First access fails - Not allowed - Forums - Liferay

留言板

First access fails - Not allowed

Micael Ericsson，修改在10 年前。

First access fails - Not allowed

Regular Member 帖子: 169 加入日期: 12-12-11 最近的帖子

We have a running site of Liferay 6.1.2_GA3, recently upgraded from 6.1.0_GA2. The below test is on my development PC.
We have encountered a strange behavior. Our first page is public and contains one portlet that shows a list of assignments. Selecting an assignment is mandatory to move on to login page.

First try selecting an assignment always leads to an Liferay error (supplied image is in swedish). It says (my translation):
- Not allowed.
- Your rights doesn't allow you this information.

If I look through all logs only one has an entry - local_access_log with the following data:
127.0.0.1 - - [06/Feb/2014:10:44:55 +0100] "POST /hem;jsessionid=76F9E4519885F4867AFB59D6B45FD796?p_auth=eBXLZB4h&p_p_id=AktivaUppdrag_WAR_AktivaUppdrag10SNAPSHOT&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&_AktivaUppdrag_WAR_AktivaUppdrag10SNAPSHOT__facesViewIdRender=%2Fviews%2FaktivaUppdragIntro.xhtml HTTP/1.1" 403 4860
127.0.0.1 - - [06/Feb/2014:10:44:55 +0100] "GET /html/js/liferay/available_languages.jsp?browserId=firefox&themeId=myndigheten_WAR_myndighetentheme&colorSchemeId=01&minifierType=js&languageId=sv_SE&b=6102&t=1376650194000 HTTP/1.1" 200 200

But if I reload start page then I can select an assignment and move to login page. Only first try on a fresh browser gives this exception.

Suggestions what the problem could be?

Micael Ericsson，修改在10 年前。

RE: First access fails - Not allowed

Regular Member 帖子: 169 加入日期: 12-12-11 最近的帖子

Perhaps I should add that this is a new problem.

In previous release we didn't have this issue. So whats new:
- From 6.1.0GA2 -> 6.1.2GA3 of Liferay.
- A new liferay database from our master.
- A new security package - something that kicks in after/during login. Shouldn't affect this.
- Minor changes in portlet.

At current our focus is at the Liferay upgrade and the database change.

Micael Ericsson，修改在10 年前。

RE: First access fails - Not allowed

Regular Member 帖子: 169 加入日期: 12-12-11 最近的帖子

Upon searching for the swedish error text I found a language property entry matching:
you-do-not-have-permission-to-access-the-requested-resource=Dina rättigheter ger dig inte tillgång till den här informationen.

Searching for this key gave me a proper english translation: "You do not have permission to access the requested resource"

Searching for this error text gave me unfortunately nothing close to my setup and problem.

I have been able to reproduce the problem with a new scenario:
- Login to site
- Logout
- Go to start page
- Choose assignment
And I get the same error heading and text.

The url is: https://gmu-web-test.pliktverket.se/hem?p_auth=qyq2gTyo&p_p_id=AktivaUppdrag_WAR_AktivaUppdrag10&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&_AktivaUppdrag_WAR_AktivaUppdrag10__facesViewIdRender=%2Fviews%2FaktivaUppdragIntro.xhtml

This should be and open (for guest) url except that it prefixes with "https". It should be a "http" call.

Micael Ericsson，修改在10 年前。

RE: First access fails - Not allowed

Regular Member 帖子: 169 加入日期: 12-12-11 最近的帖子

Following scenario gives Forbidden error
- Login to site
- Logout
- Go to start page
- Choose assignment
Liferay Forbidden is shown.

Following scenario works fine
- Login to site
- Logout
- Go to start page
- F5 to reload page
- Choose assignment
Correct behaviour. Login page is displayed.

If I try to debug error scenario and put a breakpoint in the portlet bean where code is for "choose assignment" it never stops there. The error occurs before bean is called. But the error occurs when link (assignment) is pressed. So for some reason I as a user don't have access to the portlet. But why do I have access to it after I press F5 and then the link.

And nothing is logged. I have looked through all log files and this is not logged anywhere. Strange.

Juan Gonzalez，修改在10 年前。

RE: First access fails - Not allowed

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子

Hi Micael,

how are you accessing that page? I mean, are you generating that URL in your portlet?

Micael Ericsson，修改在10 年前。

RE: First access fails - Not allowed

Regular Member 帖子: 169 加入日期: 12-12-11 最近的帖子

Juan Gonzalez:

Hi Micael,

how are you accessing that page? I mean, are you generating that URL in your portlet?

Scenario with click and more info.
- login. Click on login link at top of page which leads to our login module.
- logout. Click on logout link at top of page which leads to logout page. But before a logout action hook cleans up data.
- start. Click on menu item "start" which opens start page with assignments portlet.
- click one of many assignments in portlet. Xhtml has a h:commandLink which should call openAssignment() method in managedbean but it does not. Error forbidden occurs before openAssignment() is reached.

Juan Gonzalez，修改在10 年前。

RE: First access fails - Not allowed

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子

Can you paste some snippet of "start" link/button?

Seems that URL is created wrong.

Micael Ericsson，修改在10 年前。

RE: First access fails - Not allowed

Regular Member 帖子: 169 加入日期: 12-12-11 最近的帖子

Juan Gonzalez:

Can you paste some snippet of "start" link/button?

Seems that URL is created wrong.

The "Start" is a standard Liferay menu connected to "Start" page and not some code I have created.

Juan Gonzalez，修改在10 年前。

RE: First access fails - Not allowed

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子

Oooops!

Ok, so the wrong link must be the one you create in your assignments portlet...

Micael Ericsson，修改在10 年前。

RE: First access fails - Not allowed

Regular Member 帖子: 169 加入日期: 12-12-11 最近的帖子

Juan Gonzalez:

Oooops!

Ok, so the wrong link must be the one you create in your assignments portlet...

Repeat of scenario:
1) Login
2) Logout
3) Menu Start is clicked to load Start-page with Assignments portlet.
4) Link is clicked in Assignments portlet.
The method in managed bean connected with commandLink in xhtml is never reached. Instead I get Liferays "Forbidden" error message.

BUT if in every other scenario this link is working without any problem. It's only in the above scenario I get this error. If I do a page refresh before step 4 everything works fine.

Code snippet from xhtml

<h:commandlink action="#{assignmentController.submitUppdrag}" value="Click here">
									<f:setpropertyactionlistener target="#{assignmentController.id}" value="#{uppdrag.id}" />
									<f:setpropertyactionlistener target="#{assignmentController.ansokanUrl}" value="#{uppdrag.ansokanUrl}" />
									<f:param name="uppdragId" value="#{uppdrag.id}" />
								</h:commandlink>

Micael Ericsson，修改在10 年前。

RE: First access fails - Not allowed

Regular Member 帖子: 169 加入日期: 12-12-11 最近的帖子

Juan Gonzalez:

Oooops!

Ok, so the wrong link must be the one you create in your assignments portlet...

Any suggestions after my latest post?

Juan Gonzalez，修改在10 年前。

RE: First access fails - Not allowed

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子

Hi Micael,

very difficult to guess without having the portlet.

Are you using that portlet by embedding in a theme or something?

Are you using a cluster?

Micael Ericsson，修改在10 年前。

RE: First access fails - Not allowed

Regular Member 帖子: 169 加入日期: 12-12-11 最近的帖子

Juan Gonzalez:

Hi Micael,

very difficult to guess without having the portlet.

Are you using that portlet by embedding in a theme or something?

Are you using a cluster?

No cluster. Standard portlet dropped to page.

I don't think it's the portlet itself that is the problem since it is working fine i normal case. I believe it has something to do with the state I am in when the problems occur.

Juan Gonzalez，修改在10 年前。

RE: First access fails - Not allowed

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子

Then would be great if you could create and upload a simple portlet to reproduce it...

Micael Ericsson，修改在10 年前。

RE: First access fails - Not allowed

Regular Member 帖子: 169 加入日期: 12-12-11 最近的帖子

Juan Gonzalez:

Then would be great if you could create and upload a simple portlet to reproduce it...

As I said I don't think it has anything to do with the portlet itself. More with the mechanism surrounding loggin in, logging out and accessing start page.

I added a testportlet on the start page. Rerun the scenario and this time I clicked on a button in my newly deployed test portlet.
Error in log:

Allvarlig: viewId:/views/testPrimeView.xhtml - View /views/testPrimeView.xhtml could not be restored.
javax.faces.application.ViewExpiredException: viewId:/views/testPrimeView.xhtml - View /views/testPrimeView.xhtml could not be restored.
at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:205)

So I think it's confirmed that it has nothing to do with the portlet.

Juan Gonzalez，修改在10 年前。

RE: First access fails - Not allowed

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子

Hi Micael,

so weird...Seems there is a problem with your local server session management somehow. That explains your permission failure of your first post and the XHTML facelets that couldn't be restored.

Juan Gonzalez，修改在10 年前。

RE: First access fails - Not allowed

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子

Micael, try set this property and restart, please:

session.enable.url.with.session.id=false

Then post here the results...

Micael Ericsson，修改在10 年前。

RE: First access fails - Not allowed

Regular Member 帖子: 169 加入日期: 12-12-11 最近的帖子

Juan Gonzalez:

Micael, try set this property and restart, please:
session.enable.url.with.session.id=false
Then post here the results...

Same result as before. "Forbidden" and

https://minsida.rekryteringsmyndigheten.local:8443/hem?p_auth=SfiE1DeG&p_p_id=AktivaUppdrag_WAR_AktivaUppdrag&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&_AktivaUppdrag_WAR_AktivaUppdrag__facesViewIdRender=%2Fviews%2FaktivaUppdragIntro.xhtml