Alfresco
  1. Alfresco
  2. ALF-21072

Webscript with authentication set to "none" does not work

    Details

    • Type: Bug Bug
    • Status: New
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 4.2.f Community
    • Fix Version/s: None
    • Component/s: REST API
    • Security Level: external (External user)
    • Labels:
      None
    • Environment:
      Ubuntu Server 10.04 LTS, Tomcat 7.0.42
    • Security Severity:
      None
    • Triage:
      To Do

      Description

      Webscript with a Javascript controller and authentification set to "none" fails with "A valid SecureContext was not provided in the RequestContext" error. I do not access any content in the repository, so authentication should not be required.

      May I beg you to review ASAP, because it is very important to know if it is a bug or not.

      I've attached all needed files, so you can easily reproduce. Here is the url I used to test the webscript:

      https://alfrescotest.example.com:8443/alfresco/service/helloworld?name=Ramesh

      Stacktrace:

       2014-08-19 06:38:55,780  ERROR [extensions.webscripts.AbstractRuntime] [http-bio-10.1.1.140-8443-exec-72] Exception from executeScript - redirecting to status template error: 07190027 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext
       org.springframework.extensions.webscripts.WebScriptException: 07190027 Wrapped Exception (with status template): A valid SecureContext was not provided in the RequestContext
              at org.springframework.extensions.webscripts.AbstractWebScript.createStatusException(AbstractWebScript.java:1067)
              at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:171)
              at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:377)
              at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:529)
              at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:268)
              at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:378)
              at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)
              at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:132)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
              at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:61)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
              at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
              at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
              at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
              at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
              at java.lang.Thread.run(Thread.java:745)
      Caused by: net.sf.acegisecurity.AuthenticationCredentialsNotFoundException: A valid SecureContext was not provided in the RequestContext
              at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:481)
              at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:359)
              at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:46)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:161)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
              at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
              at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
              at com.sun.proxy.$Proxy52.hasPermission(Unknown Source)
              at org.alfresco.service.cmr.repository.Path.toDisplayPath(Path.java:208)
              at org.alfresco.repo.web.scripts.RepoStore.getPath(RepoStore.java:297)
              at org.alfresco.repo.web.scripts.RepoStore.getBaseDir(RepoStore.java:262)
              at org.alfresco.repo.web.scripts.RepoStore.access$000(RepoStore.java:73)
              at org.alfresco.repo.web.scripts.RepoStore$RepoScriptContent.getPath(RepoStore.java:1070)
              at org.springframework.extensions.webscripts.ScriptProcessorRegistry.getScriptProcessor(ScriptProcessorRegistry.java:173)
              at org.springframework.extensions.webscripts.AbstractWebScript.executeScript(AbstractWebScript.java:1304)
              at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:86)
              ... 26 more
      
      1. helloworld.get.desc.xml
        0.2 kB
        Bernd Krumböck
      2. helloworld.get.html.ftl
        0.1 kB
        Bernd Krumböck
      3. helloworld.get.js
        0.0 kB
        Bernd Krumböck

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Greg Melahn
            Reporter:
            Bernd Krumböck
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: