"...only admin users can create/change security stuff"

Questions and answers for all installation-related topics for Servoy products

"...only admin users can create/change security stuff"

Postby djlapin » Mon Nov 26, 2012 4:42 am

I'm getting an error on startup. This is after importing a 6.0.8 solution into 6.1.2, and it happens during authentication. The location of the problem is this line in the authentication solution:

Code: Select all
var returnUID = security.createUser(selpaHyphenUser,fsUserInfo['usr_password_hash'],fsUserInfo['usr_user_info_id'])      


The error in the console is:

Code: Select all
Can't create user: Design-Designer, only admin users can create/change security stuff
> com.servoy.j2db.persistence.RepositoryException: You don't have access to view this data


This didn't occur in 6.0.8. How can I fix this?

Thank you,
Don
djlapin
 
Posts: 309
Joined: Fri Feb 18, 2011 9:36 am
Location: San Francisco, CA

Re: "...only admin users can create/change security stuff"

Postby rgansevles » Mon Nov 26, 2012 11:59 pm

Don

Why do you create a user in the authenticator solution?
You can call security.login() in there with a user that does not exist, only the groups have to exist.

When this error is thrown you should see some info in the log file as well.

Rob
Rob Gansevles
Servoy
User avatar
rgansevles
 
Posts: 1927
Joined: Wed Nov 15, 2006 6:17 pm
Location: Amersfoort, NL

Re: "...only admin users can create/change security stuff"

Postby Harjo » Tue Nov 27, 2012 12:43 am

Hi Rob,

we do the same inside our authenticator solution, because that's the only way to make the auto enter's work with colums like: created_by & modified_by.
(besides that we don't use the servoy-security, but has our own security)
We tried to login first with an admin account, inside the authenticator, and than create the user, but that also does not work!

so for now, we enabled the property in the servoy-admin page, to access the repository-tables.
Harjo Kompagnie
ServoyCamp
Servoy Certified Developer
Servoy Valued Professional
SAN Developer
Harjo
 
Posts: 4321
Joined: Fri Apr 25, 2003 11:42 pm
Location: DEN HAM OV, The Netherlands

Re: "...only admin users can create/change security stuff"

Postby rgansevles » Tue Nov 27, 2012 9:36 am

Harjo,

For auto-enter creation-username/creation-useruid to work, the user does not have to exist in Servoy security, there is no need to create a user for that.

Rob
Rob Gansevles
Servoy
User avatar
rgansevles
 
Posts: 1927
Joined: Wed Nov 15, 2006 6:17 pm
Location: Amersfoort, NL

Re: "...only admin users can create/change security stuff"

Postby djlapin » Wed Nov 28, 2012 12:04 pm

Hi Paul,

I commented out that line, and the error went away. Thank you for pointing out that the user doesn't need to exist.

I'm mystified that the user doesn't have to exist first, and also that the error never occurred in the previous version (6.0.8). If security.login() doesn't verify against some sort of internal password mechanism, then why can't we bypass the internal mechanism entirely, for the user to get into the program?

Thank you
Don

---
Here are the messages from the server log related to the error,

Code: Select all
2012-11-28 01:55    authenticator    ERROR    com.servoy.j2db.util.Debug    Can't create user: Design-Designer, only admin users can create/change security stuff    A4A8AC95-872C-4209-AA5C-17B51449A2F8   SELPA_authenticate
com.servoy.j2db.persistence.RepositoryException: You don't have access to view this data
     at com.servoy.eclipse.core.repository.EclipseUserManager.checkForAdminUser(EclipseUserManager.java:102)
     at com.servoy.eclipse.model.repository.WorkspaceUserManager.createUser(WorkspaceUserManager.java:1947)
     at com.servoy.eclipse.core.repository.SwitchableEclipseUserManager.createUser(SwitchableEclipseUserManager.java:182)
     at com.servoy.j2db.scripting.JSSecurity.js_createUser(JSSecurity.java:671)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:158)
     at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:311)
     at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1768)
     at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:837)
     at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:158)
     at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:406)
     at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3192)
     at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:156)
     at com.servoy.j2db.scripting.ScriptEngine.executeFunction(ScriptEngine.java:574)
     at com.servoy.j2db.debug.RemoteDebugScriptEngine.executeFunction(RemoteDebugScriptEngine.java:398)
     at com.servoy.j2db.scripting.ScopesScope.executeGlobalFunction(ScopesScope.java:172)
     at com.servoy.j2db.FormManager.makeSolutionSettings(FormManager.java:384)
     at com.servoy.j2db.debug.DebugHeadlessClient$DebugWebFormManager.makeSolutionSettings(DebugHeadlessClient.java:77)
     at com.servoy.j2db.FormManager$1.run(FormManager.java:162)
     at com.servoy.j2db.server.headlessclient.SessionClient.invokeAndWait(SessionClient.java:1218)
     at com.servoy.j2db.server.headlessclient.SessionClient.invokeLater(SessionClient.java:1208)
     at com.servoy.j2db.FormManager.propertyChange(FormManager.java:158)
     at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:339)
     at javax.swing.event.SwingPropertyChangeSupport.firePropertyChange(SwingPropertyChangeSupport.java:75)
     at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:276)
     at com.servoy.j2db.J2DBGlobals.firePropertyChange(J2DBGlobals.java:90)
     at com.servoy.j2db.server.headlessclient.SessionClient.solutionLoaded(SessionClient.java:507)
     at com.servoy.j2db.ClientState.loadSolutionsAndModules(ClientState.java:1428)
     at com.servoy.j2db.server.headlessclient.SessionClient.loadSolution(SessionClient.java:283)
     at com.servoy.j2db.debug.DebugHeadlessClient.loadSolution(DebugHeadlessClient.java:178)
     at com.servoy.j2db.server.headlessclient.SessionClient.loadSolution(SessionClient.java:258)
     at com.servoy.j2db.server.main.Zp.run(Zp.java:18)
     at java.lang.Thread.run(Thread.java:680)
2012-11-28 01:55    authenticator    ERROR    com.servoy.j2db.util.Debug    Access to repository server denied to client code, see admin property servoy.application_server.allowClientRepositoryAccess    A4A8AC95-872C-4209-AA5C-17B51449A2F8   SELPA_authenticate
java.lang.IllegalAccessException
     at com.servoy.eclipse.core.repository.EclipseUserManager.checkForAdminUser(EclipseUserManager.java:101)
     at com.servoy.eclipse.model.repository.WorkspaceUserManager.createUser(WorkspaceUserManager.java:1947)
     at com.servoy.eclipse.core.repository.SwitchableEclipseUserManager.createUser(SwitchableEclipseUserManager.java:182)
     at com.servoy.j2db.scripting.JSSecurity.js_createUser(JSSecurity.java:671)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:158)
     at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:311)
     at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1768)
     at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:837)
     at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:158)
     at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:406)
     at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3192)
     at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:156)
     at com.servoy.j2db.scripting.ScriptEngine.executeFunction(ScriptEngine.java:574)
     at com.servoy.j2db.debug.RemoteDebugScriptEngine.executeFunction(RemoteDebugScriptEngine.java:398)
     at com.servoy.j2db.scripting.ScopesScope.executeGlobalFunction(ScopesScope.java:172)
     at com.servoy.j2db.FormManager.makeSolutionSettings(FormManager.java:384)
     at com.servoy.j2db.debug.DebugHeadlessClient$DebugWebFormManager.makeSolutionSettings(DebugHeadlessClient.java:77)
     at com.servoy.j2db.FormManager$1.run(FormManager.java:162)
     at com.servoy.j2db.server.headlessclient.SessionClient.invokeAndWait(SessionClient.java:1218)
     at com.servoy.j2db.server.headlessclient.SessionClient.invokeLater(SessionClient.java:1208)
     at com.servoy.j2db.FormManager.propertyChange(FormManager.java:158)
     at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:339)
     at javax.swing.event.SwingPropertyChangeSupport.firePropertyChange(SwingPropertyChangeSupport.java:75)
     at java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:276)
     at com.servoy.j2db.J2DBGlobals.firePropertyChange(J2DBGlobals.java:90)
     at com.servoy.j2db.server.headlessclient.SessionClient.solutionLoaded(SessionClient.java:507)
     at com.servoy.j2db.ClientState.loadSolutionsAndModules(ClientState.java:1428)
     at com.servoy.j2db.server.headlessclient.SessionClient.loadSolution(SessionClient.java:283)
     at com.servoy.j2db.debug.DebugHeadlessClient.loadSolution(DebugHeadlessClient.java:178)
     at com.servoy.j2db.server.headlessclient.SessionClient.loadSolution(SessionClient.java:258)
     at com.servoy.j2db.server.main.Zp.run(Zp.java:18)
     at java.lang.Thread.run(Thread.java:680)
djlapin
 
Posts: 309
Joined: Fri Feb 18, 2011 9:36 am
Location: San Francisco, CA

Re: "...only admin users can create/change security stuff"

Postby Harjo » Wed Nov 28, 2012 12:31 pm

rgansevles wrote:Harjo,

For auto-enter creation-username/creation-useruid to work, the user does not have to exist in Servoy security, there is no need to create a user for that.

Rob

hi Rob,

this was totally new to me! :shock:
i tried it, and yes I can login with a user that does'nt exist in the servoy security. (ofcourse I check first if it exists in our own security)
Harjo Kompagnie
ServoyCamp
Servoy Certified Developer
Servoy Valued Professional
SAN Developer
Harjo
 
Posts: 4321
Joined: Fri Apr 25, 2003 11:42 pm
Location: DEN HAM OV, The Netherlands

Re: "...only admin users can create/change security stuff"

Postby rgansevles » Wed Nov 28, 2012 10:59 pm

djlapin wrote:Hi Paul,

I commented out that line, and the error went away. Thank you for pointing out that the user doesn't need to exist.

I'm mystified that the user doesn't have to exist first, and also that the error never occurred in the previous version (6.0.8). If security.login() doesn't verify against some sort of internal password mechanism, then why can't we bypass the internal mechanism entirely, for the user to get into the program?

Thank you
Don


Paul?

Don,

Security.login() is meant for when you have your own login check (like what Harjo does) and when the user/password validates against that, the security.login() call just informs Servoy that the current user is logged in.
In case of authenticator solutions, this is then propagated to the calling client.

Users in Servoy Security are only needed if you let Servoy do the password checking, for example when your solution has mustAuthenticate=true and you do not have a login form or login solution.

Note that the groups you pass in security.login() do have to exist because these are used in permissions checking on forms and tables.

Rob
Rob Gansevles
Servoy
User avatar
rgansevles
 
Posts: 1927
Joined: Wed Nov 15, 2006 6:17 pm
Location: Amersfoort, NL

Re: "...only admin users can create/change security stuff"

Postby djlapin » Thu Nov 29, 2012 9:35 pm

Hi Rob,

Sorry about the "Paul", I must have been experiencing a senior moment.

Thank you for explaining security.login()

Don
djlapin
 
Posts: 309
Joined: Fri Feb 18, 2011 9:36 am
Location: San Francisco, CA


Return to Installation

Who is online

Users browsing this forum: No registered users and 4 guests