PUBLIC - Liferay Portal Community Edition

Search Container is not working for service-builder generated entries with PACL enabled

Details

  • Branch Version/s:
    6.1.x
  • Backported to Branch:
    Committed
  • Fix Priority:
    5
  • Similar Issues:
    Show 5 results 

Description

I have portlet with some entities generated by Service Builder and trying to display list of this entries with using search container.

I've got error:

20:30:38,990 ERROR [http-bio-8080-exec-3][BeanPropertiesImpl:337] java.lang.SecurityException: Attempted to access declared members
java.lang.SecurityException: Attempted to access declared members
at com.liferay.portal.security.pacl.checker.BaseChecker.throwSecurityException(BaseChecker.java:259)
at com.liferay.portal.security.pacl.checker.RuntimeChecker.checkPermission(RuntimeChecker.java:71)
at com.liferay.portal.security.pacl.ActivePACLPolicy.checkPermission(ActivePACLPolicy.java:55)
at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:103)
at com.liferay.portal.security.lang.PortalSecurityManager.checkPermission(PortalSecurityManager.java:74)
at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
at java.lang.Class.checkMemberAccess(Class.java:2157)
at java.lang.Class.getDeclaredMethods(Class.java:1790)
at jodd.util.ReflectUtil.getAccessibleMethods(ReflectUtil.java:297)
at jodd.util.ReflectUtil.getAccessibleMethods(ReflectUtil.java:281)
at jodd.introspector.ClassDescriptor.inspectProperties(ClassDescriptor.java:338)
at jodd.introspector.ClassDescriptor.getBeanGetter(ClassDescriptor.java:431)
at jodd.bean.BeanUtilBean.getSimpleProperty(BeanUtilBean.java:123)
at jodd.bean.BeanUtilBean.getIndexProperty(BeanUtilBean.java:250)
at jodd.bean.BeanUtilBean.getProperty(BeanUtilBean.java:482)
at jodd.bean.BeanUtil.getProperty(BeanUtil.java:111)
at com.liferay.portal.bean.BeanPropertiesImpl.getObject(BeanPropertiesImpl.java:334)
at com.liferay.portal.bean.BeanPropertiesImpl.getObject(BeanPropertiesImpl.java:326)
at com.liferay.portal.kernel.bean.BeanPropertiesUtil.getObject(BeanPropertiesUtil.java:163)
at com.liferay.taglib.ui.SearchContainerRowTag.processRow(SearchContainerRowTag.java:297)
at com.liferay.taglib.ui.SearchContainerRowTag.doAfterBody(SearchContainerRowTag.java:95)

Line
at com.liferay.taglib.ui.SearchContainerRowTag.processRow(SearchContainerRowTag.java:297)

is

Object primaryKeyObj = BeanPropertiesUtil.getObject(
model, _keyProperty);

"model" here is my model implementation: ru.emdev.timetracking.model.impl.TimeTrackingEntryModelImpl

I've tried to add it into security-manager-get-bean-property - but it does not help to avoid this problem.

Is search container working with PACL enabled? Is it possible to use own models with PACL?

Issue Links

is related to

Bug - A problem which impairs or prevents the functions of the product. LPS-31244 Use code source checks to allow classes loaded form known jars to get the portal class loader or get/set bean properties without any security check

  • Minor - Minor loss of function, or other problem where easy workaround is present.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Zsolt Berentey added a comment -

Hey Alexey,

SearchContainer needs two things as far as PACL is concerned:

1. security-manager-class-loader-reference-ids=portal
2. security-manager-get-bean-property=jodd.util.ReflectUtil

I agree that the second one should be automatically handled since Liferay's own util-taglib.jar is used, so we can verify ReflectUtil when it's loaded from the jar provided by the portal. The fix for that is on the way.

The first one however must be declared if you want to use the search container tag (though since you didn't get a security exception for that I presume it's already declared).

Best,
Zsolt

Show
Zsolt Berentey added a comment - Hey Alexey, SearchContainer needs two things as far as PACL is concerned: 1. security-manager-class-loader-reference-ids=portal 2. security-manager-get-bean-property=jodd.util.ReflectUtil I agree that the second one should be automatically handled since Liferay's own util-taglib.jar is used, so we can verify ReflectUtil when it's loaded from the jar provided by the portal. The fix for that is on the way. The first one however must be declared if you want to use the search container tag (though since you didn't get a security exception for that I presume it's already declared). Best, Zsolt
Hide
Permalink
Alexey Kakunin added a comment -

I had security-manager-class-loader-reference-ids=portal and I've added jodd.util.ReflectUtil to list of security-manager-get-bean-property - it is not help - I have same exception

Show
Alexey Kakunin added a comment - I had security-manager-class-loader-reference-ids=portal and I've added jodd.util.ReflectUtil to list of security-manager-get-bean-property - it is not help - I have same exception
Hide
Permalink
Tammy Fong added a comment -

Committed on:
Portal 6.2.x GIT ID: 7e39a523e9b527e995d09b522e31ad0ad12448f9.

Show
Tammy Fong added a comment - Committed on: Portal 6.2.x GIT ID: 7e39a523e9b527e995d09b522e31ad0ad12448f9.
Hide
Permalink
Brian Chiu added a comment -

This was also committed to plugins.

Committed on:
Plugins 6.2.x GIT ID: 6ef6417698b8a4451cb9622afd4e31572a69dede.

Show
Brian Chiu added a comment - This was also committed to plugins. Committed on: Plugins 6.2.x GIT ID: 6ef6417698b8a4451cb9622afd4e31572a69dede.
Hide
Permalink
Brian Chiu added a comment -

PASSED Manual Testing using the following steps:

  1. Deploy test-pacl portlet (dependencies are chat-portlet, flash-portlet, and sample-service-builder-portlet)
  2. Add the test-pacl portlet to a page
  3. Verify that the "Search Container" tests pass

Reproduced on:
Tomcat 7.0.27 + MySQL 5. Portal 6.1.x EE GIT ID: 2ce945094b303880b7f12fff14a8146e356a4f02.
Plugins 6.1.x EE GIT ID: db646e35886f2e333dfa9608844a057ef4306d68.

At this point, the test-pacl portlet does not render and there are exceptions thrown in the console.

Fixed on:
Tomcat 7.0.27 + MySQL 5. Portal 6.1.x EE GIT ID: d9654b779d8b2df91cadccb429ebac4d79f823f6.
Plugins 6.1.x EE GIT ID: 9a220c2cf5a0a585f88e7cf6d8dbb67fc3618697.
Tomcat 7.0.27 + MySQL 5. Portal 6.2.x GIT ID: 6a82d3783eb34c57c50b36377bee17e3ec1b48aa.
Plugins 6.2.x GIT ID: 5ee4b3df9fd6747b9686e590e953dcca90a77aab.

The Search Container tests pass. I've attached a screenshot.

Show
Brian Chiu added a comment - PASSED Manual Testing using the following steps: Deploy test-pacl portlet (dependencies are chat-portlet, flash-portlet, and sample-service-builder-portlet) Add the test-pacl portlet to a page Verify that the "Search Container" tests pass Reproduced on: Tomcat 7.0.27 + MySQL 5. Portal 6.1.x EE GIT ID: 2ce945094b303880b7f12fff14a8146e356a4f02. Plugins 6.1.x EE GIT ID: db646e35886f2e333dfa9608844a057ef4306d68. At this point, the test-pacl portlet does not render and there are exceptions thrown in the console. Fixed on: Tomcat 7.0.27 + MySQL 5. Portal 6.1.x EE GIT ID: d9654b779d8b2df91cadccb429ebac4d79f823f6. Plugins 6.1.x EE GIT ID: 9a220c2cf5a0a585f88e7cf6d8dbb67fc3618697. Tomcat 7.0.27 + MySQL 5. Portal 6.2.x GIT ID: 6a82d3783eb34c57c50b36377bee17e3ec1b48aa. Plugins 6.2.x GIT ID: 5ee4b3df9fd6747b9686e590e953dcca90a77aab. The Search Container tests pass. I've attached a screenshot.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
    Days since last comment:
    23 weeks, 1 day ago