[MAGNOLIA-8383] Incomplete app definition permissions lead to unreachable admincentral Created: 13/Nov/19  Updated: 20/Apr/22  Resolved: 19/Apr/22

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: 6.2.11
Fix Version/s: 6.2.19

Type: Bug Priority: Neutral
Reporter: Richard Gange Assignee: Chuong Doan Huy
Resolution: Fixed Votes: 0
Labels: maintenance
Remaining Estimate: Not Specified
Time Spent: 2d
Original Estimate: Not Specified

Issue Links:
Relates
relates to MGNLUI-7001 Empty YAML "fields" Value Cause The D... Closed
relation
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Epic Link: Support
Sprint: DevX 8
Story Points: 3
Team: DeveloperX

 Description   

For example, let's say I have an incomplete permissions in my app definition. Like this:

label: Events
icon: icon-datepicker
appClass: info.magnolia.ui.contentapp.ContentApp
class: info.magnolia.ui.api.app.registry.ConfiguredAppDescriptor

# Missing roles
permissions:
  roles:
  
subApps:
  browser:
    label: Events
    subAppClass: info.magnolia.ui.contentapp.browser.BrowserSubApp
    class: info.magnolia.ui.contentapp.browser.BrowserSubAppDescriptor
...
...

This leads to the following exception here:

Nov 13, 2019 2:57:08 PM com.vaadin.server.DefaultErrorHandler doDefault
SEVERE: 
com.google.inject.ProvisionException: Unable to provision, see the following errors:

1) Error in custom provider, info.magnolia.objectfactory.MgnlInstantiationException: Failed to create instance of [class info.magnolia.admincentral.ResurfaceUILayout]
  at info.magnolia.ui.framework.ioc.ProduceNewInstancesWithComponentProvider.lambda$null$2(ProduceNewInstancesWithComponentProvider.java:84) (via modules: com.google.inject.util.Modules$OverrideModule -> info.magnolia.objectfactory.guice.GuiceComponentProviderBuilder$1 -> com.google.inject.util.Modules$CombinedModule -> info.magnolia.ui.framework.ioc.DeflateUiContextDependentBindings -> info.magnolia.ui.framework.ioc.ProduceNewInstancesWithComponentProvider)
  while locating info.magnolia.admincentral.ResurfaceUILayout

1 error
	at com.google.inject.internal.InternalProvisionException.toProvisionException(InternalProvisionException.java:226)
	at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1053)
	at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1086)
	at info.magnolia.objectfactory.guice.GuiceComponentProvider.getComponent(GuiceComponentProvider.java:110)
	at info.magnolia.ui.framework.ioc.UiContextBoundComponentProvider.lambda$getComponent$3(UiContextBoundComponentProvider.java:125)
	at info.magnolia.ui.framework.ioc.UiContextBoundComponentProvider.provideInCurrentScope(UiContextBoundComponentProvider.java:163)
	at info.magnolia.ui.framework.ioc.UiContextBoundComponentProvider.getComponent(UiContextBoundComponentProvider.java:125)
	at info.magnolia.admincentral.ResurfaceUI.init(ResurfaceUI.java:85)
	at com.vaadin.ui.UI.doInit(UI.java:776)
	at com.vaadin.server.communication.UIInitHandler.getBrowserDetailsUI(UIInitHandler.java:218)
	at com.vaadin.server.communication.UIInitHandler.synchronizedHandleRequest(UIInitHandler.java:76)
	at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:40)
	at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1602)
	at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:445)
	at info.magnolia.admincentral.AdmincentralServlet.service(AdmincentralServlet.java:114)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
	at info.magnolia.cms.filters.ServletDispatchingFilter.doFilter(ServletDispatchingFilter.java:148)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.virtualuri.VirtualUriFilter.doFilter(VirtualUriFilter.java:98)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.module.cache.executor.Bypass.processCacheRequest(Bypass.java:58)
	at info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:66)
	at info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:164)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:85)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:78)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:84)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.module.site.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:119)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.multisite.filters.MultiSiteFilter.doFilter(MultiSiteFilter.java:120)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:83)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:74)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:127)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:79)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:71)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.personalization.preview.filter.PreviewFilter.doFilter(PreviewFilter.java:92)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
	at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
	at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107)
	at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:110)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: info.magnolia.objectfactory.MgnlInstantiationException: Failed to create instance of [class info.magnolia.admincentral.ResurfaceUILayout]
	at info.magnolia.objectfactory.guice.GuiceComponentProvider.newInstanceWithParameterResolvers(GuiceComponentProvider.java:138)
	at info.magnolia.ui.framework.ioc.UiContextBoundComponentProvider.lambda$newInstanceWithParameterResolvers$4(UiContextBoundComponentProvider.java:135)
	at info.magnolia.ui.framework.ioc.UiContextBoundComponentProvider.provideInCurrentScope(UiContextBoundComponentProvider.java:163)
	at info.magnolia.ui.framework.ioc.UiContextBoundComponentProvider.newInstanceWithParameterResolvers(UiContextBoundComponentProvider.java:135)
	at info.magnolia.ui.framework.ioc.UiContextBoundComponentProvider.newInstance(UiContextBoundComponentProvider.java:130)
	at info.magnolia.ui.framework.ioc.ProduceNewInstancesWithComponentProvider$CreateNewInstanceWithComponentProvider.newInstance(ProduceNewInstancesWithComponentProvider.java:115)
	at info.magnolia.ui.framework.ioc.ProduceNewInstancesWithComponentProvider.lambda$null$0(ProduceNewInstancesWithComponentProvider.java:84)
	at com.google.inject.internal.ProviderInternalFactory.provision(ProviderInternalFactory.java:85)
	at com.google.inject.internal.InternalFactoryToInitializableAdapter.provision(InternalFactoryToInitializableAdapter.java:57)
	at com.google.inject.internal.ProviderInternalFactory.circularGet(ProviderInternalFactory.java:59)
	at com.google.inject.internal.InternalFactoryToInitializableAdapter.get(InternalFactoryToInitializableAdapter.java:47)
	at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
	at info.magnolia.ui.framework.ioc.SessionStoreScope.lambda$getInstanceFromBeanStore$1(SessionStoreScope.java:73)
	at java.util.Optional.orElseGet(Optional.java:267)
	at info.magnolia.ui.framework.ioc.SessionStoreScope.getInstanceFromBeanStore(SessionStoreScope.java:72)
	at info.magnolia.ui.framework.ioc.SessionStoreScope.lambda$scope$0(SessionStoreScope.java:64)
	at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39)
	at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1050)
	... 113 more
Caused by: info.magnolia.objectfactory.MgnlInstantiationException: Failed to create an instance with c-tor [ResurfaceUILayout(ComponentProvider, NotificationBadge, TaskBadge, BannerContainer, InstanceInfo, UserMenu, ViewportLayout)]
	at info.magnolia.objectfactory.ObjectManufacturer.newInstance(ObjectManufacturer.java:131)
	at info.magnolia.objectfactory.ObjectManufacturer.newInstance(ObjectManufacturer.java:99)
	at info.magnolia.objectfactory.guice.GuiceComponentProvider.newInstanceWithParameterResolvers(GuiceComponentProvider.java:134)
	... 130 more
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at info.magnolia.objectfactory.ObjectManufacturer.newInstance(ObjectManufacturer.java:129)
	... 132 more
Caused by: info.magnolia.objectfactory.MgnlInstantiationException: Failed to create instance of [class info.magnolia.admincentral.findbar.FindBar]
	at info.magnolia.objectfactory.guice.GuiceComponentProvider.newInstanceWithParameterResolvers(GuiceComponentProvider.java:138)
	at info.magnolia.ui.framework.ioc.UiContextBoundComponentProvider.lambda$newInstanceWithParameterResolvers$4(UiContextBoundComponentProvider.java:135)
	at info.magnolia.ui.framework.ioc.UiContextBoundComponentProvider.provideInCurrentScope(UiContextBoundComponentProvider.java:163)
	at info.magnolia.ui.framework.ioc.UiContextBoundComponentProvider.newInstanceWithParameterResolvers(UiContextBoundComponentProvider.java:135)
	at info.magnolia.ui.framework.ioc.UiContextBoundComponentProvider.newInstance(UiContextBoundComponentProvider.java:130)
	at info.magnolia.admincentral.ResurfaceUILayout.<init>(ResurfaceUILayout.java:81)
	... 137 more
Caused by: info.magnolia.objectfactory.MgnlInstantiationException: Failed to create an instance with c-tor [FindBar(Periscope, SecuritySupport, SpeechRecognizer, FindBarConfigurationProvider, PeriscopeAppDetailCreator, PeriscopeTagsProvider, EventBus, SimpleTranslator, Provider, LocationController, AppLauncherLayoutManager, AppController, AppDescriptorRegistry, ViewportLayout, SearchResultSupplierDefinitionRegistry)]
	at info.magnolia.objectfactory.ObjectManufacturer.newInstance(ObjectManufacturer.java:131)
	at info.magnolia.objectfactory.ObjectManufacturer.newInstance(ObjectManufacturer.java:99)
	at info.magnolia.objectfactory.guice.GuiceComponentProvider.newInstanceWithParameterResolvers(GuiceComponentProvider.java:134)
	... 142 more
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at info.magnolia.objectfactory.ObjectManufacturer.newInstance(ObjectManufacturer.java:129)
	... 144 more
Caused by: com.google.common.util.concurrent.UncheckedExecutionException: java.lang.NullPointerException
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2051)
	at com.google.common.cache.LocalCache.get(LocalCache.java:3953)
	at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3976)
	at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4960)
	at info.magnolia.ui.api.app.launcherlayout.AppLauncherLayoutManagerImpl.getLayoutForUser(AppLauncherLayoutManagerImpl.java:146)
	at info.magnolia.admincentral.findbar.FindBar.initUi(FindBar.java:242)
	at info.magnolia.admincentral.findbar.FindBar.<init>(FindBar.java:199)
	... 149 more
Caused by: java.lang.NullPointerException
	at info.magnolia.cms.security.operations.ConfiguredAccessDefinition.hasAccess(ConfiguredAccessDefinition.java:68)
	at info.magnolia.ui.api.app.launcherlayout.AppLauncherLayoutManagerImpl.isAppVisibleForUser(AppLauncherLayoutManagerImpl.java:259)
	at info.magnolia.ui.api.app.launcherlayout.AppLauncherLayoutManagerImpl.doGetLayoutForUser(AppLauncherLayoutManagerImpl.java:210)
	at info.magnolia.ui.api.app.launcherlayout.AppLauncherLayoutManagerImpl.access$100(AppLauncherLayoutManagerImpl.java:75)
	at info.magnolia.ui.api.app.launcherlayout.AppLauncherLayoutManagerImpl$1.load(AppLauncherLayoutManagerImpl.java:93)
	at info.magnolia.ui.api.app.launcherlayout.AppLauncherLayoutManagerImpl$1.load(AppLauncherLayoutManagerImpl.java:90)
	at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3529)
	at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2278)
	at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2155)
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2045)
	... 155 more

Then admincentral is unreachable.

Reproduce
From the Resources app find any app in any module and add:

# Missing roles
permissions:
  roles:

Logout/Login --> admincentral broken



 Comments   
Comment by Richard Gange [ 13/Nov/19 ]

Workaround:

Remove the configuration completely. This type of configuration is deprecated since 5.4.3. See AccessDefinition.java#51. Configure the permissions on the User directly.

Comment by Jaroslav Simak [ 12/Jan/22 ]

Log warn message in the logs that the permissions / roles are empty.

Generated at Mon Feb 12 04:32:15 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.