Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Spring 5 upgrade returns to access denied page

    Hi all,

    While upgrading our project from Spring 4.x to Spring 5.3. Used GWT version as 2.11 and Java as 17. We are facing issues with the code. We have made code changes compatible with Spring 5.x. However, when running the tomcat, the login page is blank and throws an exception as 403. Which is shown in the attachment file.


    Please find the code details

    Spring configuration

    security:http entry-point-ref="authenticationEntryPoint">
    <security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter"/>
    <security:custom-filter position="FORM_LOGIN_FILTER" ref="formLoginFilter"/>
    <security:anonymous enabled="false"/>
    <security:intercept-url pattern="/ipgui/sc/*" access="ROLE_USER"/>
    <security:intercept-url pattern="/sc/*" access="ROLE_USER"/>
    <security:logout success-handler-ref="logoutSuccessHandler"/>
    <!--
    <security:intercept-url pattern="/ipgui/sc/IDACall*" access="ROLE_USER"/>
    -->

    <security:access-denied-handler ref="accessDeniedHandler"/>
    <security:session-management session-authentication-strategy-ref="sessionAuthenticationStrategy"/>
    </security:http>

    <bean id="authenticationEntryPoint"
    class="com.islandpacific.gui.security.IpAuthenticationEntryPoint"/>

    <security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref='userDetailsAuthenticationProvider'/>
    </security:authentication-manager>

    <bean id="userDetailsAuthenticationProvider"
    class="com.islandpacific.gui.security.IpUserDetailsAuthenticationProvider">
    </bean>

    <bean id="formLoginFilter"
    class="com.islandpacific.gui.security.IpLoginFilter">
    <property name="sessionAuthenticationStrategy" ref="sessionAuthenticationStrategy"/>
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationSuccessHandler">
    <bean class="com.islandpacific.gui.security.IpAuthenticationSuccessHandler"/>
    </property>
    <property name="authenticationFailureHandler">
    <bean class="com.islandpacific.gui.security.IpAuthenticationFailureHandler"/>
    </property>
    </bean>

    <bean id="accessDeniedHandler"
    class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
    <property name="errorPage" value="/accessDenied.html"/>
    </bean>

    <bean id="concurrencyFilter" class="com.islandpacific.gui.security.IpConcurrentSessionFilter">
    <property name="sessionRegistry" ref="sessionRegistry"/>
    <property name="invalidSessionHandler">
    <bean class="com.islandpacific.gui.security.IpInvalidSessionHandler"/>
    </property>
    </bean>
    <!-- org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy-->
    <!-- old one ConcurrentSessionControlStrategy -->
    <bean id="sessionAuthenticationStrategy" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
    <constructor-arg name="sessionRegistry" ref="sessionRegistry"/>
    <property name="maximumSessions" value="4"/>
    </bean>

    <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>

    <bean id="logoutSuccessHandler" class="com.islandpacific.gui.security.IpLogoutSuccessHandler" />


    The below code is used to load the necessary details before the login page rendered.

    Code:
    public static void init(final IpCompletionCallback<IpUserDetailsDTO> callback) {

        getUserService().getUserDetails(new AsyncCallback<IpUserDetailsDTO>() {
            @Override
            public void onSuccess(IpUserDetailsDTO result) {
                myUserDetails = result;
                loadAllApplications();
                loadAllEnvironments();
                callback.onSuccess(myUserDetails);
            }
            @Override
            public void onFailure(Throwable caught) {
                caught.printStackTrace();
                callback.onFailure(caught);
            }
        });
    }
    On the getUserService().getUserDetails used to get userDetails was implemented in two ways as below

    Creating an interface to have a method for getUserDetails

    Code:
    public interface IpAuthenticationServiceAsync {
    public void getUserDetails(AsyncCallback<IpUserDetailsDTO> callback);
    public void isActivityAuthorized(String activityName, AsyncCallback<Boolean> callback);
    public void findGridStateForComponent(String componentName, AsyncCallback<String> callback);
    public void changePassword(String userId, String oldPassword, String newPassword, AsyncCallback<String> callback);
}
    Another way is to create via extends RemoteService

    Code:
    @RemoteServiceRelativePath("authentication")
public interface IpAuthenticationService extends RemoteService {
    public IpUserDetailsDTO getUserDetails();

     public boolean isActivityAuthorized(String activityName);

    public String findGridStateForComponent(String componentName);


    public String changePassword(String userId, String oldPassword, String newPassword);
}

    The below code is used to create the reference to call the server-side.

    Code:
    IpAuthenticationServiceAsync myUserService= null;
private static IpAuthenticationServiceAsync getUserService() {
        if (myUserService == null) {
                 myUserService = (IpAuthenticationServiceAsync) GWT.create(IpAuthenticationService.class);
        }
        return myUserService;
    }
    When the call is triggered on getUserService().getUserDetails(new AsyncCallback<IpUserDetailsDTO>() {..}

    Expected to call the getUserDetails() in the IpAuthenticationService as below.

    Code:
    @SuppressWarnings("serial")
public class IpAuthenticationServiceImpl extends RemoteServiceServlet implements
        IpAuthenticationService {

    private static Logger log = new Logger(IpAuthenticationServiceImpl.class.getName());
    private static final long serialVersionUID = 1L;

    @Override
    public IpUserDetailsDTO getUserDetails() {
        IpUserDetailsDTO userDetailsDTO = new IpUserDetailsDTO();
    It was calling to another part of the class and returned as a 403 exception.

    Code:
    public class IpAuthenticationManager {
.
public static IpUserDetails getUserDetails() {
        if (getUserDetailsOverride() != null) {
            return getUserDetailsOverride();
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        IpUserDetails userDetails = (IpUserDetails) authentication.getprincipal();
        return userDetails;
    }

    Can you guys give some thoughts and what I am missing here?

    Thanks
    Attached Files
    Last edited by antonychristopher; 18 Jun 2024, 08:14.
    Tags: None
    #2
    We might be missing something, but it seems like all of the code here is pure Spring with no SmartClient involved, right?

    We are not Spring experts, so this might not be the best forum to look for help (at least from Isomorphic). However, we do have Spring experts on the Consulting side, so if you need help with Spring, we could do a short engagement focused on this problem.

    Comment

      #3
      Thanks for the update.

      The Spring picture comes after the login page. The below RPC returned a 403 error in the below attachment.



      The tricky thing is calling the below context.

      myUserService = (IpAuthenticationServiceAsync) GWT.create(IpAuthenticationService.class);

      Why it was not calling from the class IpAuthenticationServiceImpl extends RemoteServiceServlet implements IpAuthenticationService


      Do we need an additional configuration GWT2.11 in place of Spring 5 / Java 17.

      Please guide us.


      Attached Files

      Comment

        #4
        Sorry, again, this doesn't seem to involve our technology at all - literally not a single line of code from our framework is involved in this, as far as we can tell (please correct us if we are mistaken).

        We have experts we can tap immediately - as part of our consulting service - who have deep expertise in this area. But our Support team is expert in our technology, and this situation does not seem to involve our technology at all.

        This is apart from the fact that your support seems to have lapsed several years ago..

        So again, Isomorphic can really solve anything for you (you might be amazed at the problems we have been able to solve!) but we can't help you, with a problem that is wholly unrelated to our technology, with our free (unpaid) support function. Sorry.

        Again, just to emphasize - we absolutely can solve this - if you engage us properly. We hope this is clear.

        Comment

          #5
          Thank you for the response.

          Comment

            #6
            Hi All,

            We have managed to sort out the spring issue. We have applied the SmartGWT 13.0 evaluation version to load the data source facing the exception below. Attached the image for the reference.


            Exception trace:

            ISC_Core.js?isc_vers…p_2017-12-15.js:327Uncaught ReferenceError: orderNumber is not defined at eval (eval at <anonymous> (eval at isc__makeFunction (http://localhost:8072/ipgui/ipgui/sc...-15.js:86:1135)), <anonymous>:86176:21) at eval (eval at isc__makeFunction (http://localhost:8072/ipgui/ipgui/sc...-15.js:86:1135), <anonymous>:3:8) at Object.isc_c_Class_evalWithVars [as evalWithVars] (http://localhost:8072/ipgui/ipgui/sc...2-15.js:338:62) at _3.isc_c_RPCManager_evalResult [as evalResult] (http://localhost:8072/ipgui/ipgui/sc...-15.js:1646:18) at _3.isc_c_RPCManager_fireReplyCallbacks [as fireReplyCallbacks] (http://localhost:8072/ipgui/ipgui/sc...-15.js:1647:88) at _3.isc_c_RPCManager_completeOperationReply [as completeOperationReply] (http://localhost:8072/ipgui/ipgui/sc...2-15.js:1639:6) at _3.isc_c_RPCManager_performOperationReply [as performOperationReply] (http://localhost:8072/ipgui/ipgui/sc...15.js:1637:109) at _3.isc_c_RPCManager__performTransactionReply [as $39d] (http://localhost:8072/ipgui/ipgui/sc...-15.js:1566:26) at _3.isc_c_RPCManager_performTransactionReply [as performTransactionReply] (http://localhost:8072/ipgui/ipgui/sc...-15.js:1524:20) at eval (eval at isc__makeFunction (http://localhost:8072/ipgui/ipgui/sc...-15.js:86:1135), <anonymous>:3:16) at _3.isc_c_Class_fireCallback [as fireCallback] (http://localhost:8072/ipgui/ipgui/sc...-15.js:327:252) at _3.isc_c_Comm_performXmlTransactionReply [as performXmlTransactionReply] (http://localhost:8072/ipgui/ipgui/sc...-15.js:2152:27) at eval (eval at isc__makeFunction (http://localhost:8072/ipgui/ipgui/sc...-15.js:86:1135), <anonymous>:3:10) at Object.isc_c_Class_fireCallback [as fireCallback] (http://localhost:8072/ipgui/ipgui/sc...-15.js:327:252) at _3.isc_c_Comm__fireXMLCallback [as $h0] (http://localhost:8072/ipgui/ipgui/sc...15.js:2130:440) at XMLHttpRequest._15 (http://localhost:8072/ipgui/ipgui/sc...15.js:2138:367)

            Source code of dataSource definition:

            Code:
            <field name="orderNumber" nativeName="DCONUM" primaryKey="true"
            textMatchStyle="exact" canEdit="false" title="Order Number" type="text"
            width="70" menuItem="Order>">
            <customCriteriaExpression>
                DORDLIN.DCONUM=$criteriaValue
            </customCriteriaExpression>
        </field>
<field name="lineNumber" nativeName="DOLNUM" detail="true"
            primaryKey="true" canEdit="false" title="Line #" type="integer"
            menuItem="Order Line>"
            >
            <showGridSummary>
                <JS>false</JS>
            </showGridSummary>
            <showGroupSummary>
                <JS>false</JS>
            </showGroupSummary>
        </field>

        <field name="customerNumber" nativeName="DCUCUS" title="Customer ID"
            hidden="true" type="text" length="10" detail="true" canEdit="false">
            <customCriteriaExpression>
                DORDLIN.DCUCUS=$criteriaValue
            </customCriteriaExpression>
        </field>

<!.....sku, description, color,size,unitsordered are defined...>

<operationBinding operationType="fetch" operationId="fetchSkus"
            outputs="orderNumber, lineNumber, customerNumber, sku, description, color, size, unitsOrdered">
            <summaryFunctions>
                <unitsOrdered>sum</unitsOrdered>
                <lineNumber>min</lineNumber>
            </summaryFunctions>
            <tableClause>
                dordlin dordlin
                    left join fskumas fskumas on dordlin.fsksku = fskumas.fsksku
            </tableClause>
<groupBy>orderNumber, customerNumber, sku, description, color, size</groupBy>
        </operationBinding>
            Attached Files

            Comment

              #7
              Are you also upgrading your SmartGWT version as part of this change? You haven't mentioned that, but it seems you probably are, otherwise, this behavior is hard to explain.

              Basically, what seems to be happening is that you are using an incorrect form of the XML for operationBinding.groupBy, but the system was probably compensating for your bad usage, and now it is not (due to the upgrade).

              These docs explain how to correctly specify a multiple value in XML:

              https://smartclient.com/smartclient-...Field.multiple

              If you are not also upgrading SmartGWT at the same time, then the other possibility is that you have somehow moved or deleted some of the files under system/schema, specifically the series of files like OperationBinding.ds.xml, DataSourceField.ds.xml etc, which are how we define the expected format of XML files like .ds.xml files or .ui.xml files.

              Comment

                #8
                Hi,

                Thanks for the response.

                we have cross-verified the operation binding for SmartGWt13 in the showcase which holds the same kind of operation binding definition.

                https://smartclient.com/smartgwtee/s...ggregation_new


                Code:
                <operationBinding operationType="fetch" operationId="amountByItem">  
            <groupBy>itemDescription</groupBy>  
            <summaryFunctions>  
                <pk>count</pk>  
                <amount>sum</amount>  
            </summaryFunctions>  
        </operationBinding>
                OperationBinding in our data source throws an error exactly on group by order number

                Code:
                <operationBinding operationType="fetch" operationId="fetchSkus"
            outputs="orderNumber, lineNumber, customerNumber, sku, description, color, size, unitsOrdered">
            <groupBy>orderNumber, customerNumber, sku, description, color, size</groupBy>
            <summaryFunctions>
                <unitsOrdered>sum</unitsOrdered>
                <lineNumber>min</lineNumber>
            </summaryFunctions>
            <tableClause>
                dordlin dordlin
                    left join fskumas fskumas on dordlin.fsksku = fskumas.fsksku
            </tableClause>
        </operationBinding>

                The below OrderLine dataSource definition entire one. With that XML throws an error as Uncaught ReferenceError: orderNumber is not defined


                Code:
                <DataSource ID="OrderLine" dataFormat="iscServer"
    webServiceOperations="fetch" title="Order Line" pluralTitle="Order Lines"
    serverType="sql" dbName="as400" sparseUpdates="true" tableName="DORDLIN"
    ipdAttributeObjectId="DOL" ipdAttributeKey="DORDLIN.DCONUM||digits(DORDLIN.DOLNUM)"
    strictSQLFiltering="true" serverConstructor="com.islandpacific.gui.server.direct.OrderLineDS">
    <!-- Provides a formatted view of IP Direct customer order line item details. -->
    <fields>

        <field name="orderNumber" nativeName="DCONUM" primaryKey="true"
            textMatchStyle="exact" canEdit="false" title="Order Number" type="text"
            width="70" menuItem="Order>">
            <customCriteriaExpression>
                DORDLIN.DCONUM=$criteriaValue
            </customCriteriaExpression>
        </field>

        <field name="lineNumber" nativeName="DOLNUM" detail="true"
            primaryKey="true" canEdit="false" title="Line #" type="integer"
            menuItem="Order Line>"
            >
            <showGridSummary>
                <JS>false</JS>
            </showGridSummary>
            <showGroupSummary>
                <JS>false</JS>
            </showGroupSummary>
        </field>

        <field name="orderShipToNumber" nativeName="DCOSTO" title="ShipTo Sequence Number" type="integer" length="3" /> <!-- Ship to record for this order in OrderCustomer -->

        <field name="customerNumber" nativeName="DCUCUS" title="Customer ID"
            hidden="true" type="text" length="10" detail="true" canEdit="false">
            <customCriteriaExpression>
                DORDLIN.DCUCUS=$criteriaValue
            </customCriteriaExpression>
        </field>

        <field name="lineStatus" type="text" width="100" canEdit="false"
            title="Line Status" menuItem="Order Line>">
            <customSelectExpression>
            <![CDATA[
                case when fskumas.fskcom='Y' then 'M'
                when dordlin.DOLURS>0 and (OrderLineWave.waveName IS NULL OR trim(OrderLineWave.waveName)='') then 'N'
                when dordlin.DOLURS>0 and OrderLineWave.waveName IS NOT NULL AND trim(OrderLineWave.waveName) != '' then 'W'
                when dordlin.DOLUAL>0 and dinvhdr.DOICCD=0 and dinvhdr.DOISDT IS NOT NULL and dinvhdr.DOISDT=0 then 'K'
                when dordlin.DOLUAL>0 and dinvhdr.DOICCD>0 and dinvhdr.DOISDT IS NOT NULL and dinvhdr.DOISDT=0 then 'H'
                when dordlin.DOLUSH>0 and dinvhdr.DOISDT IS NOT NULL and dinvhdr.DOISDT=$currentDateYYYYMMDD then 'I'
                when dordlin.DOLUSH>0 then 'S'
                when dordlin.DOLUCN>0 then 'C'
                when dordlin.DOLUOR<0 then 'R'
                when dordlin.DOLUBO>0 then 'B'
                else 'U' end
            ]]>
            </customSelectExpression>
            <valueMap>
                <value ID="M">Master SKU</value>
                <value ID="N">New</value>
                <value ID="W">Waved</value>
                <value ID="K">In Picking</value>
                <value ID="H">In Packing</value>
                <value ID="I">In Shipping</value>
                <value ID="S">Shipped</value>
                <value ID="C">Cancelled</value>
                <value ID="R">Returned</value>
                <value ID="B">Backordered</value>
                <value ID="U">Unreserved</value>
            </valueMap>
        </field>

        <field name="displayPricesIncludingVat" nativeName="DCDPIV"
            tableName="DCATDIV" title="Display Prices Including Vat" hidden="true"
            canEdit="false" type="boolean" labelAsTitle="true"
            sqlStorageStrategy="singleCharYN" detail="true" />

        <!-- SHIPTO -->

        <!-- <field name="shipToCustomerId" title="Ship To Cust#" type="text" nativeName="DCUCUS"
            width="100" menuItem="Ship To>" detail="true" canEdit="false" customSelectExpression="DORDLIN.DCUCUS"
            customInsertExpression="$values.shipToCustomerId" customUpdateExpression="$values.shipToCustomerId"
            /> -->

        <field name="shipToCustomerNumber" nativeName="DBXCUS" title="Ship To Cust#"
            type="text" length="10" detail="true" />

        <field name="shipToAddressNumber" nativeName="DBXADD"
            title="Ship
             To Address Number" type="integer" length="3" detail="true" />
        </field>
    </fields>
    <operationBindings>
        <operationBinding operationType="fetch"
            progressiveLoading="true">
            <tableClause>
                dordlin dordlin
                join dordhdr dordhdr on dordlin.dconum = dordhdr.dconum
                left join dcatdiv dcatdiv on dordhdr.dcddiv = dcatdiv.dcddiv
                left join fskumas fskumas on dordlin.fsksku = fskumas.fsksku
                left join dproduc dproduc on dordlin.dprprd = dproduc.dprprd
                left join OrderLineWave on dordlin.dconum = OrderLineWave.dconum
                    and dordlin.dolnum = OrderLineWave.dolnum
                LEFT JOIN DCUSNAM ON dordlin.dbxcus=DCUSNAM.DCUCUS
                left join dordcus on dordlin.dconum = dordcus.dconum and dordlin.dcosto = dordcus.dcosto
                left join dinvdtl dinvdtl on dordlin.dconum=dinvdtl.dconum
                    and dordlin.dolnum=dinvdtl.dolnum and doiqty!=0
                    and dinvdtl.doinum = (select max(doinum) from dinvdtl
                    dinvdtl2 where dordlin.dconum=dinvdtl2.dconum and
                    dordlin.dolnum=dinvdtl2.dolnum and doiqty!=0)
                left join dinvhdr dinvhdr on dinvdtl.dconum=dinvhdr.dconum
                    and dinvdtl.doinum=dinvhdr.doinum
                left join dmandtl dmandtl on dordlin.dconum=dmandtl.dconum
                    and dinvdtl.doinum=dmandtl.doinum
                    and dmandtl.dmhman || digits(dmdnum) = (select max(dmandtl.dmhman || digits(dmdnum)) from
                    dmandtl dmandtl2 where dordlin.dconum=dmandtl2.dconum
                    and dinvdtl.doinum=dmandtl2.doinum)
                left join dmanhdr dmanhdr on dmandtl.dmhman=dmanhdr.dmhman
                left join dcatcar dcatcar on dmanhdr.dcccar=dcatcar.dcccar
                LEFT JOIN DCUSGMS ON
                DORDLIN.DCONUM=DCUSGMS.DCONUM
                AND DORDLIN.DOLNUM=DCUSGMS.DOLNUM
            </tableClause>
        </operationBinding>

        <!--
            Summarizes the individual item quantities on the order regardless of how many
             lines they appear on. Used specifically in creating packing lists. on this o
         -->
        <operationBinding operationType="fetch" operationId="fetchSkus"
            outputs="orderNumber, lineNumber, customerNumber, sku, description, color, size, unitsOrdered">
            <groupBy>orderNumber, customerNumber, sku, description, color, size</groupBy>
            <summaryFunctions>
                <unitsOrdered>sum</unitsOrdered>
                <lineNumber>min</lineNumber>
            </summaryFunctions>
            <tableClause>
                dordlin dordlin
                    left join fskumas fskumas on dordlin.fsksku = fskumas.fsksku
            </tableClause>
        </operationBinding>

        <!-- IPGUI-5276: Determine next available line number for this order -->
        <operationBinding operationType="fetch" operationId="nextLineNumber">
            <customSQL>
                Select $criteria.orderNumber orderNumber, ifNull(max(DOLNUM),0)+1 lineNumber from DORDLIN where DCONUM = $criteria.orderNumber
            </customSQL>
        </operationBinding>


        <operationBinding operationType="fetch" operationId="fetchReturnInvoicedOrder">
            <customSQL>
                Select count(*) from DORDLIN where DCONUM = $criteria.orderNumber and DOLINV='N'
            </customSQL>
        </operationBinding>

</DataSource>
                Last edited by antonychristopher; 20 Jun 2024, 08:33.

                Comment

                  #9
                  Hi there! So as we mentioned in our previous reply, your <groupBy> puts multiple fields in a comma-separated list, which is not what is documented, and is not what the example you pointed to does (which is why it works!).

                  So the solution & questions seem to be the same as previously suggested.

                  Because you have no support, we are struggling to find time to address this, and can only give quick suggestions - your intensive use of our technology suggests that you should probably have support. Could you please resolve that?

                  Comment

                    #10
                    Thanks for the response.

                    Comment

                    Previous template Next
                    Working...
                    X