The AccessDeniedExceptions that are thrown by Alfresco are very unspecific. In the years I have been working with Alfresco I was faced with AccessDeniedExceptions in production systems several times and it is always very hard to find the underlying issue.
- Which node caused the exception?
- Which user context was denied access?
To fix this, I propose adding additional logging to the ExceptionTranslatorMethodInterceptor to log out additional information (method, call parameters and current user context).
Alternatively these Information could be added instead to the message text of the AccessDeniedException.
Attached to the issue you’ll find an AMP project with a patched version of the ExceptionTranslatorMethodInterceptor that introduces additional logging and a unit test that causes an AccessDeniedException (but does currently not assert the log output).