Jmix 2.1 User authorization

Hi
I have created a role to authorize access to a menu (alm_TestExecution.list) . Also added “UI: minimal access” to the user authorization. When I try to log in using the new user assigned with this role, I get the following error:

2023-11-06T00:56:26.961-05:00 DEBUG 96768 --- [nio-8080-exec-6] io.jmix.core.AccessLogger                : Denied access to [view: alm_MainView] for user [aminul] by io.jmix.securityflowui.constraint.UiShowViewConstraint
2023-11-06T00:56:30.828-05:00 DEBUG 96768 --- [nio-8080-exec-7] io.jmix.core.AccessLogger                : Denied access to [view: alm_TestExecution.list] for user [aminul] by io.jmix.securityflowui.constraint.UiShowViewConstraint
2023-11-06T00:56:33.689-05:00 DEBUG 96768 --- [io-8080-exec-10] io.jmix.core.AccessLogger                : Denied access to [view: alm_Organization.list] for user [aminul] by io.jmix.securityflowui.constraint.UiShowViewConstraint
2023-11-06T00:56:36.183-05:00 DEBUG 96768 --- [nio-8080-exec-3] io.jmix.core.AccessLogger                : Denied access to [view: alm_Requirement.list] for user [aminul] by io.jmix.securityflowui.constraint.UiShowViewConstraint
2023-11-06T00:56:36.949-05:00 DEBUG 96768 --- [nio-8080-exec-2] io.jmix.core.AccessLogger                : Denied access to [view: alm_ResourceGroup.list] for user [aminul] by io.jmix.securityflowui.constraint.UiShowViewConstraint
2023-11-06T00:56:40.969-05:00 DEBUG 96768 --- [nio-8080-exec-3] io.jmix.core.AccessLogger                : Denied access to [view: alm_Workstream.list] for user [aminul] by io.jmix.securityflowui.constraint.UiShowViewConstraint
2023-11-06T00:56:42.541-05:00 DEBUG 96768 --- [nio-8080-exec-5] io.jmix.core.AccessLogger                : Denied access to [view: alm_ResourcePerson.list] for user [aminul] by io.jmix.securityflowui.constraint.UiShowViewConstraint
2023-11-06T00:56:47.976-05:00 DEBUG 96768 --- [nio-8080-exec-7] io.jmix.core.AccessLogger                : Denied access to [view: alm_TestCase.list] for user [aminul] by io.jmix.securityflowui.constraint.UiShowViewConstraint
2023-11-06T00:56:52.699-05:00 DEBUG 96768 --- [nio-8080-exec-6] io.jmix.core.AccessLogger                : Denied access to [view: alm_TestExecution.list] for user [aminul] by io.jmix.securityflowui.constraint.UiShowViewConstraint
2023-11-06T00:57:06.188-05:00  WARN 96768 --- [nio-8080-exec-6] io.jmix.flowui.menu.ListMenuBuilder      : Menu bar item 'mnuTestPlan' is skipped as it does not have children
2023-11-06T00:59:13.089-05:00 ERROR 96768 --- [phere-Shared-17] c.v.f.s.c.PushAtmosphereHandler          : Exception in push connection

java.io.IOException: Connection remotely closed for 55f19fb4-9c8f-44d3-976e-53bbeda3c060
	at org.atmosphere.websocket.WebSocket.write(WebSocket.java:237) ~[atmosphere-runtime-3.0.3.slf4jvaadin1.jar:3.0.3.slf4jvaadin1]
	at org.atmosphere.websocket.WebSocket.write(WebSocket.java:227) ~[atmosphere-runtime-3.0.3.slf4jvaadin1.jar:3.0.3.slf4jvaadin1]
	at org.atmosphere.websocket.WebSocket.write(WebSocket.java:48) ~[atmosphere-runtime-3.0.3.slf4jvaadin1.jar:3.0.3.slf4jvaadin1]
	at org.atmosphere.cpr.AtmosphereResponseImpl$Stream.write(AtmosphereResponseImpl.java:955) ~[atmosphere-runtime-3.0.3.slf4jvaadin1.jar:3.0.3.slf4jvaadin1]
	at org.atmosphere.handler.AbstractReflectorAtmosphereHandler.onStateChange(AbstractReflectorAtmosphereHandler.java:154) ~[atmosphere-runtime-3.0.3.slf4jvaadin1.jar:3.0.3.slf4jvaadin1]
	at com.vaadin.flow.server.communication.PushAtmosphereHandler.onStateChange(PushAtmosphereHandler.java:54) ~[flow-server-24.1.12.jar:24.1.12]
	at org.atmosphere.cpr.DefaultBroadcaster.invokeOnStateChange(DefaultBroadcaster.java:1036) ~[atmosphere-runtime-3.0.3.slf4jvaadin1.jar:3.0.3.slf4jvaadin1]
	at org.atmosphere.cpr.DefaultBroadcaster.prepareInvokeOnStateChange(DefaultBroadcaster.java:1056) ~[atmosphere-runtime-3.0.3.slf4jvaadin1.jar:3.0.3.slf4jvaadin1]
	at org.atmosphere.cpr.DefaultBroadcaster.executeAsyncWrite(DefaultBroadcaster.java:870) ~[atmosphere-runtime-3.0.3.slf4jvaadin1.jar:3.0.3.slf4jvaadin1]
	at org.atmosphere.cpr.DefaultBroadcaster$2.run(DefaultBroadcaster.java:477) ~[atmosphere-runtime-3.0.3.slf4jvaadin1.jar:3.0.3.slf4jvaadin1]
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ~[na:na]
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na]
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[na:na]
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[na:na]
	at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]

2023-11-06T00:59:23.783-05:00 DEBUG 96768 --- [nio-8080-exec-4] io.jmix.core.AccessLogger                : Denied access to [view: alm_MainView] for user [aminul] by io.jmix.securityflowui.constraint.UiShowViewConstraint

Hello Mortoza!

Do you use 2.1.0 or RC version? I’ve created 2.1.0 project and the problem is not reproduced. Did you migrate the project from the previous versions?

Could you check that your UiMinimalRole contains access to alm_MainView?

Hi
My project was created in RC2.1 but already migrated to Jmix 2.1.0 before reporting this problem (Studio v 2.1RC1).

Yes, see below the UI: minimal access role that has access to alm_MainView:

I think I found the problem where is this coming from, as follows:

Here is my current structure of roles parent-child relation as follows. I have assigned this PROCESS_ROLE_UAT_EXECUTOR role to the user and it’s not working.

Now I have moved the assigned role “UI: minimal access” directly to the user (though apparently this shouldn’t make any difference) instead of putting this as a child role.

Here is how it looks when logged in, the error disappeared and the application is running for this user but no menu contents:

Now I have moved the Child roles “UAT_…” to the user directly.

And it works!

This proves the new version 2.1 is not reading from Child Roles.

Thank you for reporting the problem! I’ve created an issue: Permissions from child roles are not applied in DB roles · Issue #2443 · jmix-framework/jmix · GitHub