Servoy Forum

Hello,

We recently upgraded our server to Servoy6 and we're experiencing problems when using the headlessClient.

The code for this part is strictly identical, except for some JSDoc stuff, but apparently invoking the function call below :
'headlessClient = plugins.headlessclient.createClient('mymodule','user','pass', null)
brings that error.

This is called from our login module

Obviously, if you need additional information about the method itself and the module settings, I will provide it immediately, but the settings, again, are the same as they were on with 5.

Here's the complete console log if anyone can help. Thank you.



****
4 mai 2012 14:05:22 com.servoy.j2db.util.Debug error
GRAVE: Throwable
java.lang.SecurityException: Rejected unauthenticated access
at com.servoy.extensions.plugins.headlessclient.HeadlessServerPlugin.createClient(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:255)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:233)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:142)
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:178)
at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:132)
at $Proxy3.createClient(Unknown Source)
at com.servoy.extensions.plugins.headlessclient.HeadlessClientProvider.js_createClient(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:179)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:367)
at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:81)
at org.mozilla.javascript.gen.c17._c0(launchProvisioning:74)
at org.mozilla.javascript.gen.c17.call(launchProvisioning)
at org.mozilla.javascript.optimizer.OptRuntime.callName0(OptRuntime.java:101)
at org.mozilla.javascript.gen.c16._c0(onActionDoProvisioning:177)
at org.mozilla.javascript.gen.c16.call(onActionDoProvisioning)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:387)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3134)
at org.mozilla.javascript.gen.c16.call(onActionDoProvisioning)
at com.servoy.j2db.scripting.ScriptEngine.executeFunction(ScriptEngine.java:528)
at com.servoy.j2db.FormController.executeFunction(FormController.java:4063)
at com.servoy.j2db.FormController.executeFunction(FormController.java:3942)
at com.servoy.j2db.FormController.executeFunction(FormController.java:3864)
at com.servoy.j2db.FormController$ScriptExecuter.executeFunction(FormController.java:3719)
at com.servoy.j2db.ui.BaseEventExecutor.fireEventCommand(BaseEventExecutor.java:271)
at com.servoy.j2db.ui.BaseEventExecutor.fireActionCommand(BaseEventExecutor.java:217)
at com.servoy.j2db.ui.BaseEventExecutor.fireActionCommand(BaseEventExecutor.java:212)
at com.servoy.j2db.smart.dataui.AbstractScriptButton$2.actionPerformed(AbstractScriptButton.java:670)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2028)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2351)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
at java.awt.Component.processMouseEvent(Component.java:6373)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
at java.awt.Component.processEvent(Component.java:6138)
at java.awt.Container.processEvent(Container.java:2085)
at java.awt.Component.dispatchEventImpl(Component.java:4735)
at java.awt.Container.dispatchEventImpl(Container.java:2143)
at java.awt.Component.dispatchEvent(Component.java:4565)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4621)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4282)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4212)
at java.awt.Container.dispatchEventImpl(Container.java:2129)
at java.awt.Window.dispatchEventImpl(Window.java:2478)
at java.awt.Component.dispatchEvent(Component.java:4565)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:679)
at java.awt.EventQueue.access$000(EventQueue.java:85)
at java.awt.EventQueue$1.run(EventQueue.java:638)
at java.awt.EventQueue$1.run(EventQueue.java:636)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(AccessControlContext.java:87)
at java.security.AccessControlContext$1.doIntersectionPrivilege(AccessControlContext.java:98)
at java.awt.EventQueue$2.run(EventQueue.java:652)
at java.awt.EventQueue$2.run(EventQueue.java:650)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(AccessControlContext.java:87)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:649)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:296)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:211)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:196)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:188)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)
4 mai 2012 14:06:17 com.servoy.j2db.util.Debug log
****

Ugo,

Are you using the headless client plugin from a smart client in the login solution?

Rob

Rob,

Thanks for your interest,

I'm using the headless client plugin from a smart client, from within the login module. The client is not logged in though, as we provide a process to provision his account from within the login solution, when our authentification process failed to identify any record for the client. This authentication is triggered through the onSolutionOpen ( ) method, which checks for the arguments when accessed through a deep-link.

the headless Client targets a 'provisioning' module which has 'must authenticate' checked, and these other properties ( same as Servoy 5 ) :
- firstform: prov_test
-loginForm : Default
loginsolutionname : none
modulesNames : same list, the login solution is not referenced
mustAutheticate : checked
solutionType : module


Thanks

Ugo

Good morning,

So I tried several settings during the week-end. In order to use a HC now, it seems that the user must be authenticated. Is this documented somewhere ?

In my scenario, where a user formerly authenticated from a portal may directly provision his account from a dedicated form on the login module, I would have preferred that the previous behavior had been maintained.
In my current scenario, the user account was created using the Headless through a method passing all parameters to generate not only that user account ( in my user table ) but all its particular settings. The user was therefore logged in at the end of the provisioning process.

I am a bit lost now, what should I modify ? Should I log anyone coming from the authentication portal with no user account with a dedicated login for this provisioning process ?

Thanks

Ugo

What you should do is bring your HC code, to the authenticator. than you call that code, from your login-solution, and return any result back from the authenticator to the login-solution.

The login solution is very limited in functions (this because of all kind of security things)
that it worked before, was probably a bug?

or maybe this is the one, you run into:

Enhanced Security is now the default mode. The UI in Servoy Developer and in the Application Server to disable it has been removed. It is only possible to disable Enhance Security through setting the relevant property in the servoy.properties file: "servoy.application_server.enhancedSecurity=false"

can be found here: http://wiki.servoy.com/display/public/D ... iorchanges

Thanks Harjo,

Sorry I don't get it. Let me be more explicit about our current settings and processes.

I'm already calling methods in the authenticator module. Wether the starting args reveals the user is entering the application through a deep-link or not, I'm using one method or another in the 'auth' module.
- With a standard access, we'd be calling an authentication method that will simply check the user login and password.
- With a deep-link access, we'd use the arguments received ( a key that we decode and a url to call ) in order to externally authenticate the user, through a POST request.

In the second situation, the result is passed back to the login solution. But still, this user does not necessarily exist in the SQL database we use for our SaaS application, if he just subscribed for our services on our partners web sites.

When the user is identified, wether with the standard authentication or the other, the user would be logged in and the onOpenSolution method will be triggered correctly. But when the user doesn't exist in our database, none of the information received from the authenticator can be used to login that user. In this case, we need to present the user with several options prior to provision his account.This is done through a provisioning form in our login solution.

Currently, the result of the post, combined to the user settings will then be passed as parameters to our provisioning module, called through a HC to reduce the processing times. This also provides a way to get the processing flow and progression through the getDataProviderValue.

Now, what exactly are you suggesting with "bring your HC code" ?

I will investigate the enhanced Security part of your answer, thanks a lot, but this refer to the old system I think


Ugo

I'm trying to understand your setup...
why use a seperate Headless Client module for that? the authenticator IS already a (headless) client ON the server.

Well, because :

- In my mind, as a design result for security, the authenticator module was striclty dedicated to authentication, with no relations objects whatsoever and no connexion to other modules of the solution

- I need to give some information of the progression to the user ( a dozen of tables are affected through creations of single or multiple records ), and I can't see how I could do the following through the authenticator, which is how the user sees his provision progress

Code: Select all

while (n <= _themax && _error_stop == false) {
         n = headlessClient.getDataProviderValue(null, "globals._prov_progress")
         _currentstep = 'Etape ' + n + ' sur ' + _themax
         application.updateUI(10);
      }


What am I missing ?

Ugo

you must do that through the Authenticator, we don't allow access to the server portion of the headless client if the client is not already authenticated.

So what harjo means at the moment you now are trying to create a HC you should just call the authenticator with some parameters that then does the same thing as the HC
you could even just create the HC from the authenticator and call the same thing you do now from the login solution.

Thank you Johan,

So that's new in Servoy 6. I will try that way then

Ugo