipseUserManager.checkForAdminUser(EclipseUserManager.java:101)
at com.servoy.eclipse.model.repository.WorkspaceUserManager.createUser(WorkspaceUserManager.java:1947)
at com.servoy.eclipse.core.repository.SwitchableEclipseUserManager.createUser(SwitchableEclipseUserManager.java:182)
at com.servoy.j2db.scripting.JSSecurity.js_createUser(JSSecurity.java:671)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:158)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:311)
at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1768)
at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:837)
at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:158)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:406)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3192)
at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:156)
at com.servoy.j2db.scripting.ScriptEngine.executeFunction(ScriptEngine.java:574)
at com.servoy.j2db.debug.RemoteDebugScriptEngine.executeFunction(RemoteDebugScriptEngine.java:398)
at com.servoy.j2db.scripting.ScopesScope.executeGlobalFunction(ScopesScope.java:172)
at com.servoy.j2db.FormManager.makeSolutionSettings(FormManager.java:384)
at com.servoy.j2db.debug.DebugHeadlessClient$DebugWebFormManager.makeSolutionSettings(DebugHeadlessClient.java:77)
at com.servoy.j2db.FormManager$1.run(FormManager.java:162)
at com.servoy.j2db.server.headlessclient.SessionClient.invokeAndWait(SessionClient.java:1218)
at com.servoy.j2db.server.headlessclient.SessionClient.invokeLater(SessionClient.java:1208)
at com.servoy.j2db.FormManager.propertyChange(FormManager.java:158)
at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:339)
at javax.swing.event.SwingPropertyChangeSupport.firePropertyChange(SwingPropertyChangeSupport.java:75)
at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:276)
at com.servoy.j2db.J2DBGlobals.firePropertyChange(J2DBGlobals.java:90)
at com.servoy.j2db.server.headlessclient.SessionClient.solutionLoaded(SessionClient.java:507)
at com.servoy.j2db.ClientState.loadSolutionsAndModules(ClientState.java:1428)
at com.servoy.j2db.server.headlessclient.SessionClient.loadSolution(SessionClient.java:283)
at com.servoy.j2db.debug.DebugHeadlessClient.loadSolution(DebugHeadlessClient.java:178)
at com.servoy.j2db.server.headlessclient.SessionClient.loadSolution(SessionClient.java:258)
at com.servoy.j2db.server.main.Zp.run(Zp.java:18)
at java.lang.Thread.run(Thread.java:680)
For auto-enter creation-username/creation-useruid to work, the user does not have to exist in Servoy security, there is no need to create a user for that.
Rob
hi Rob,
this was totally new to me!
i tried it, and yes I can login with a user that does’nt exist in the servoy security. (ofcourse I check first if it exists in our own security)
I commented out that line, and the error went away. Thank you for pointing out that the user doesn’t need to exist.
I’m mystified that the user doesn’t have to exist first, and also that the error never occurred in the previous version (6.0.. If security.login() doesn’t verify against some sort of internal password mechanism, then why can’t we bypass the internal mechanism entirely, for the user to get into the program?
Thank you
Don
Paul?
Don,
Security.login() is meant for when you have your own login check (like what Harjo does) and when the user/password validates against that, the security.login() call just informs Servoy that the current user is logged in.
In case of authenticator solutions, this is then propagated to the calling client.
Users in Servoy Security are only needed if you let Servoy do the password checking, for example when your solution has mustAuthenticate=true and you do not have a login form or login solution.
Note that the groups you pass in security.login() do have to exist because these are used in permissions checking on forms and tables.