You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by "Maxim Solodovnik (JIRA)" <ji...@apache.org> on 2018/09/21 08:41:00 UTC
[jira] [Updated] (OPENMEETINGS-1937) Method for room hash
generation should return ERROR in case of invalid parameters
[ https://issues.apache.org/jira/browse/OPENMEETINGS-1937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maxim Solodovnik updated OPENMEETINGS-1937:
-------------------------------------------
Fix Version/s: 4.0.6
Description:
Currently room hash is being returned even if it is unusable
Method for hash generation should return ERROR in case hash can't be used for login
was:
When trying to enter into the OpenMeetings room using room hash (using this example [https://openmeetings.apache.org/RestAPISample.html),] I get an error saying 'Access Denied. You are not allowed to enter this room'.
I am using Postman to create API requests.
*To get sid*: [http://om-server-test.apps.xxx.xxx.xx.xxx.nip.io/openmeetings/services/user/login?user=<username>&pass=<password|http://om-server-test.apps.xxx.xxx.xx.xxx.nip.io/openmeetings/services/user/login?user=%3cusername%3e&pass=%3cpassword]>
*To get room hash*: [http://om-server-test.apps.xxx.xxx.xx.xxx.nip.io/openmeetings/services/user/hash?sid=f1f335a9-0e24-4c01-9d11-421f06f5ab07&user={firstname|http://om-server-test.apps.xxx.xxx.xx.xxx.nip.io/openmeetings/services/user/hash?sid=f1f335a9-0e24-4c01-9d11-421f06f5ab07&user=%7bfirstname]: '<firstname>', lastname: '<lastname>', externalId: 'uid1', login: '<username>' }&options=\{roomId: 7, moderator: true, showAudioVideoTest: true}&dataType=json
*Url to enter link*: [http://om-server-test.apps.xxx.xxx.xx.xxx.nip.io/openmeetings/hash?secure]= 8e8229fe-207f-4b65-a87c-d97408a37283
OM version: 4.0.5
Here is the error snippet from openmeetings.logs:
*ERROR* 09-20 08:48:25.167 o.a.o.d.e.s.RemoteSessionObject:145 [0.0-5080-exec-3] - Unexpected error while storing object to XML: RemoteSessionObject [username=xxxxxxx, firstname=Dhanashree, lastname=Kulkarni, pictureUrl=null, email=null, externalUserId=uid1, externalUserType=null]
org.simpleframework.xml.core.ElementException: Value for @org.simpleframework.xml.Element(name=, data=false, type=void, required=true) on field 'externalUserType' private java.lang.String org.apache.openmeetings.db.entity.server.RemoteSessionObject.externalUserType is null in class org.apache.openmeetings.db.entity.server.RemoteSessionObject
at org.simpleframework.xml.core.Composite.writeUnion(Composite.java:1122)
at org.simpleframework.xml.core.Composite.writeElements(Composite.java:1098)
at org.simpleframework.xml.core.Composite.writeSection(Composite.java:1004)
at org.simpleframework.xml.core.Composite.write(Composite.java:975)
at org.simpleframework.xml.core.Composite.write(Composite.java:952)
at org.simpleframework.xml.core.Traverser.write(Traverser.java:236)
at org.simpleframework.xml.core.Traverser.write(Traverser.java:208)
at org.simpleframework.xml.core.Traverser.write(Traverser.java:186)
at org.simpleframework.xml.core.Persister.write(Persister.java:1180)
at org.simpleframework.xml.core.Persister.write(Persister.java:1162)
at org.simpleframework.xml.core.Persister.write(Persister.java:1140)
at org.simpleframework.xml.core.Persister.write(Persister.java:1259)
at org.apache.openmeetings.db.entity.server.RemoteSessionObject.toXml(RemoteSessionObject.java:143)
at org.apache.openmeetings.webservice.UserWebService.lambda$getRoomHash$4(UserWebService.java:307)
at org.apache.openmeetings.webservice.BaseWebService.performCall(BaseWebService.java:113)
at org.apache.openmeetings.webservice.BaseWebService.performCall(BaseWebService.java:106)
at org.apache.openmeetings.webservice.UserWebService.getRoomHash(UserWebService.java:299)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:193)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:103)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:175)
at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:286)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:84)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:770)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
DEBUG 09-20 08:48:25.168 o.a.o.w.UserWebService:309 [0.0-5080-exec-3] - xmlString <remoteSessionObject>
<username>xxxxxxxxxx</username>
<firstname>Dhanashree</firstname>
<lastname>Kulkarni</lastname>
DEBUG 09-20 08:50:03.694 o.a.o.d.d.s.SessiondataDao:57 [0.0-5080-exec-4] - startsession :: startsession
*ERROR* 09-20 08:50:35.585 o.a.o.d.e.s.RemoteSessionObject:155 [0.0-5080-exec-2] - Unexpected error while restoring object from XML: <remoteSessionObject>
<username>xxxxxxxx</username>
<firstname>Dhanashree</firstname>
<lastname>Kulkarni</lastname>
As the logs say 'externalType' parameter to be null, I also tried adding externalId and externalType parameters while making the request, it still gives 'Access Denied' response.
I think the response/ error message is ambiguous. Needs to be more detailed.
Also the term "external" needs to be explained more in detail in the API description.
Thank you.
Component/s: SOAP/REST API
Issue Type: Improvement (was: Bug)
Summary: Method for room hash generation should return ERROR in case of invalid parameters (was: Access Denied and no rights error when entering the Room using Webservices)
> Method for room hash generation should return ERROR in case of invalid parameters
> ---------------------------------------------------------------------------------
>
> Key: OPENMEETINGS-1937
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-1937
> Project: Openmeetings
> Issue Type: Improvement
> Components: SOAP/REST API
> Affects Versions: 4.0.5
> Reporter: Dhanashree K
> Assignee: Maxim Solodovnik
> Priority: Minor
> Fix For: 4.0.6
>
>
> Currently room hash is being returned even if it is unusable
> Method for hash generation should return ERROR in case hash can't be used for login
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)