• Cancel Workflow Button Gives Admin Error

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #42453  by alexwgordon
 
Hi all,

I'm working on a workflow and I have it working on my test environment, but I realized the two users I was using both had admin rights. So when I try to use the Cancel button in my workflow, it ends the workflow and cancels any checkout on the current file if there is one. However, on my production environment, the people who could potentially cancelling the workflow (or performing an upload) are not the initiator of the workflow and are not admins.

Is it possible to make forceCancelCheckout (upload as well) to be accessible to more than just the admin? I cannot just make everyone admin for many reasons, but the main one being that we need to have specific user permissions on each of our folders and files and if they're admin those permissions basically go away. Any advice/solutions/input would be greatly appreciated! Thanks in advance!
Last edited by alexwgordon on Tue Oct 25, 2016 8:05 pm, edited 2 times in total.
 #42456  by jllort
 
You must use the systemToken which you can get with:
Code: Select all
String systemToken = DbSessionManager.getInstance().getSystemToken();
When using system token, you are acting as user "system" which is an internal user with ROLE_ADMIN grants. Use the system token when calling forceCancelCheckout method rather null value.
 #42470  by alexwgordon
 
Hi jllort,

Okay so seems that it doesn't work all of a sudden. I'm not sure what changed and it isn't working with the forceCancelCheckout. My ActionHandler looks like this:
Code: Select all
package com.openkm.workflow.approval;

import org.jbpm.graph.def.ActionHandler;
import org.jbpm.graph.exe.ExecutionContext;

import com.openkm.api.OKMDocument;
import com.openkm.api.OKMRepository;
import com.openkm.module.db.stuff.DbSessionManager;

public class CancellingCheckout implements ActionHandler {
	
	private static final long serialVersionUID = 1L;
	
	public void execute(ExecutionContext context) throws Exception {
		String systemToken = DbSessionManager.getInstance().getSystemToken();
		String myuuid = (String) context.getContextInstance().getVariable("uuid");
    	String mypath = OKMRepository.getInstance().getNodePath(systemToken, myuuid);
    	if (OKMDocument.getInstance().isCheckedOut(systemToken, mypath)) {
			OKMDocument.getInstance().forceCancelCheckout(systemToken, mypath); 	//Cancel checkout because we're canceling
		}
    }
}
And my error code I'm getting is this:
Code: Select all
2016-10-25 13:01:57,235 [http-bio-127.0.0.1-8080-exec-9] ERROR org.jbpm.graph.def.GraphElement- action threw exception: Only administrator use allowed
com.openkm.core.AccessDeniedException: Only administrator use allowed
	at com.openkm.module.db.DbDocumentModule.forceCancelCheckout(DbDocumentModule.java:700)
	at com.openkm.api.OKMDocument.forceCancelCheckout(OKMDocument.java:194)
	at com.openkm.workflow.approval.CancellingCheckout.execute(CancellingCheckout.java:19)
	at org.jbpm.graph.def.Action.execute(Action.java:129)
	at org.jbpm.graph.def.GraphElement.executeAction(GraphElement.java:284)
	at org.jbpm.graph.def.GraphElement.executeActions(GraphElement.java:241)
	at org.jbpm.graph.def.GraphElement.fireAndPropagateEvent(GraphElement.java:213)
	at org.jbpm.graph.def.GraphElement.fireEvent(GraphElement.java:196)
	at org.jbpm.graph.def.Node.enter(Node.java:371)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.def.Node_$$_javassist_119.enter(Node_$$_javassist_119.java)
	at org.jbpm.graph.def.Transition.take(Transition.java:167)
	at org.jbpm.graph.def.Node.leave(Node.java:479)
	at org.jbpm.graph.node.TaskNode.leave(TaskNode.java:213)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.def.Node_$$_javassist_119.leave(Node_$$_javassist_119.java)
	at org.jbpm.graph.exe.Token.signal(Token.java:223)
	at org.jbpm.graph.exe.Token.signal(Token.java:188)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.exe.Token_$$_javassist_10.signal(Token_$$_javassist_10.java)
	at org.jbpm.taskmgmt.exe.TaskInstance.end(TaskInstance.java:495)
	at org.jbpm.taskmgmt.exe.TaskInstance.end(TaskInstance.java:436)
	at com.openkm.module.common.CommonWorkflowModule.setTaskInstanceValues(CommonWorkflowModule.java:705)
	at com.openkm.module.db.DbWorkflowModule.setTaskInstanceValues(DbWorkflowModule.java:689)
	at com.openkm.api.OKMWorkflow.setTaskInstanceValues(OKMWorkflow.java:277)
	at com.openkm.servlet.frontend.WorkflowServlet.setTaskInstanceValues(WorkflowServlet.java:278)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)
	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)
2016-10-25 13:01:57,251 [http-bio-127.0.0.1-8080-exec-9] ERROR com.openkm.servlet.frontend.WorkflowServlet- Only administrator use allowed
com.openkm.core.WorkflowException: Only administrator use allowed
	at com.openkm.module.common.CommonWorkflowModule.setTaskInstanceValues(CommonWorkflowModule.java:716)
	at com.openkm.module.db.DbWorkflowModule.setTaskInstanceValues(DbWorkflowModule.java:689)
	at com.openkm.api.OKMWorkflow.setTaskInstanceValues(OKMWorkflow.java:277)
	at com.openkm.servlet.frontend.WorkflowServlet.setTaskInstanceValues(WorkflowServlet.java:278)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)
	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.jbpm.graph.def.DelegationException: Only administrator use allowed
	at org.jbpm.graph.def.GraphElement.raiseException(GraphElement.java:388)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.def.ProcessDefinition_$$_javassist_9.raiseException(ProcessDefinition_$$_javassist_9.java)
	at org.jbpm.graph.def.GraphElement.raiseException(GraphElement.java:379)
	at org.jbpm.graph.def.GraphElement.executeAction(GraphElement.java:301)
	at org.jbpm.graph.def.GraphElement.executeActions(GraphElement.java:241)
	at org.jbpm.graph.def.GraphElement.fireAndPropagateEvent(GraphElement.java:213)
	at org.jbpm.graph.def.GraphElement.fireEvent(GraphElement.java:196)
	at org.jbpm.graph.def.Node.enter(Node.java:371)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.def.Node_$$_javassist_119.enter(Node_$$_javassist_119.java)
	at org.jbpm.graph.def.Transition.take(Transition.java:167)
	at org.jbpm.graph.def.Node.leave(Node.java:479)
	at org.jbpm.graph.node.TaskNode.leave(TaskNode.java:213)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.def.Node_$$_javassist_119.leave(Node_$$_javassist_119.java)
	at org.jbpm.graph.exe.Token.signal(Token.java:223)
	at org.jbpm.graph.exe.Token.signal(Token.java:188)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.exe.Token_$$_javassist_10.signal(Token_$$_javassist_10.java)
	at org.jbpm.taskmgmt.exe.TaskInstance.end(TaskInstance.java:495)
	at org.jbpm.taskmgmt.exe.TaskInstance.end(TaskInstance.java:436)
	at com.openkm.module.common.CommonWorkflowModule.setTaskInstanceValues(CommonWorkflowModule.java:705)
	... 55 more
Caused by: com.openkm.core.AccessDeniedException: Only administrator use allowed
	at com.openkm.module.db.DbDocumentModule.forceCancelCheckout(DbDocumentModule.java:700)
	at com.openkm.api.OKMDocument.forceCancelCheckout(OKMDocument.java:194)
	at com.openkm.workflow.approval.CancellingCheckout.execute(CancellingCheckout.java:19)
	at org.jbpm.graph.def.Action.execute(Action.java:129)
	at org.jbpm.graph.def.GraphElement.executeAction(GraphElement.java:284)
	... 85 more
And my source code for the workflow for that node looks like:
Code: Select all
<task-node name="reviewerAndUpload">
		<task name="Choose Reviewer and Upload Revised File">
			<assignment class="com.openkm.workflow.approval.ActorAssigment"></assignment>
		</task>
		<event type="node-leave">
			<action class="com.openkm.workflow.approval.AssignNewReviewer" name="assignNewReviewer"></action>
		</event>
		<transition to="uploadSpecific" name="upprove"></transition>
		<transition to="assign" name="next"></transition>
		<transition to="resassignInitiator" name="pleaseReview">
			<action name="cancelCheckout" class="com.openkm.workflow.approval.CancellingCheckout"></action>
			<action name="taskOwner" class="com.openkm.workflow.approval.CurrentTaskOwner"></action>
		</transition>
		<transition to="cancellation" name="cancel"></transition>
	</task-node>
I'm not really sure, I didn't change anything, but it's unhappy now. Any idea what is going on?
Last edited by alexwgordon on Mon Aug 07, 2017 6:10 pm, edited 1 time in total.
 #42500  by pavila
 
In fact it is a problem because right now only users with ROLE_ADMIN are allowed to force a checkout cancellation. I suppose "system" user should have also this role.
 #44503  by alexwgordon
 
Hi jllort,

so neither with using
Code: Select all
String okmAdminToken = OKMAuth.getInstance().login("okmAdmin", "pass");
OKMDocument.getInstance().forceCancelCheckout(okmAdminToken, updateNode);
OKMAuth.getInstance().logout(okmAdminToken);
or
Code: Select all
String systemToken = DbSessionManager.getInstance().getSystemToken();
OKMDocument.getInstance().forceCancelCheckout(systemToken, updateNode);
Works to force the cancellation of a checkout. I always get this error regardless
Code: Select all
2017-08-07 11:10:21,642 [http-bio-127.0.0.1-8080-exec-55] ERROR org.jbpm.graph.def.GraphElement- action threw exception: Only administrator use allowed
com.openkm.core.AccessDeniedException: Only administrator use allowed
	at com.openkm.module.db.DbDocumentModule.forceCancelCheckout(DbDocumentModule.java:700)
	at com.openkm.api.OKMDocument.forceCancelCheckout(OKMDocument.java:194)
	at com.openkm.workflow.approval.MoveUpdate.execute(MoveUpdate.java:80)
	at org.jbpm.graph.def.Action.execute(Action.java:129)
	at org.jbpm.graph.def.GraphElement.executeAction(GraphElement.java:284)
	at org.jbpm.graph.def.GraphElement.executeActions(GraphElement.java:241)
	at org.jbpm.graph.def.GraphElement.fireAndPropagateEvent(GraphElement.java:213)
	at org.jbpm.graph.def.GraphElement.fireEvent(GraphElement.java:196)
	at org.jbpm.graph.def.Node.enter(Node.java:371)
	at sun.reflect.GeneratedMethodAccessor711.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.def.Node_$$_javassist_119.enter(Node_$$_javassist_119.java)
	at org.jbpm.graph.def.Transition.take(Transition.java:167)
	at org.jbpm.graph.def.Node.leave(Node.java:479)
	at org.jbpm.graph.node.TaskNode.leave(TaskNode.java:213)
	at sun.reflect.GeneratedMethodAccessor729.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.def.Node_$$_javassist_119.leave(Node_$$_javassist_119.java)
	at org.jbpm.graph.exe.Token.signal(Token.java:223)
	at org.jbpm.graph.exe.Token.signal(Token.java:188)
	at sun.reflect.GeneratedMethodAccessor739.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.exe.Token_$$_javassist_10.signal(Token_$$_javassist_10.java)
	at org.jbpm.taskmgmt.exe.TaskInstance.end(TaskInstance.java:495)
	at org.jbpm.taskmgmt.exe.TaskInstance.end(TaskInstance.java:436)
	at com.openkm.module.common.CommonWorkflowModule.setTaskInstanceValues(CommonWorkflowModule.java:705)
	at com.openkm.module.db.DbWorkflowModule.setTaskInstanceValues(DbWorkflowModule.java:689)
	at com.openkm.api.OKMWorkflow.setTaskInstanceValues(OKMWorkflow.java:277)
	at com.openkm.servlet.frontend.WorkflowServlet.setTaskInstanceValues(WorkflowServlet.java:278)
	at sun.reflect.GeneratedMethodAccessor735.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)
	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)
2017-08-07 11:10:21,653 [http-bio-127.0.0.1-8080-exec-55] ERROR com.openkm.servlet.frontend.WorkflowServlet- Only administrator use allowed
com.openkm.core.WorkflowException: Only administrator use allowed
	at com.openkm.module.common.CommonWorkflowModule.setTaskInstanceValues(CommonWorkflowModule.java:716)
	at com.openkm.module.db.DbWorkflowModule.setTaskInstanceValues(DbWorkflowModule.java:689)
	at com.openkm.api.OKMWorkflow.setTaskInstanceValues(OKMWorkflow.java:277)
	at com.openkm.servlet.frontend.WorkflowServlet.setTaskInstanceValues(WorkflowServlet.java:278)
	at sun.reflect.GeneratedMethodAccessor735.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)
	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:101)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.jbpm.graph.def.DelegationException: Only administrator use allowed
	at org.jbpm.graph.def.GraphElement.raiseException(GraphElement.java:388)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.def.ProcessDefinition_$$_javassist_9.raiseException(ProcessDefinition_$$_javassist_9.java)
	at org.jbpm.graph.def.GraphElement.raiseException(GraphElement.java:379)
	at org.jbpm.graph.def.GraphElement.executeAction(GraphElement.java:301)
	at org.jbpm.graph.def.GraphElement.executeActions(GraphElement.java:241)
	at org.jbpm.graph.def.GraphElement.fireAndPropagateEvent(GraphElement.java:213)
	at org.jbpm.graph.def.GraphElement.fireEvent(GraphElement.java:196)
	at org.jbpm.graph.def.Node.enter(Node.java:371)
	at sun.reflect.GeneratedMethodAccessor711.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.def.Node_$$_javassist_119.enter(Node_$$_javassist_119.java)
	at org.jbpm.graph.def.Transition.take(Transition.java:167)
	at org.jbpm.graph.def.Node.leave(Node.java:479)
	at org.jbpm.graph.node.TaskNode.leave(TaskNode.java:213)
	at sun.reflect.GeneratedMethodAccessor729.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.def.Node_$$_javassist_119.leave(Node_$$_javassist_119.java)
	at org.jbpm.graph.exe.Token.signal(Token.java:223)
	at org.jbpm.graph.exe.Token.signal(Token.java:188)
	at sun.reflect.GeneratedMethodAccessor739.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:197)
	at org.jbpm.graph.exe.Token_$$_javassist_10.signal(Token_$$_javassist_10.java)
	at org.jbpm.taskmgmt.exe.TaskInstance.end(TaskInstance.java:495)
	at org.jbpm.taskmgmt.exe.TaskInstance.end(TaskInstance.java:436)
	at com.openkm.module.common.CommonWorkflowModule.setTaskInstanceValues(CommonWorkflowModule.java:705)
	... 54 more
Caused by: com.openkm.core.AccessDeniedException: Only administrator use allowed
	at com.openkm.module.db.DbDocumentModule.forceCancelCheckout(DbDocumentModule.java:700)
	at com.openkm.api.OKMDocument.forceCancelCheckout(OKMDocument.java:194)
	at com.openkm.workflow.approval.MoveUpdate.execute(MoveUpdate.java:80)
	at org.jbpm.graph.def.Action.execute(Action.java:129)
	at org.jbpm.graph.def.GraphElement.executeAction(GraphElement.java:284)
	... 81 more

However, just right-clicking on the item in the GUI and force cancelling with okmAdmin works just fine. Any idea why the system token nor okmAdmin token can cancel the checkout in a workflow? Thanks!
 #44515  by jllort
 
This code should going right:
Code: Select all
String systemToken = DbSessionManager.getInstance().getSystemToken();
OKMDocument.getInstance().forceCancelCheckout(systemToken, updateNode);
I suggest try to debug it and also check from scripting. Share with us the results, might be we have a hidden bug, first try from scripting, if from there it fails, then sure we have some unknown bug.

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.