Jmix 1.41 - new users are not able to login

bitsoft · December 3, 2022, 4:21pm

Hello everybody, I encountered a strange behaviour of my Application. After upgrading to 1.40 and then 1.41 newly assigned users (regardless which roles assigned) can not log into the application anymore. Simple message ist “Access denied”. Users assigned with the application build prior to 1.4.0 work as expected. Any idea what this could be?

I found some hints towards the new property setting “jmix.core.current-authentication-user-reload-enabled=false” but it resulted not in a positive result either.

Thx for your assistance

best regards

Michael

krivopustov · December 6, 2022, 8:48am

Hi Michael

Do you see any messages from io.jmix.core.AccessLogger in the console?
If not, check that your application.properties file contains this line:

# 'debug' level logs access control constraints
logging.level.io.jmix.core.AccessLogger = debug

bitsoft · December 6, 2022, 12:41pm

Hi Konstantin, thx for your assistance. Here is what the logging states:

2022-12-06 13:30:11.785 DEBUG 22324 — [io-8080-exec-10] io.jmix.core.AccessLogger : Denied access to [ui.loginToUi] for user [Kunde2] by io.jmix.security.impl.constraint.SpecificConstraintImpl
2022-12-06 13:30:11.786 WARN 22324 — [io-8080-exec-10] i.j.s.authentication.LoginScreenSupport : Attempt of login to UI for user ‘Kunde2’ without ‘ui.loginToUi’ permission
2022-12-06 13:30:11.797 ERROR 22324 — [io-8080-exec-10] i.j.s.i.h.AccessDeniedExceptionHandler : resource: ui.loginToUi, type: specific, action: null

After changing the password for a user which was previously working, I encountered the same problems and here is what the log states:

2022-12-06 13:37:47.422 WARN 22324 — [nio-8080-exec-6] com.vaadin.spring.internal.BeanStore : Storing non-serializable bean [io.jmix.ui.sys.ScreensImpl@3f1c5653] with name [ui_Screens] in [UIBeanStore[id=42563552, name=UI:0]]
2022-12-06 13:37:47.422 WARN 22324 — [nio-8080-exec-6] com.vaadin.spring.internal.BeanStore : Storing non-serializable bean [io.jmix.ui.navigation.WebUrlRouting@4c321d6f] with name [ui_UrlRouting] in [UIBeanStore[id=42563552, name=UI:0]]
2022-12-06 13:37:47.426 WARN 22324 — [nio-8080-exec-6] com.vaadin.spring.internal.BeanStore : Storing non-serializable bean [io.jmix.ui.JmixApp@74529cf0] with name [ui_App] in [SessionAwareBeanStore[id=75a45bc9, name=Session:A32A55CF3DCF6DBDD48C9CA034DAD8B2]]
2022-12-06 13:37:47.427 WARN 22324 — [nio-8080-exec-6] com.vaadin.spring.internal.BeanStore : Storing non-serializable bean [io.jmix.ui.exception.FileStorageExceptionHandler@4461d1bc] with name [ui_FileStorageExceptionHandler] in [UIBeanStore[id=42563552, name=UI:0]]
2022-12-06 13:37:47.433 WARN 22324 — [nio-8080-exec-6] com.vaadin.spring.internal.BeanStore : Storing non-serializable bean [io.jmix.ui.sys.DialogsImpl@5eeba92d] with name [ui_Dialogs] in [UIBeanStore[id=42563552, name=UI:0]]
2022-12-06 13:37:47.435 WARN 22324 — [nio-8080-exec-6] com.vaadin.spring.internal.BeanStore : Storing non-serializable bean [io.jmix.ui.sys.NotificationsImpl@731932e9] with name [ui_Notifications] in [UIBeanStore[id=42563552, name=UI:0]]
2022-12-06 13:37:47.435 WARN 22324 — [nio-8080-exec-6] com.vaadin.spring.internal.BeanStore : Storing non-serializable bean [io.jmix.ui.sys.FragmentsImpl@f4d4f67] with name [ui_Fragments] in [UIBeanStore[id=42563552, name=UI:0]]
2022-12-06 13:37:47.435 WARN 22324 — [nio-8080-exec-6] com.vaadin.spring.internal.BeanStore : Storing non-serializable bean [io.jmix.ui.sys.WebBrowserToolsImpl@cec2d62] with name [ui_WebBrowserTools] in [UIBeanStore[id=42563552, name=UI:0]]
2022-12-06 13:37:47.445 WARN 22324 — [nio-8080-exec-6] com.vaadin.spring.internal.BeanStore : Storing non-serializable bean [io.jmix.ui.navigation.WebHistory@715d1103] with name [ui_History] in [UIBeanStore[id=42563552, name=UI:0]]
2022-12-06 13:37:47.446 WARN 22324 — [nio-8080-exec-6] com.vaadin.spring.internal.BeanStore : Storing non-serializable bean [io.jmix.ui.navigation.UrlChangeHandler@757007e9] with name [ui_UrlChangeHandler] in [UIBeanStore[id=42563552, name=UI:0]]
2022-12-06 13:37:47.780 WARN 22324 — [nio-8080-exec-5] org.atmosphere.util.IOUtils : More than one Servlet Mapping defined. WebSocket may not work org.apache.catalina.core.ApplicationServletRegistration@9a4356f
2022-12-06 13:37:56.529 DEBUG 22324 — [nio-8080-exec-8] io.jmix.core.AccessLogger : Denied access to [ui.loginToUi] for user [Kunde1] by io.jmix.security.impl.constraint.SpecificConstraintImpl
2022-12-06 13:37:56.529 WARN 22324 — [nio-8080-exec-8] i.j.s.authentication.LoginScreenSupport : Attempt of login to UI for user ‘Kunde1’ without ‘ui.loginToUi’ permission
2022-12-06 13:37:56.530 ERROR 22324 — [nio-8080-exec-8] i.j.s.i.h.AccessDeniedExceptionHandler : resource: ui.loginToUi, type: specific, action: null

thx in advance,

Michael

krivopustov · December 6, 2022, 1:04pm

Looks like user Kunde2 does not have the UI: minimal access role. See an example of assigning roles here.

bitsoft · December 6, 2022, 3:00pm

Hello Konstantin, that was the trick. I have overseen the requirement " The UI: minimal access role is required for the user to log in to the application UI. You can investigate its contents by opening the role in the Resource roles screen or finding the UiMinimalRole class in the IDE."

Thx again!

happy coding

Michael