[MGNLUI-3225] Security App: 'superuser' role can not be edited Created: 28/Oct/14  Updated: 05/Dec/14  Resolved: 31/Oct/14

Status: Closed
Project: Magnolia UI
Component/s: security app
Affects Version/s: 5.3.4
Fix Version/s: 5.3.5

Type: Bug Priority: Critical
Reporter: Christian Ringele Assignee: Philip Mundt
Resolution: Fixed Votes: 0
Labels: regression, support
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: JPEG File Superuser-Role_export.jpg     JPEG File Superuser-Role_import.jpg     Zip Archive WorkspaceAccessFieldFactory.class.zip     File magnolia-security-app-5.3.4-MGNLUI-3225.jar    
Issue Links:
Relates
relates to MAGNOLIA-5962 Permission property for acl_forum is ... Closed
causality
caused by MGNLUI-3139 Renaming roles in Security App doesn'... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

When trying to edit the superuser role following error is thrown:

2014-10-28 13:44:35,787 ERROR fo.magnolia.ui.contentapp.browser.BrowserPresenter: An error occurred while executing action [editRole]
info.magnolia.ui.api.action.ActionExecutionException: Action execution failed for action: editRole
	at info.magnolia.ui.api.action.AbstractActionExecutor.execute(AbstractActionExecutor.java:64)
	at info.magnolia.ui.contentapp.browser.BrowserPresenter.executeAction(BrowserPresenter.java:333)
	at info.magnolia.ui.contentapp.browser.BrowserPresenter.executeDefaultAction(BrowserPresenter.java:310)
	at info.magnolia.ui.contentapp.browser.BrowserPresenter.access$300(BrowserPresenter.java:91)
	at info.magnolia.ui.contentapp.browser.BrowserPresenter$3.onItemDoubleClicked(BrowserPresenter.java:200)
	at info.magnolia.ui.workbench.event.ItemDoubleClickedEvent.dispatch(ItemDoubleClickedEvent.java:65)
	at info.magnolia.ui.workbench.event.ItemDoubleClickedEvent.dispatch(ItemDoubleClickedEvent.java:43)
	at info.magnolia.event.SimpleEventBus.fireEvent(SimpleEventBus.java:78)
	at info.magnolia.ui.workbench.AbstractContentPresenterBase.onDoubleClick(AbstractContentPresenterBase.java:156)
	at info.magnolia.ui.workbench.list.ListViewImpl$3.itemClick(ListViewImpl.java:146)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.vaadin.event.ListenerMethod.receiveEvent(ListenerMethod.java:508)
	at com.vaadin.event.EventRouter.fireEvent(EventRouter.java:167)
	at com.vaadin.server.AbstractClientConnector.fireEvent(AbstractClientConnector.java:969)
	at com.vaadin.ui.Table.handleClickEvent(Table.java:3057)
	at com.vaadin.ui.Table.changeVariables(Table.java:2853)
	at com.vaadin.ui.TreeTable.changeVariables(TreeTable.java:415)
	at info.magnolia.ui.vaadin.grid.MagnoliaTreeTable.changeVariables(MagnoliaTreeTable.java:87)
	at com.vaadin.server.communication.ServerRpcHandler.changeVariables(ServerRpcHandler.java:403)
	at com.vaadin.server.communication.ServerRpcHandler.handleBurst(ServerRpcHandler.java:228)
	at com.vaadin.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:111)
	at com.vaadin.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:91)
	at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:37)
	at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1371)
	at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:238)
	at info.magnolia.ui.admincentral.AdmincentralVaadinServlet.service(AdmincentralVaadinServlet.java:132)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
	at info.magnolia.cms.filters.ServletDispatchingFilter.doFilter(ServletDispatchingFilter.java:148)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.VirtualUriFilter.doFilter(VirtualUriFilter.java:68)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.module.cache.executor.Bypass.processCacheRequest(Bypass.java:58)
	at info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:66)
	at info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:153)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:60)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:73)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:84)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:83)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:60)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:60)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.module.templatingkit.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:112)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:82)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:60)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:73)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:60)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:104)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:71)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:60)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:103)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:129)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:106)
	at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:66)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:107)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:93)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)
Caused by: com.vaadin.data.util.converter.Converter$ConversionException: Cannot convert class java.lang.Long to class java.lang.String
	at info.magnolia.ui.vaadin.integration.jcr.DefaultProperty.setValue(DefaultProperty.java:66)
	at info.magnolia.security.app.dialog.field.WorkspaceAccessFieldFactory.createFieldComponent(WorkspaceAccessFieldFactory.java:182)
	at info.magnolia.ui.form.field.factory.AbstractFieldFactory.createField(AbstractFieldFactory.java:108)
	at info.magnolia.ui.dialog.formdialog.FormBuilder.buildReducedForm(FormBuilder.java:210)
	at info.magnolia.ui.dialog.formdialog.FormBuilder.buildForm(FormBuilder.java:117)
	at info.magnolia.ui.dialog.formdialog.FormDialogPresenterImpl.buildView(FormDialogPresenterImpl.java:158)
	at info.magnolia.ui.dialog.formdialog.FormDialogPresenterImpl.start(FormDialogPresenterImpl.java:142)
	at info.magnolia.security.app.action.OpenEditRoleDialogAction.execute(OpenEditRoleDialogAction.java:77)
	at info.magnolia.ui.api.action.AbstractActionExecutor.execute(AbstractActionExecutor.java:62)
	... 110 more

This only happens when editing the superuser role only in Mangolia 5.3.4,

Source of the problem:
The permission property of forum (acl_forum) of the superuser role is stored as "String" property and not as "Long" property. This has been the case since 2007.

See info.magnolia.security.app.dialog.field.WorkspaceAccessFieldFactory:

//Returns in this case a property of inner type String. Not detectable compile time (generics) as it only happens on runtime when fetching the property in the getOrCreateProperty() method.
final Property<Long> permissionsProperty = getOrCreateProperty(entryItem, AccessControlList.PERMISSIONS_PROPERTY_NAME, Long.class); //line 178

//Then the setValue() denies of wringing a Long into the String Property.
permissionsProperty.setValue(permissions); //line 182

The new code is correct, a String property is just wrong for defining a role expecting a Long. Old code did a implicit cast.

Solution:

  • An update task should update all roles on existing systems
  • Fix bootstrap file userroles.superuser.xml: permission property should be "Long" (See: MAGNOLIA-5962)




Workaround(s):

1. Export, change and import the 'superuser' role:
Generally explained: export the superuser role, change the property type, and import it again.
Detailed steps:

  • Export the superuser role (see print screen 'Superuser-Role_export.jpg'):
    • Go to the app "Tools -> Export"
    • Repository: userroles
    • Basepath: /superuser
  • Edit the xml file you just exported:
    • Search within for the value <sv:property sv:name="permissions" sv:type="String">
    • Replace the "String" with "Long", the result should be: <sv:property sv:name="permissions" sv:type="Long">
    • Save the file
  • Import the just edited superuser export file (see print screen 'Superuser-Role_import.jpg'):
    • Go to the app "Tools -> Import"
    • Repository: userroles
    • Basepath: /
    • Choose the file you edited.
    • Choose "Replace existing node with the same id" (! not "Remove existing node with the same id")
  • Log out and log in again with superuser. Role can now be edited again.

2. Use patched class:
Use the attached & patched classes from the archive: "WorkspaceAccessFieldFactory.class.zip"
(The classes content is the code version of M5.3.3)

3. Use patched jar:
Use the attached & patched jar of the security app (replace in WEB-INF/lib):
magnolia-security-app-5.3.4-MGNLUI-3225.jar
(The WorkspaceAccessFieldFactory.class is the code version of M5.3.3)



 Comments   
Comment by Philip Mundt [ 30/Oct/14 ]

"Migration" task should go to core and should only "fix" the broken "superuser" role.

Generated at Mon Feb 12 09:04:28 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.