• Cannot access administration tab after changing role.admin.name

  • Problems with installing OpenKM? No problemo, the solution is closer than you think.
Problems with installing OpenKM? No problemo, the solution is closer than you think.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #52329  by MohamadAli
 
Hey,

Today I deleted the OpenKM folder from tomcat/webapps by mistake, then after exploding the .war again, I could access OpenKM as admin, but couldnt access administration tab, when I try to do it, I get the following: Unauthorized access.

Openkm was previously connected to AD, and default admin and user roles were changed from ROL_ADMIN and ROL_USER.
In database table okm_role, I have added the new admin role name. In okm_config, it is set to the new name.

However, in appContext.xml, the old role name came back (ROLE_ADMIN), and whenever I change it to the new role name, Openkm would give me 404 error and I cannot access the website anymore.

Any idea about how to fix this?
 #52330  by MohamadAli
 
This is the error stack when I change admin role name to the new name in appContext and get the error 404 not found:
Code: Select all
28-Apr-2021 14:20:48.801 WARNING [localhost-startStop-1] org.springframework.context.support.AbstractApplicationContext.refresh Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#9' while setting bean property 'sourceList' with key [9]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#9': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9' while setting constructor argument with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
28-Apr-2021 14:20:48.801 INFO [localhost-startStop-1] org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.destroySingletons Destroying singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@4d342645: defining beans [dbAuthModule,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,authService,bookmarkService,documentService,folderService,mailService,noteService,notificationService,propertyGroupService,propertyService,repositoryService,searchService,dashboardService,workflowService,testService,rest,cmisNavigationService,cmisPolicyService,cmisDiscoveryService,cmisMultiFilingService,cmisRepositoryService,cmisRelationshipService,cmisVersioningService,cmisObjectService,cmisAclService,CmisLifecycleBean,CmisServiceFactory,swagger2Feature,org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor#0,org.springframework.security.methodSecurityMetadataSourceAdvisor,org.springframework.aop.config.internalAutoProxyCreator,roleVoter,org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.NullSecurityContextRepository#0,org.springframework.security.web.savedrequest.NullRequestCache#0,org.springframework.security.access.vote.AffirmativeBased#1,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#0,org.springframework.security.web.PortMapperImpl#1,org.springframework.security.web.PortResolverImpl#1,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#1,org.springframework.security.authentication.ProviderManager#1,org.springframework.security.web.context.NullSecurityContextRepository#1,org.springframework.security.web.savedrequest.NullRequestCache#1,org.springframework.security.access.vote.AffirmativeBased#2,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#1,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#1,org.springframework.security.authentication.AnonymousAuthenticationProvider#1,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#1,org.springframework.security.web.DefaultSecurityFilterChain#1,org.springframework.security.web.PortMapperImpl#2,org.springframework.security.web.PortResolverImpl#2,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#2,org.springframework.security.authentication.ProviderManager#2,org.springframework.security.web.context.NullSecurityContextRepository#2,org.springframework.security.web.savedrequest.NullRequestCache#2,org.springframework.security.access.vote.AffirmativeBased#3,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#2,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#2,org.springframework.security.authentication.AnonymousAuthenticationProvider#2,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#2,org.springframework.security.web.DefaultSecurityFilterChain#2,org.springframework.security.web.PortMapperImpl#3,org.springframework.security.web.PortResolverImpl#3,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#3,org.springframework.security.authentication.ProviderManager#3,org.springframework.security.web.context.NullSecurityContextRepository#3,org.springframework.security.web.savedrequest.NullRequestCache#3,org.springframework.security.access.vote.AffirmativeBased#4,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#3,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#3,org.springframework.security.authentication.AnonymousAuthenticationProvider#3,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#3,org.springframework.security.web.DefaultSecurityFilterChain#3,org.springframework.security.web.PortMapperImpl#4,org.springframework.security.web.PortResolverImpl#4,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#4,org.springframework.security.authentication.ProviderManager#4,org.springframework.security.web.context.NullSecurityContextRepository#4,org.springframework.security.web.savedrequest.NullRequestCache#4,org.springframework.security.access.vote.AffirmativeBased#5,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#4,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#4,org.springframework.security.authentication.AnonymousAuthenticationProvider#4,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#4,org.springframework.security.web.DefaultSecurityFilterChain#4,org.springframework.security.web.PortMapperImpl#5,org.springframework.security.web.PortResolverImpl#5,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#5,org.springframework.security.authentication.ProviderManager#5,org.springframework.security.web.context.NullSecurityContextRepository#5,org.springframework.security.web.savedrequest.NullRequestCache#5,org.springframework.security.access.vote.AffirmativeBased#6,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#5,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#5,org.springframework.security.authentication.AnonymousAuthenticationProvider#5,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#5,org.springframework.security.web.DefaultSecurityFilterChain#5,org.springframework.security.web.PortMapperImpl#6,org.springframework.security.web.PortResolverImpl#6,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#6,org.springframework.security.authentication.ProviderManager#6,org.springframework.security.web.context.NullSecurityContextRepository#6,org.springframework.security.web.savedrequest.NullRequestCache#6,org.springframework.security.access.vote.AffirmativeBased#7,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#6,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#6,org.springframework.security.authentication.AnonymousAuthenticationProvider#6,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#6,org.springframework.security.web.DefaultSecurityFilterChain#6,org.springframework.security.web.PortMapperImpl#7,org.springframework.security.web.PortResolverImpl#7,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#7,org.springframework.security.authentication.ProviderManager#7,org.springframework.security.web.context.NullSecurityContextRepository#7,org.springframework.security.web.savedrequest.NullRequestCache#7,org.springframework.security.access.vote.AffirmativeBased#8,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#7,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#7,org.springframework.security.authentication.AnonymousAuthenticationProvider#7,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#7,org.springframework.security.web.DefaultSecurityFilterChain#7,org.springframework.security.web.PortMapperImpl#8,org.springframework.security.web.PortResolverImpl#8,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#8,org.springframework.security.authentication.ProviderManager#8,org.springframework.security.web.context.NullSecurityContextRepository#8,org.springframework.security.web.savedrequest.NullRequestCache#8,org.springframework.security.access.vote.AffirmativeBased#9,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#8,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#8,org.springframework.security.authentication.AnonymousAuthenticationProvider#8,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#8,org.springframework.security.web.DefaultSecurityFilterChain#8,org.springframework.security.web.PortMapperImpl#9,org.springframework.security.web.PortResolverImpl#9,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#9,org.springframework.security.authentication.ProviderManager#9,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#9,org.springframework.security.authentication.AnonymousAuthenticationProvider#9,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.web.DefaultSecurityFilterChain#9,accessDecisionManager,loggerListener,dataSource,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager,contextSource,ldapAuthProvider,userSearch,org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor]; root of factory hierarchy
28-Apr-2021 14:20:48.816 SEVERE [localhost-startStop-1] org.springframework.web.context.ContextLoader.initWebApplicationContext Context initialization failed
 org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#9' while setting bean property 'sourceList' with key [9]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#9': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9' while setting constructor argument with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:334)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:358)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1419)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1160)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:620)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:942)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4792)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5256)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:754)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:730)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:985)
	at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1857)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#9': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9' while setting constructor argument with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:334)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:358)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:637)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1077)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:981)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
	... 30 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1514)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
	... 44 more
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:156)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1573)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1511)
	... 51 more
 #52343  by jllort
 
Try modifying the appcontext.xml in this manner ( I share only a section of the XML ):
Code: Select all
<security:global-method-security secured-annotations="enabled"/>
    
    <!-- Remove prefix to be able of use custom roles -->
    <beans:bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
        <beans:property name="rolePrefix" value="G-UZA-GS--"/>
    </beans:bean> 
    
    <!-- Status -->
    <security:http pattern="/Status" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http>
if all the roles will start with G-UZA-GS- then add "G-UZA-GS-", if will start with "G-" then add "G-", another option is to set empty ""

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.