Page 1 of 1

Cannot access administration tab after changing role.admin.name

Posted: Wed Apr 28, 2021 8:47 am
by MohamadAli
Hey,

Today I deleted the OpenKM folder from tomcat/webapps by mistake, then after exploding the .war again, I could access OpenKM as admin, but couldnt access administration tab, when I try to do it, I get the following: Unauthorized access.

Openkm was previously connected to AD, and default admin and user roles were changed from ROL_ADMIN and ROL_USER.
In database table okm_role, I have added the new admin role name. In okm_config, it is set to the new name.

However, in appContext.xml, the old role name came back (ROLE_ADMIN), and whenever I change it to the new role name, Openkm would give me 404 error and I cannot access the website anymore.

Any idea about how to fix this?

Re: Cannot access administration tab after changing role.admin.name

Posted: Wed Apr 28, 2021 9:31 am
by MohamadAli
This is the error stack when I change admin role name to the new name in appContext and get the error 404 not found:

Code: Select all

28-Apr-2021 14:20:48.801 WARNING [localhost-startStop-1] org.springframework.context.support.AbstractApplicationContext.refresh Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#9' while setting bean property 'sourceList' with key [9]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#9': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9' while setting constructor argument with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
28-Apr-2021 14:20:48.801 INFO [localhost-startStop-1] org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.destroySingletons Destroying singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@4d342645: defining beans [dbAuthModule,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,authService,bookmarkService,documentService,folderService,mailService,noteService,notificationService,propertyGroupService,propertyService,repositoryService,searchService,dashboardService,workflowService,testService,rest,cmisNavigationService,cmisPolicyService,cmisDiscoveryService,cmisMultiFilingService,cmisRepositoryService,cmisRelationshipService,cmisVersioningService,cmisObjectService,cmisAclService,CmisLifecycleBean,CmisServiceFactory,swagger2Feature,org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor#0,org.springframework.security.methodSecurityMetadataSourceAdvisor,org.springframework.aop.config.internalAutoProxyCreator,roleVoter,org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.NullSecurityContextRepository#0,org.springframework.security.web.savedrequest.NullRequestCache#0,org.springframework.security.access.vote.AffirmativeBased#1,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#0,org.springframework.security.web.PortMapperImpl#1,org.springframework.security.web.PortResolverImpl#1,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#1,org.springframework.security.authentication.ProviderManager#1,org.springframework.security.web.context.NullSecurityContextRepository#1,org.springframework.security.web.savedrequest.NullRequestCache#1,org.springframework.security.access.vote.AffirmativeBased#2,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#1,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#1,org.springframework.security.authentication.AnonymousAuthenticationProvider#1,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#1,org.springframework.security.web.DefaultSecurityFilterChain#1,org.springframework.security.web.PortMapperImpl#2,org.springframework.security.web.PortResolverImpl#2,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#2,org.springframework.security.authentication.ProviderManager#2,org.springframework.security.web.context.NullSecurityContextRepository#2,org.springframework.security.web.savedrequest.NullRequestCache#2,org.springframework.security.access.vote.AffirmativeBased#3,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#2,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#2,org.springframework.security.authentication.AnonymousAuthenticationProvider#2,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#2,org.springframework.security.web.DefaultSecurityFilterChain#2,org.springframework.security.web.PortMapperImpl#3,org.springframework.security.web.PortResolverImpl#3,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#3,org.springframework.security.authentication.ProviderManager#3,org.springframework.security.web.context.NullSecurityContextRepository#3,org.springframework.security.web.savedrequest.NullRequestCache#3,org.springframework.security.access.vote.AffirmativeBased#4,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#3,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#3,org.springframework.security.authentication.AnonymousAuthenticationProvider#3,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#3,org.springframework.security.web.DefaultSecurityFilterChain#3,org.springframework.security.web.PortMapperImpl#4,org.springframework.security.web.PortResolverImpl#4,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#4,org.springframework.security.authentication.ProviderManager#4,org.springframework.security.web.context.NullSecurityContextRepository#4,org.springframework.security.web.savedrequest.NullRequestCache#4,org.springframework.security.access.vote.AffirmativeBased#5,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#4,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#4,org.springframework.security.authentication.AnonymousAuthenticationProvider#4,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#4,org.springframework.security.web.DefaultSecurityFilterChain#4,org.springframework.security.web.PortMapperImpl#5,org.springframework.security.web.PortResolverImpl#5,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#5,org.springframework.security.authentication.ProviderManager#5,org.springframework.security.web.context.NullSecurityContextRepository#5,org.springframework.security.web.savedrequest.NullRequestCache#5,org.springframework.security.access.vote.AffirmativeBased#6,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#5,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#5,org.springframework.security.authentication.AnonymousAuthenticationProvider#5,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#5,org.springframework.security.web.DefaultSecurityFilterChain#5,org.springframework.security.web.PortMapperImpl#6,org.springframework.security.web.PortResolverImpl#6,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#6,org.springframework.security.authentication.ProviderManager#6,org.springframework.security.web.context.NullSecurityContextRepository#6,org.springframework.security.web.savedrequest.NullRequestCache#6,org.springframework.security.access.vote.AffirmativeBased#7,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#6,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#6,org.springframework.security.authentication.AnonymousAuthenticationProvider#6,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#6,org.springframework.security.web.DefaultSecurityFilterChain#6,org.springframework.security.web.PortMapperImpl#7,org.springframework.security.web.PortResolverImpl#7,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#7,org.springframework.security.authentication.ProviderManager#7,org.springframework.security.web.context.NullSecurityContextRepository#7,org.springframework.security.web.savedrequest.NullRequestCache#7,org.springframework.security.access.vote.AffirmativeBased#8,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#7,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#7,org.springframework.security.authentication.AnonymousAuthenticationProvider#7,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#7,org.springframework.security.web.DefaultSecurityFilterChain#7,org.springframework.security.web.PortMapperImpl#8,org.springframework.security.web.PortResolverImpl#8,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#8,org.springframework.security.authentication.ProviderManager#8,org.springframework.security.web.context.NullSecurityContextRepository#8,org.springframework.security.web.savedrequest.NullRequestCache#8,org.springframework.security.access.vote.AffirmativeBased#9,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#8,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#8,org.springframework.security.authentication.AnonymousAuthenticationProvider#8,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#8,org.springframework.security.web.DefaultSecurityFilterChain#8,org.springframework.security.web.PortMapperImpl#9,org.springframework.security.web.PortResolverImpl#9,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#9,org.springframework.security.authentication.ProviderManager#9,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#9,org.springframework.security.authentication.AnonymousAuthenticationProvider#9,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.web.DefaultSecurityFilterChain#9,accessDecisionManager,loggerListener,dataSource,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager,contextSource,ldapAuthProvider,userSearch,org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor]; root of factory hierarchy
28-Apr-2021 14:20:48.816 SEVERE [localhost-startStop-1] org.springframework.web.context.ContextLoader.initWebApplicationContext Context initialization failed
 org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#9' while setting bean property 'sourceList' with key [9]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#9': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9' while setting constructor argument with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:334)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:358)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1419)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1160)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:620)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:942)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4792)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5256)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:754)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:730)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:985)
	at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1857)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#9': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9' while setting constructor argument with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:334)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:358)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:637)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1077)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:981)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
	... 30 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1514)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
	... 44 more
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:156)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1573)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1511)
	... 51 more

Re: Cannot access administration tab after changing role.admin.name

Posted: Fri Apr 30, 2021 5:36 pm
by jllort
Try modifying the appcontext.xml in this manner ( I share only a section of the XML ):

Code: Select all

<security:global-method-security secured-annotations="enabled"/>
    
    <!-- Remove prefix to be able of use custom roles -->
    <beans:bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
        <beans:property name="rolePrefix" value="G-UZA-GS--"/>
    </beans:bean> 
    
    <!-- Status -->
    <security:http pattern="/Status" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http>
if all the roles will start with G-UZA-GS- then add "G-UZA-GS-", if will start with "G-" then add "G-", another option is to set empty ""

Re: Cannot access administration tab after changing role.admin.name

Posted: Fri Apr 30, 2021 5:37 pm
by jllort
If not working share your appContext.xml and we'll take a look at it.

Re: Cannot access administration tab after changing role.admin.name

Posted: Mon May 03, 2021 4:13 am
by MohamadAli
its working now, I set rolePrefix to "" and admin role name to the full GS-UZA-GS-OpenKM_ADMINS.

Thank you very much :)