User access (2.1.1): Access denied

mortoza_khan · December 21, 2023, 11:28pm

Hi
I am having some issues when trying to log in with a new user ID. The user has the following credentials that should have been enough to log in:

The datatools-entity-info allows access to main-view but, please have a look at the error message below, it seems the security is not allowing though.

I’m getting the following “Access denied” message:

: Denied access to [menu item: datatl_entityInspectorListView] for user [005914] by io.jmix.securityflowui.constraint.UiMenuConstraint
2023-12-21T18:13:22.287-05:00 DEBUG 83025 --- [nio-8080-exec-1] io.jmix.core.AccessLogger                : Denied access to [menu item: mten_Tenant.list] for user [005914] by io.jmix.securityflowui.constraint.UiMenuConstraint
2023-12-21T18:13:22.288-05:00 DEBUG 83025 --- [nio-8080-exec-1] io.jmix.core.AccessLogger                : Denied access to [menu item: appSettings.view] for user [005914] by io.jmix.securityflowui.constraint.UiMenuConstraint
2023-12-21T18:13:22.289-05:00 DEBUG 83025 --- [nio-8080-exec-1] io.jmix.core.AccessLogger                : Denied access to [menu item: entityLog.view] for user [005914] by io.jmix.securityflowui.constraint.UiMenuConstraint
2023-12-21T18:13:22.289-05:00 DEBUG 83025 --- [nio-8080-exec-1] io.jmix.core.AccessLogger                : Denied access to [menu item: userSession.view] for user [005914] by io.jmix.securityflowui.constraint.UiMenuConstraint
2023-12-21T18:13:22.289-05:00 DEBUG 83025 --- [nio-8080-exec-1] io.jmix.core.AccessLogger                : Denied access to [menu item: quartz_JobModel.list] for user [005914] by io.jmix.securityflowui.constraint.UiMenuConstraint
2023-12-21T18:13:22.289-05:00 DEBUG 83025 --- [nio-8080-exec-1] io.jmix.core.AccessLogger                : Denied access to [menu item: sys_LockInfo.list] for user [005914] by io.jmix.securityflowui.constraint.UiMenuConstraint
2023-12-21T18:13:23.498-05:00  INFO 83025 --- [nio-8080-exec-1] i.j.f.c.error.JmixInternalServerError    : Cannot navigate to the parent layout com.inteacc.main.view.main.MainView

I’m using al latest edition of V2.1.1

krivopustov · December 26, 2023, 12:40pm

There is no information about denied access to MainView in the log messages that you provided.
Maybe there is another reason?

mortoza_khan · December 26, 2023, 3:13pm

Yes, but this is strange. How can I get the required log, any suggestions? It works when the user has full access.

krivopustov · December 26, 2023, 3:25pm

Check that your UiMinimalRole gives access to the main view. These identifiers should match:

UiMinimalRole.java: @ViewPolicy(viewIds = "MainView")
MainView.java: @ViewController("MainView")

mortoza_khan · December 26, 2023, 5:08pm

Here is what I have (it was generated by the studio) and it matches with your code

@ResourceRole(name = "Flow UI: minimal access", code = UiMinimalRole.CODE, scope = SecurityScope.UI)
public interface UiMinimalRole {

    String CODE = "flowui-minimal";

    @ViewPolicy(viewIds = "MainView")
    void main();

    @ViewPolicy(viewIds = "LoginView")
    @SpecificPolicy(resources = "ui.loginToUi")
    void login();

    @EntityPolicy(entityClass = KeyValueEntity.class, actions = EntityPolicyAction.READ)
    @EntityAttributePolicy(entityClass = KeyValueEntity.class, attributes = "*", action = EntityAttributePolicyAction.VIEW)
    void keyValueEntity();
}

And

@Route("")
@ViewController("MainView")
@ViewDescriptor("main-view.xml")
public class MainView extends StandardMainView {

FYI, this is a composite project

gorelov · December 27, 2023, 11:05am

Hi,

mortoza_khan:

2023-12-21T18:13:23.498-05:00  INFO 83025 --- [nio-8080-exec-1] i.j.f.c.error.JmixInternalServerError    : Cannot navigate to the parent layout com.inteacc.main.view.main.MainView

This log message comes from io.jmix.flowui.component.error.JmixInternalServerError#forwardToPreviousView method, so I’d recommend debug it. Also, io.jmix.flowui.component.error.JmixInternalServerError#setErrorParameter method that invokes the prev one, contains information about actual exception. Makes sense debug it too.

Unfortunately, this is all I can suggest without more detailed information.

Regards,
Gleb

mortoza_khan · December 27, 2023, 4:55pm

Hi Gleb
Thanks for your comments. But it looks like the message is coming from Jmix component and wondering if this can be better diagnosed by someone expert from Jmix?

gorelov · December 28, 2023, 6:50am

Unfortunately, I can’t reproduce the issue. Could you please attach a demo project that reproduces it?

Regards,
Gleb

mortoza_khan · May 3, 2024, 6:29am

Hi Gleb
Sorry for coming back again on this topic. I was busy migrating two of my large projects from legacy to Jmix 2 through the journey of redevelopment and I had no other option but to push this topic to later time as a priority. Now its become urgent for me to address and would appreciate your help.

Let me explain my project structure first.

This is a composite project that has more than 10 add-on modules. The security is not in the main project but another add-on since I need users and some add-on Entities to some extent.

Here is the structure looks like:

As you notice I have moved the user to an addon (myappmdg) including the security package.

You requested me a sample project but I created a sample composite where the security and user entities remained in the main project and that works fine but I need to have the user/security moved to the addon myappmdg. It may be the reason but need you expert help.

2024-05-03T02:18:01.476-04:00  INFO 59997 --- [nio-8080-exec-4] i.j.f.c.error.JmixInternalServerError    : Cannot navigate to the parent layout com.inteacc.main.view.main.MainView

Here are the related codes:

MainView.java

@Route("")
@ViewController("MainView")
@ViewDescriptor("main-view.xml")
public class MainView extends StandardMainView {


security file in myappmdg addon. UiMinimalRole

@ResourceRole(name = “Flow UI: minimal access”, code = UiMinimalRole.CODE, scope = SecurityScope.UI)
public interface UiMinimalRole {

String CODE = "flowui-minimal";

@ViewPolicy(viewIds = "MainView")
void main();

@ViewPolicy(viewIds = "LoginView")
@SpecificPolicy(resources = "ui.loginToUi")
void login();

@EntityPolicy(entityClass = KeyValueEntity.class, actions = EntityPolicyAction.READ)
@EntityAttributePolicy(entityClass = KeyValueEntity.class, attributes = "*", action = EntityAttributePolicyAction.VIEW)
void keyValueEntity();

}


main-view.xml

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<mainView xmlns="http://jmix.io/schema/flowui/main-view"
          title="msg://MainView.title">
    <actions>
        <action id="logout" type="logout"/>
    </actions>

LoginView.java

@Route(value = "login")
@ViewController("LoginView")
@ViewDescriptor("login-view.xml")
public class LoginView extends StandardView implements LocaleChangeObserver {

myappmdg.gradle

archivesBaseName = 'myappmdg'

dependencies {
    implementation 'io.jmix.core:jmix-core-starter'
    implementation 'io.jmix.pessimisticlock:jmix-pessimisticlock-starter'
    implementation 'io.jmix.pessimisticlock:jmix-pessimisticlock-flowui-starter'
    implementation 'io.jmix.data:jmix-eclipselink-starter'
    implementation 'io.jmix.flowui:jmix-flowui-starter'
    implementation 'io.jmix.flowui:jmix-flowui-data-starter'
    implementation 'io.jmix.flowui:jmix-flowui-themes'

    implementation 'io.jmix.security:jmix-security-flowui-starter'
    implementation 'io.jmix.security:jmix-security-data-starter'

    testImplementation('org.springframework.boot:spring-boot-starter-test') {
        exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
    }
    testImplementation 'org.springframework.boot:spring-boot-starter-web'

    testRuntimeOnly 'org.hsqldb:hsqldb'

    api 'io.jmix.audit:jmix-audit-starter'
    api 'io.jmix.audit:jmix-audit-flowui-starter'
    api 'io.jmix.appsettings:jmix-appsettings-flowui-starter'
    api 'io.jmix.appsettings:jmix-appsettings-starter'
    api 'io.jmix.reports:jmix-reports-rest-starter'
    api 'io.jmix.reports:jmix-reports-flowui-starter'
    api 'io.jmix.reports:jmix-reports-starter'
    api 'io.jmix.email:jmix-email-starter'
    api 'io.jmix.email:jmix-email-flowui-starter'
    api 'io.jmix.rest:jmix-rest-starter'
    api 'io.jmix.authserver:jmix-authserver-starter'
}

test {
    useJUnitPlatform()
}

I can only log in using the full access. Users without full access can not log in, get “access denied”.
Do you see anything not right and can you please help?

gorelov · May 3, 2024, 7:18am

Hi,

Unfortunately, in your code snippets I don’t see any issues. As I was saying above, you need either debug io.jmix.flowui.component.error.JmixInternalServerError#forwardToPreviousView and io.jmix.flowui.component.error.JmixInternalServerError#setErrorParameter or provide a demo project, so I can debug it.

Regards,
Gleb

mortoza_khan · May 3, 2024, 4:02pm

Hi @gorelov
Thanks for your prompt response.
I tried to debug but I’m lost where to go… Here is the debut output if this helps

I have attached a demo program I created.
mycomposite.zip (1.9 MB)

Looking forward to your help.

mortoza_khan · May 20, 2024, 7:29am

Hi Gleb @gorelov
Do you have any update for me in this regard? I am eagerly waiting for your kind help.

gorelov · May 20, 2024, 8:04am

Sorry for a long reply! I’ve tried your project, but I couldn’t start it. Could you please, double check is everything configured correctly? Also, please provide steps to reproduce the original issue, what user should I use, what role should they have etc.

Regards,
Gleb

mortoza_khan · May 21, 2024, 7:15am

Hi Gleb
Thank you for reverting, despite your busy schedule.

I have modified my project to make it small and attached.
mycomposite.zip (1.9 MB)

When I run I get the following screen after log in:

You just create a role e.g. role1 and assign the Account screen & min UI role. After you create a new user with this role, you will be able to reproduce the error after login.

gorelov · May 21, 2024, 8:49am

I still cannot start the project

Description:

Field userRepository in io.jmix.security.SecurityConfiguration required a bean of type 'io.jmix.core.security.UserRepository' that could not be found.

The injection point has the following annotations:
	- @org.springframework.beans.factory.annotation.Autowired(required=true)

If I try to compile myapphr I get:

> Task :myapphr:compileJava FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':myapphr:compileJava'.
> javassist.NotFoundException: io.jmix.securitydata.entity.RowLevelPolicyEntity

Could you please, double check is everything configured correctly?

Regards,
Gleb

mortoza_khan · May 21, 2024, 2:25pm

Hi Gleb
Did you check the last sample I have provided? Because I can run it. You will have to connect to a SQL server database I guess.

Note that, in this composite project, the security file is located in an addon (inteaccmdg) which is required for the project. I see in your exception log, that there is some issue related to Security but I don’t know the solution!

To replicate the issues, you create a new role for any specific menu/screen and assigit to a new user. When you will log in using this new user, you will get the error.

gorelov · May 23, 2024, 7:12am

Yes, I tried the latest project you attached. Still no luck

mortoza_khan · May 24, 2024, 5:29am

Hi Gleb
I have sent you the project with a connection to my database so that you don’t need to face in login issues. Please check your email info at jmix.io or support at jmix.io, sent view wetransfer.com

When you please run it, it will connect to my VPS database and your is: user1, pass: user1
This user has one menu item access. I tried this user and after login, you will see the look of the side menu something similar to what I have shared earlier.

Admin user pass is admin that works just fine, the only problem is when the user doesn’t have full access.

Looking forward to your suggestion for fixing this issue.

mortoza_khan · May 28, 2024, 5:45am

Hi Gleb
Did you receive the project files and any updates for me?

regards

gorelov · May 28, 2024, 10:35am

I tried to download a project from the link you sent several times, but it always stops on 3%.