Cannot access administration tab after changing role.admin.name

Problems with installing OpenKM? No problemo, the solution is closer than you think.
Forum rules
Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
Post Reply
MohamadAli
Fresh Boarder
Fresh Boarder
Posts: 12
Joined: Wed Mar 31, 2021 10:34 am

Cannot access administration tab after changing role.admin.name

Post by MohamadAli »

Hey,

Today I deleted the OpenKM folder from tomcat/webapps by mistake, then after exploding the .war again, I could access OpenKM as admin, but couldnt access administration tab, when I try to do it, I get the following: Unauthorized access.

Openkm was previously connected to AD, and default admin and user roles were changed from ROL_ADMIN and ROL_USER.
In database table okm_role, I have added the new admin role name. In okm_config, it is set to the new name.

However, in appContext.xml, the old role name came back (ROLE_ADMIN), and whenever I change it to the new role name, Openkm would give me 404 error and I cannot access the website anymore.

Any idea about how to fix this?
MohamadAli
Fresh Boarder
Fresh Boarder
Posts: 12
Joined: Wed Mar 31, 2021 10:34 am

Re: Cannot access administration tab after changing role.admin.name

Post by MohamadAli »

This is the error stack when I change admin role name to the new name in appContext and get the error 404 not found:

Code: Select all

28-Apr-2021 14:20:48.801 WARNING [localhost-startStop-1] org.springframework.context.support.AbstractApplicationContext.refresh Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#9' while setting bean property 'sourceList' with key [9]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#9': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9' while setting constructor argument with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
28-Apr-2021 14:20:48.801 INFO [localhost-startStop-1] org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.destroySingletons Destroying singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@4d342645: defining beans [dbAuthModule,org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,authService,bookmarkService,documentService,folderService,mailService,noteService,notificationService,propertyGroupService,propertyService,repositoryService,searchService,dashboardService,workflowService,testService,rest,cmisNavigationService,cmisPolicyService,cmisDiscoveryService,cmisMultiFilingService,cmisRepositoryService,cmisRelationshipService,cmisVersioningService,cmisObjectService,cmisAclService,CmisLifecycleBean,CmisServiceFactory,swagger2Feature,org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor#0,org.springframework.security.methodSecurityMetadataSourceAdvisor,org.springframework.aop.config.internalAutoProxyCreator,roleVoter,org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.NullSecurityContextRepository#0,org.springframework.security.web.savedrequest.NullRequestCache#0,org.springframework.security.access.vote.AffirmativeBased#1,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#0,org.springframework.security.web.PortMapperImpl#1,org.springframework.security.web.PortResolverImpl#1,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#1,org.springframework.security.authentication.ProviderManager#1,org.springframework.security.web.context.NullSecurityContextRepository#1,org.springframework.security.web.savedrequest.NullRequestCache#1,org.springframework.security.access.vote.AffirmativeBased#2,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#1,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#1,org.springframework.security.authentication.AnonymousAuthenticationProvider#1,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#1,org.springframework.security.web.DefaultSecurityFilterChain#1,org.springframework.security.web.PortMapperImpl#2,org.springframework.security.web.PortResolverImpl#2,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#2,org.springframework.security.authentication.ProviderManager#2,org.springframework.security.web.context.NullSecurityContextRepository#2,org.springframework.security.web.savedrequest.NullRequestCache#2,org.springframework.security.access.vote.AffirmativeBased#3,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#2,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#2,org.springframework.security.authentication.AnonymousAuthenticationProvider#2,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#2,org.springframework.security.web.DefaultSecurityFilterChain#2,org.springframework.security.web.PortMapperImpl#3,org.springframework.security.web.PortResolverImpl#3,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#3,org.springframework.security.authentication.ProviderManager#3,org.springframework.security.web.context.NullSecurityContextRepository#3,org.springframework.security.web.savedrequest.NullRequestCache#3,org.springframework.security.access.vote.AffirmativeBased#4,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#3,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#3,org.springframework.security.authentication.AnonymousAuthenticationProvider#3,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#3,org.springframework.security.web.DefaultSecurityFilterChain#3,org.springframework.security.web.PortMapperImpl#4,org.springframework.security.web.PortResolverImpl#4,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#4,org.springframework.security.authentication.ProviderManager#4,org.springframework.security.web.context.NullSecurityContextRepository#4,org.springframework.security.web.savedrequest.NullRequestCache#4,org.springframework.security.access.vote.AffirmativeBased#5,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#4,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#4,org.springframework.security.authentication.AnonymousAuthenticationProvider#4,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#4,org.springframework.security.web.DefaultSecurityFilterChain#4,org.springframework.security.web.PortMapperImpl#5,org.springframework.security.web.PortResolverImpl#5,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#5,org.springframework.security.authentication.ProviderManager#5,org.springframework.security.web.context.NullSecurityContextRepository#5,org.springframework.security.web.savedrequest.NullRequestCache#5,org.springframework.security.access.vote.AffirmativeBased#6,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#5,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#5,org.springframework.security.authentication.AnonymousAuthenticationProvider#5,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#5,org.springframework.security.web.DefaultSecurityFilterChain#5,org.springframework.security.web.PortMapperImpl#6,org.springframework.security.web.PortResolverImpl#6,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#6,org.springframework.security.authentication.ProviderManager#6,org.springframework.security.web.context.NullSecurityContextRepository#6,org.springframework.security.web.savedrequest.NullRequestCache#6,org.springframework.security.access.vote.AffirmativeBased#7,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#6,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#6,org.springframework.security.authentication.AnonymousAuthenticationProvider#6,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#6,org.springframework.security.web.DefaultSecurityFilterChain#6,org.springframework.security.web.PortMapperImpl#7,org.springframework.security.web.PortResolverImpl#7,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#7,org.springframework.security.authentication.ProviderManager#7,org.springframework.security.web.context.NullSecurityContextRepository#7,org.springframework.security.web.savedrequest.NullRequestCache#7,org.springframework.security.access.vote.AffirmativeBased#8,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#7,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#7,org.springframework.security.authentication.AnonymousAuthenticationProvider#7,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#7,org.springframework.security.web.DefaultSecurityFilterChain#7,org.springframework.security.web.PortMapperImpl#8,org.springframework.security.web.PortResolverImpl#8,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#8,org.springframework.security.authentication.ProviderManager#8,org.springframework.security.web.context.NullSecurityContextRepository#8,org.springframework.security.web.savedrequest.NullRequestCache#8,org.springframework.security.access.vote.AffirmativeBased#9,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#8,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#8,org.springframework.security.authentication.AnonymousAuthenticationProvider#8,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#8,org.springframework.security.web.DefaultSecurityFilterChain#8,org.springframework.security.web.PortMapperImpl#9,org.springframework.security.web.PortResolverImpl#9,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#9,org.springframework.security.authentication.ProviderManager#9,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#9,org.springframework.security.authentication.AnonymousAuthenticationProvider#9,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.web.DefaultSecurityFilterChain#9,accessDecisionManager,loggerListener,dataSource,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager,contextSource,ldapAuthProvider,userSearch,org.springframework.context.annotation.ConfigurationClassPostProcessor.importAwareProcessor]; root of factory hierarchy
28-Apr-2021 14:20:48.816 SEVERE [localhost-startStop-1] org.springframework.web.context.ContextLoader.initWebApplicationContext Context initialization failed
 org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#9' while setting bean property 'sourceList' with key [9]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#9': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9' while setting constructor argument with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:334)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:358)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1419)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1160)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:620)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:942)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4792)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5256)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:754)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:730)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:734)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:985)
	at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1857)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#9': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9' while setting constructor argument with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:334)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:358)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:637)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1077)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:981)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
	... 30 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#9': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1514)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
	... 44 more
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [G-UZA-GS-OpenKM_Admins]
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:156)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1573)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1511)
	... 51 more
jllort
Moderator
Moderator
Posts: 11512
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Cannot access administration tab after changing role.admin.name

Post by jllort »

Try modifying the appcontext.xml in this manner ( I share only a section of the XML ):

Code: Select all

<security:global-method-security secured-annotations="enabled"/>
    
    <!-- Remove prefix to be able of use custom roles -->
    <beans:bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
        <beans:property name="rolePrefix" value="G-UZA-GS--"/>
    </beans:bean> 
    
    <!-- Status -->
    <security:http pattern="/Status" create-session="stateless">
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <security:http-basic />
    </security:http>
if all the roles will start with G-UZA-GS- then add "G-UZA-GS-", if will start with "G-" then add "G-", another option is to set empty ""
jllort
Moderator
Moderator
Posts: 11512
Joined: Fri Dec 21, 2007 11:23 am
Location: Sineu - ( Illes Balears ) - Spain
Contact:

Re: Cannot access administration tab after changing role.admin.name

Post by jllort »

If not working share your appContext.xml and we'll take a look at it.
MohamadAli
Fresh Boarder
Fresh Boarder
Posts: 12
Joined: Wed Mar 31, 2021 10:34 am

Re: Cannot access administration tab after changing role.admin.name

Post by MohamadAli »

its working now, I set rolePrefix to "" and admin role name to the full GS-UZA-GS-OpenKM_ADMINS.

Thank you very much :)
Post Reply