No announcement yet.
  • Filter
  • Time
Clear All
new posts

    Declarative Security Failure

    Hi Team,

    We have the below error with respect to declarative security, the role check is failing even though respective role has been set.

    <binding operationType="fetch" requiresRole="ADMIN" />

    Note: Only one fetch operation specified in the ds file.
    SecureIDACall servlet has been extending the IDACall and in processRequest we are setting the roles for RPC using below code.

    SecureIDACall Code:

    java.lang.SecurityException: DataSource 'Bill', operationType 'fetch', operationId 'Bill_fetch'. This operation requires role(s) 'ADMIN'. User 'ABC' fails the role check.
    at com.isomorphic.datasource.DSRequest.execute( ~[isomorphic-core-rpc-6.1-p20171121.jar:?]
    at com.isomorphic.servlet.IDACall.handleDSRequest( [isomorphic-core-rpc-6.1-p20171121.jar:?]
    at com.isomorphic.servlet.IDACall.processRPCTransaction( [isomorphic-core-rpc-6.1-p20171121.jar:?]
    at com.bp2s.xproducts.lba.server.servlet.SecureIDACall.processRequest( [classes/:?]
    at com.isomorphic.servlet.IDACall._processRequest( [isomorphic-core-rpc-6.1-p20171121.jar:?]
    at com.isomorphic.servlet.IDACall.doPost( [isomorphic-core-rpc-6.1-p20171121.jar:?]

    Expecting your help on this to proceed further.


    Hi there Manjula.

    We would be happy to help, but in order to help, we do need a valid bug report.

    At the moment, the information you've provided simply indicates that you are using this feature in the most basic way, and you are saying that it simply does not work at all.

    If the feature were actually broken at such a basic level, we would have hundreds of failing automated tests as well as many customers reporting the same failure.

    So, there is something special about your usage. Whatever the difference is, it's something more than you have shown us here.

    If you read the Debugging overview, you can find out how to report issues so that it is possible to provide help. But in terms of just the basic things you should check:

    1. make sure the code that sets the roles is actually executing - log something so you know it's actually happening, and is happening at the right point in processing (before the role checks happen)

    2. log the actual value passed to setUserRoles so you know that it is correct. Check letter case by the way - roles are case-sensitive

    3. make sure your .ds.xml is well-formed. There should be <operationBindings> with <operationBinding> subelements. You showed just <binding> above and no other context, so it might be incorrect

    4. you can check whether other settings in the same operationBinding are working as expected. If they aren't, then you might be looking at the wrong DataSource file entirely, or perhaps you forgot to save changes before testing, or issues along those lines

    After checking these things, make sure to read the full Debugging overview so that you know what is necessary to enable others to help you.



      Just some further thoughts:

      5. you might check over your code to see if there are other calls to setUserRoles() that are overriding the call you've made

      6. you can check the result of getUserRoles() at various points (in a DMI, in a custom DataSources, etc) to see if something else has changed the value