Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18508

Access (view) denied randomly on pages and solr search

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: In Progress
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 12.10.4, 13.5, 13.6
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      Since we upgrade from 10.11.9 to 12.10.4 we are encountering some permission exception while trying to access a page or even to perform a search in the global solr search.

      It’s not reproducible easily, it happens randomly, I think often when a page was programatically created ( maybe by someone else or programatically ) and first time visited by a user.

      But as seen in the stack trace in the image it happens also with the solr search. I think we can agree that a search in the solr global search should not throw a stacktrace to the user in any case.

      Did something changed in permission management to start investigating that ?

      Theses view permission issue are simply solved by a refresh of the page or re-hitting the search, but maybe it should be critical since it's stacktrace in production.

      The stack trace on solr search

      org.xwiki.rendering.macro.MacroExecutionException: Current user [xwiki:XWiki.chaney08] doesn't have view rights on document [Document xwiki:Main.SolrSearch]
      at org.xwiki.rendering.internal.macro.include.IncludeMacro.execute(IncludeMacro.java:108)
      at org.xwiki.rendering.internal.macro.include.IncludeMacro.execute(IncludeMacro.java:54)
      at org.xwiki.rendering.internal.transformation.macro.MacroTransformation.transform(MacroTransformation.java:297)
      at org.xwiki.rendering.internal.transformation.DefaultRenderingContext.transformInContext(DefaultRenderingContext.java:183)
      at org.xwiki.rendering.internal.transformation.DefaultTransformationManager.performTransformations(DefaultTransformationManager.java:103)
      at org.xwiki.display.internal.DocumentContentAsyncExecutor.executeInCurrentExecutionContext(DocumentContentAsyncExecutor.java:348)
      at org.xwiki.display.internal.DocumentContentAsyncExecutor.execute(DocumentContentAsyncExecutor.java:221)
      at org.xwiki.display.internal.DocumentContentAsyncRenderer.execute(DocumentContentAsyncRenderer.java:107)
      at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:157)
      at org.xwiki.rendering.async.internal.block.AbstractBlockAsyncRenderer.render(AbstractBlockAsyncRenderer.java:54)
      at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:273)
      at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:250)
      at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.execute(DefaultBlockAsyncRendererExecutor.java:125)
      at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:67)
      at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:43)
      at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:96)
      at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:39)
      at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:123)
      at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:52)
      at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:68)
      at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:42)
      at com.xpn.xwiki.doc.XWikiDocument.display(XWikiDocument.java:1216)
      at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1357)
      at com.xpn.xwiki.doc.XWikiDocument.displayDocument(XWikiDocument.java:1306)
      at com.xpn.xwiki.doc.XWikiDocument.displayDocument(XWikiDocument.java:1273)
      at com.xpn.xwiki.api.Document.displayDocument(Document.java:786)
      at sun.reflect.GeneratedMethodAccessor529.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:565)
      at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:548)
      at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:219)
      at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:369)
      at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:701)
      at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:72)
      at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:240)
      at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:144)
      at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:423)
      at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:191)
      at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:144)
      at org.xwiki.velocity.internal.directive.TryCatchDirective.render(TryCatchDirective.java:86)
      at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:301)
      at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:423)
      at org.apache.velocity.Template.merge(Template.java:358)
      at org.apache.velocity.Template.merge(Template.java:262)
      at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:284)
      at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:321)
      at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:95)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:217)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:180)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:137)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:53)
      at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:267)
      at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
      at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:267)
      at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:250)
      at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:772)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:745)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:725)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:711)
      at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78)
      at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2516)
      at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:2494)
      at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:983)
      at sun.reflect.GeneratedMethodAccessor216.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:565)
      at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:548)
      at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:219)
      at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:369)
      at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:490)
      at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:144)
      at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:215)
      at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:328)
      at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:258)
      at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:301)
      at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:423)
      at org.apache.velocity.Template.merge(Template.java:358)
      at org.apache.velocity.Template.merge(Template.java:262)
      at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:284)
      at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:321)
      at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:95)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:217)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:180)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:137)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:53)
      at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:267)
      at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
      at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:267)
      at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:250)
      at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:772)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:745)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:725)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:711)
      at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78)
      at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2516)
      at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:2494)
      at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:983)
      at sun.reflect.GeneratedMethodAccessor216.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:565)
      at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:548)
      at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:219)
      at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:369)
      at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:490)
      at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:144)
      at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:215)
      at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:328)
      at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:258)
      at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:301)
      at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:144)
      at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:172)
      at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:144)
      at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:423)
      at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:191)
      at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:423)
      at org.apache.velocity.Template.merge(Template.java:358)
      at org.apache.velocity.Template.merge(Template.java:262)
      at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:284)
      at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:321)
      at com.xpn.xwiki.internal.template.VelocityTemplateEvaluator.evaluateContent(VelocityTemplateEvaluator.java:95)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.evaluateContent(TemplateAsyncRenderer.java:217)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.renderVelocity(TemplateAsyncRenderer.java:180)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:137)
      at com.xpn.xwiki.internal.template.TemplateAsyncRenderer.render(TemplateAsyncRenderer.java:53)
      at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.lambda$syncRender$0(DefaultAsyncRendererExecutor.java:267)
      at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
      at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.syncRender(DefaultAsyncRendererExecutor.java:267)
      at org.xwiki.rendering.async.internal.DefaultAsyncRendererExecutor.render(DefaultAsyncRendererExecutor.java:250)
      at org.xwiki.rendering.async.internal.block.DefaultBlockAsyncRendererExecutor.render(DefaultBlockAsyncRendererExecutor.java:154)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:772)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:745)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:725)
      at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:711)
      at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78)
      at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2516)
      at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:179)
      at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:572)
      at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:250)
      at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
      at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
      at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
      at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:109)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
      at org.keycloak.adapters.tomcat.AbstractAuthenticatedActionsValve.invoke(AbstractAuthenticatedActionsValve.java:67)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
      at org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.invoke(AbstractKeycloakAuthenticatorValve.java:181)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
      at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
      at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
      at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
      at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
      at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      at java.lang.Thread.run(Thread.java:748)
      

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tmortagne Thomas Mortagne
              Reporter:
              cracky5457 Axel
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response: