[ Cyclos 3.6 ] Application error when it should not be

Bug and problem reporting

Moderators: hugo, alexandre, rmvanarkel

Post Reply
timreeves
Posts: 54
Joined: Fri Feb 12, 2010 8:30 am

[ Cyclos 3.6 ] Application error when it should not be

Post by timreeves »

Hi people,

we have public registration with confirmation of the eMail address. Upon confirmation the profile goes into a holding group for pending registrations, since we require other formalities to be met before the user is assigned to an active group. Logging in is not allowed for the holding group, but of course many impatient users try to anyway.

What then should happen imho is that Cyclos should kindly say that logging in is not permitted in your user group. What actually happens is an application error, culminating in:

nl.strohalm.cyclos.exceptions.PermissionDeniedException
at nl.strohalm.cyclos.services.access.AccessServiceImpl.verifyLogin(AccessServiceImpl.java:1074)
at nl.strohalm.cyclos.services.access.AccessServiceSecurity.verifyLogin(AccessServiceSecurity.java:357)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at nl.strohalm.cyclos.spring.ServiceSecurityProxyInvocationHandler.invoke(ServiceSecurityProxyInvocationHandler.java:65)
at $Proxy13.verifyLogin(Unknown Source)

This is annoying because the flood of application errors has forced me to switch off eMail notification of application errors - not something I wanted to do, I would like to get a mail if there is any REAL error. So can something be done about this?

Thanks, cheers, Tim

admin
Site Admin
Posts: 1423
Joined: Mon Jan 24, 2005 10:31 am

Post by admin »

We tried to reproduce this but without luck.
We configured a group, set it as 'initial' group with the option "E-mail validation" - On public registration only.
When the member tries to login without confirming the registration it gets a normal error box with 'invalid login' message. It must be a configuration error.
Still it should not generate an application error. But from the error we cannot see what is going on.

sedat.de
Posts: 30
Joined: Fri Jul 03, 2009 1:35 pm
Location: Germany

Post by sedat.de »

I think, what Tim described is the situation, that the new user already confirmed his email address and is now in some group with confirmed email but still without possibility to login.

After confirming the email account, so he decsribes, the user stays in some user group awaiting confirmation by administration. Only after administration moved the user to the active users group, the user can log in.

What happens on your system when a user (with confirmed email) is moved into a group without permittance to login? Does he see a kind warning that he can not login, or do you see a system failure as well?

Best regards
Oliver

timreeves
Posts: 54
Joined: Fri Feb 12, 2010 8:30 am

Some clarification

Post by timreeves »

Hi,

and many thanks for trying the config, and to Oliver for explaining some more. I think Oliver explained it pretty well, let me just add this:

The public registration initially leads to a profile with no group assigned, we have called it "Pending (unconfirmed)". When the user confirms the Email, the profile is assigned to a real group, the start group, called "Pending (confirmed)". This group has ALL permissions and communication channels switched off, because we have various formalities stipulated which must be checked out and some values entered by our back-office team. They then move the account into an appropriate active group (we have four). The new member then receives the automatic welcoming eMail. As stated, it all works fine, except that impatient would-be members keep causing the application error.

Oh and another thing for the wish list: Sometimes a user registers the account themselves, but sometimes the back-office team will do it, i.e. when the user did not do it before filling in our paperwork. Unfortunately, Cyclos only provides the same one eMail for both cases. It would be much easier for me to have two, each with an exact and appropriate text body.

Again, many thanks! Tim

admin
Site Admin
Posts: 1423
Joined: Mon Jan 24, 2005 10:31 am

Post by admin »

Hi Tim,

We tried various configurations but still cannot reproduce the (application) error.
It would help if you can reproduce it with the standard (default) database.

timreeves
Posts: 54
Joined: Fri Feb 12, 2010 8:30 am

Re: [ Cyclos 3.6 ] Application error when it should not be

Post by timreeves »

Again many thanks for trying to reproduce the bug. I'm snowed under with work at the moment so can't try to reproduce on a vanilla, all I can do right now is to post the complete error message in the hope that it may give a clue:

Code: Select all

Datum 	12.02.2012 18:59:09
Angemeldete Benutzer 	Kein Benutzer angemeldet
Pfad 	/rewigmuenchen/do/login
Abfrageparameter 	
operatorLogin= false
password= ***
principal= Oliver-Sachs
principalType= USER
Java Fehlerdetails 	
nl.strohalm.cyclos.exceptions.PermissionDeniedException
at nl.strohalm.cyclos.services.access.AccessServiceImpl.verifyLogin(AccessServiceImpl.java:1074)
at nl.strohalm.cyclos.services.access.AccessServiceSecurity.verifyLogin(AccessServiceSecurity.java:357)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at nl.strohalm.cyclos.spring.ServiceSecurityProxyInvocationHandler.invoke(ServiceSecurityProxyInvocationHandler.java:65)
at $Proxy13.verifyLogin(Unknown Source)
at nl.strohalm.cyclos.utils.LoginHelper.login(LoginHelper.java:128)
at nl.strohalm.cyclos.controls.access.LoginAction.doLogin(LoginAction.java:115)
at nl.strohalm.cyclos.controls.access.LoginAction.handleSubmit(LoginAction.java:194)
at nl.strohalm.cyclos.controls.BasePublicFormAction.executeAction(BasePublicFormAction.java:55)
at nl.strohalm.cyclos.controls.BasePublicAction.execute(BasePublicAction.java:79)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
at nl.strohalm.cyclos.struts.CyclosRequestProcessor.doExecuteAction(CyclosRequestProcessor.java:452)
at nl.strohalm.cyclos.struts.CyclosRequestProcessor.processActionPerform(CyclosRequestProcessor.java:274)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
at nl.strohalm.cyclos.struts.CyclosRequestProcessor.process(CyclosRequestProcessor.java:141)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at nl.strohalm.cyclos.http.LoggedUserFilter.execute(LoggedUserFilter.java:90)
at nl.strohalm.cyclos.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at nl.strohalm.cyclos.http.RequestProcessingFilter.execute(RequestProcessingFilter.java:74)
at nl.strohalm.cyclos.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at nl.strohalm.cyclos.http.SanitizerFilter.execute(SanitizerFilter.java:66)
at nl.strohalm.cyclos.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:291)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
at java.lang.Thread.run(Thread.java:679) 
Cheers, Tim

admin
Site Admin
Posts: 1423
Joined: Mon Jan 24, 2005 10:31 am

Re: [ Cyclos 3.6 ] Application error when it should not be

Post by admin »

Hi Tim,

Ok we found it. The report was a bit confusing. The user is actually presented an error, and it also generates an app error. So a bug indeed. We will provide a fix with the coming update.
Thanks for insisting on this.

Hugo

Post Reply