Uploaded image for project: 'Alfresco'
  1. Alfresco
  2. ALF-21072

Webscript with authentication set to "none" does not work

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 4.2.f Community
    • Fix Version/s: None
    • Component/s: REST API
    • Security Level: external (External user)
    • Labels:
      None
    • Environment:
      Ubuntu Server 10.04 LTS, Tomcat 7.0.42
    • Security Severity:
      None

      Description

      Webscript with a Javascript controller and authentification set to "none" fails with "A valid SecureContext was not provided in the RequestContext" error. I do not access any content in the repository, so authentication should not be required.

      May I beg you to review ASAP, because it is very important to know if it is a bug or not.

      I've attached all needed files, so you can easily reproduce. Here is the url I used to test the webscript:

      https://alfrescotest.example.com:8443/alfresco/service/helloworld?name=Ramesh

      Stacktrace:

       2014-08-19 06:38:55,780  ERROR [extensions.webscripts.AbstractRuntime] [http-bio-10.1.1.140-8443-exec-72] Exception from executeScript - redirecting to status template error: 07190027 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext
       org.springframework.extensions.webscripts.WebScriptException: 07190027 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext
              at org.springframework.extensions.webscripts.AbstractWebScript.createStatusException(AbstractWebScript.java:1067)
              at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:171)
              at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:377)
              at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:529)
              at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:268)
              at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:378)
              at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)
              at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
              at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
              at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
              at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
              at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
              at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
              at java.lang.Thread.run(Thread.java:745)
      Caused by: net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: A valid SecureContext was not provided in the RequestContext
              at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:481)
              at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:359)
              at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:46)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:161)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
              at com.sun.proxy.$Proxy52.hasPermission(Unknown Source)
              at org.alfresco.service.cmr.repository.Path.toDisplayPath(Path.java:208)
              at org.alfresco.repo.web.scripts.RepoStore.getPath(RepoStore.java:297)
              at org.alfresco.repo.web.scripts.RepoStore.getBaseDir(RepoStore.java:262)
              at org.alfresco.repo.web.scripts.RepoStore.access$000(RepoStore.java:73)
              at org.alfresco.repo.web.scripts.RepoStore$RepoScriptContent.getPath(RepoStore.java:1070)
              at org.springframework.extensions.webscripts.ScriptProcessorRegistry.getScriptProcessor(ScriptProcessorRegistry.java:173)
              at org.springframework.extensions.webscripts.AbstractWebScript.executeScript(AbstractWebScript.java:1304)
              at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:86)
              ... 26 more
      

        Attachments

          Activity

          Hide
          gmelahn Greg Melahn added a comment -

          I just tried the webscript you provided on Community 5.0.d and set the auth=none using WizTools RESTClient 3.1 and did not see the error. See attached screen capture.

          Show
          gmelahn Greg Melahn added a comment - I just tried the webscript you provided on Community 5.0.d and set the auth=none using WizTools RESTClient 3.1 and did not see the error. See attached screen capture.

            People

            • Assignee:
              closedissues Closed Issues
              Reporter:
              krumboeck Bernd Krumböck
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour
                1h