Details
-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
13.5-rc-1
-
None
-
Unknown
-
Description
Steps to reproduce:
- Install the change request application
- Uninstall the Like API.
- Open any page of the wiki
Expected result:
The wiki works normally.
Actual result:
The wiki is broken, all rights are denied and you see messages like Failed to execute the [velocity] macro. Cause: [The execution of the [velocity] script macro is not allowed in [xwiki:ChangeRequest.Code.EditPageUIX]. Check the rights of its last author or the parameters if it's rendered from another script.]. Click on this message for details..
The log is full of errors like
2023-06-13 14:56:28,652 [qtp320304382-140 - http://localhost:9015/xwiki/bin/get/XWiki/Extensions] ERROR a.i.BridgeAuthorizationManager - Failed to load rights for user [xwiki:XWiki.Admin] on [xwiki:XWiki.Notifications.Code.NotificationsDisplayerUIX].
java.lang.IndexOutOfBoundsException: Index 17 out of bounds for length 17
at java.base/jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64)
at java.base/jdk.internal.util.Preconditions.outOfBoundsCheckIndex(Preconditions.java:70)
at java.base/jdk.internal.util.Preconditions.checkIndex(Preconditions.java:248)
at java.base/java.util.Objects.checkIndex(Objects.java:372)
at java.base/java.util.ArrayList.get(ArrayList.java:459)
at org.xwiki.security.authorization.Right.get(Right.java:387)
at org.xwiki.security.authorization.RightSet$RightIterator.next(RightSet.java:114)
at org.xwiki.security.authorization.RightSet$RightIterator.next(RightSet.java:85)
at java.base/java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1047)
at org.xwiki.security.authorization.internal.DefaultAuthorizationSettler.settle(DefaultAuthorizationSettler.java:61)
at org.xwiki.security.authorization.internal.AbstractAuthorizationSettler.settle(AbstractAuthorizationSettler.java:209)
at org.xwiki.security.authorization.internal.DefaultAuthorizationSettler.settle(DefaultAuthorizationSettler.java:46)
at org.xwiki.security.authorization.cache.internal.DefaultSecurityCacheLoader.loadAccessEntries(DefaultSecurityCacheLoader.java:235)
at org.xwiki.security.authorization.cache.internal.DefaultSecurityCacheLoader.loadRequiredEntries(DefaultSecurityCacheLoader.java:204)
at org.xwiki.security.authorization.cache.internal.DefaultSecurityCacheLoader.load(DefaultSecurityCacheLoader.java:157)
at org.xwiki.security.authorization.DefaultAuthorizationManager.getAccess(DefaultAuthorizationManager.java:252)
at org.xwiki.security.authorization.DefaultAuthorizationManager.evaluateSecurityAccess(DefaultAuthorizationManager.java:169)
at org.xwiki.security.authorization.DefaultAuthorizationManager.hasSecurityAccess(DefaultAuthorizationManager.java:162)
at org.xwiki.security.authorization.DefaultAuthorizationManager.hasAccess(DefaultAuthorizationManager.java:119)
at org.xwiki.security.authorization.internal.BridgeAuthorizationManager.hasAccess(BridgeAuthorizationManager.java:67)
at org.xwiki.security.authorization.internal.DefaultContextualAuthorizationManager.hasAccess(DefaultContextualAuthorizationManager.java:122)
at org.xwiki.security.authorization.internal.DefaultContextualAuthorizationManager.hasAccess(DefaultContextualAuthorizationManager.java:117)
at com.xpn.xwiki.plugin.skinx.AbstractDocumentSkinExtensionPlugin.isAccessible(AbstractDocumentSkinExtensionPlugin.java:450)
at com.xpn.xwiki.plugin.skinx.JsSkinExtensionPlugin.getLink(JsSkinExtensionPlugin.java:85)
at com.xpn.xwiki.plugin.skinx.AbstractSkinExtensionPlugin.getImportString(AbstractSkinExtensionPlugin.java:344)
at com.xpn.xwiki.plugin.skinx.AbstractSkinExtensionPlugin.endParsing(AbstractSkinExtensionPlugin.java:445)
at com.xpn.xwiki.plugin.skinx.AbstractDocumentSkinExtensionPlugin.endParsing(AbstractDocumentSkinExtensionPlugin.java:336)
at com.xpn.xwiki.plugin.skinx.JsSkinExtensionPlugin.endParsing(JsSkinExtensionPlugin.java:126)
at com.xpn.xwiki.plugin.XWikiPluginManager.endParsing(XWikiPluginManager.java:272)
at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:184)
at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:89)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:636)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:300)
at com.xpn.xwiki.web.LegacyActionServlet.service(LegacyActionServlet.java:112)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1419)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:61)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.eclipse.jetty.websocket.servlet.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:170)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1383)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1305)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192)
at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:51)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:139)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:933)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1077)
at java.base/java.lang.Thread.run(Thread.java:829)
The reason for this is that unregistering a right that is not the last registered right messes up the internal state of rights as rights in the internal rights array are moved incorrectly and then the value of a right and its index in the values array don't match anymore.
Attachments
Issue Links
- is caused by
-
XWIKI-17571 Allow to unregister a right
-
- Closed
-
- relates to
-
-
- Open
-