Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-76512

Wrong PrincipalException$MustHavePermission debug trace in SecurityPortletContainerWrapper

    Details

      Description

      Wrong PrincipalException$MustHavePermission debug trace in SecurityPortletContainerWrapper.

      The debug trace says:

      2017-12-14 12:07:31.981 DEBUG [http-nio-9080-exec-9][SecurityPortletContainerWrapper:396] null
      com.liferay.portal.kernel.security.auth.PrincipalException$MustHavePermission: User 20141 must have Calendar,com_liferay_calendar_web_portlet_CalendarPortlet_INSTANCE_blablabla,ACCESS permission for null 0
              at com.liferay.portal.kernel.model.impl.DefaultLayoutTypeAccessPolicyImpl.checkAccessAllowedToPortlet(DefaultLayoutTypeAccessPolicyImpl.java:69)
              at 
      [...]
      

      but it should be:

      2017-12-14 12:07:31.981 DEBUG [http-nio-9080-exec-9][SecurityPortletContainerWrapper:396] null
      com.liferay.portal.kernel.security.auth.PrincipalException$MustHavePermission: User 20141 must have ACCESS permission for Calendar com_liferay_calendar_web_portlet_CalendarPortlet_INSTANCE_blablabla
              at com.liferay.portal.kernel.model.impl.DefaultLayoutTypeAccessPolicyImpl.checkAccessAllowedToPortlet(DefaultLayoutTypeAccessPolicyImpl.java:69)
              at 
      [...]
      

      Steps to reproduce

      1. Go to control panel => log level and set to DEBUG the category com.liferay.portlet.SecurityPortletContainerWrapper
      2. Create an empty page
      3. Query database and retrieve its plid using following query:
        select plid, friendlyurl from Layout
      4. Open following URL in a browser, replacing {PLID} parameter with the plid of created page:
        http://localhost:8080/c/portal/layout?p_l_id={PLID}&p_p_cacheability=cacheLevelPage&p_p_id=com_liferay_calendar_web_portlet_CalendarPortlet_INSTANCE_blablabla&p_p_lifecycle=2&p_p_resource_id=currentTime
        
      5. A debug trace with a stacktrace is written to log:
        • Wrong behavior: Debug trace is wrong
          com.liferay.portal.kernel.security.auth.PrincipalException$MustHavePermission: User 20141 must have Calendar,com_liferay_calendar_web_portlet_CalendarPortlet_INSTANCE_blablabla,ACCESS permission for null 0
        • Expected behavior: Debug trace is right
          com.liferay.portal.kernel.security.auth.PrincipalException$MustHavePermission: User 20141 must have ACCESS permission for Calendar com_liferay_calendar_web_portlet_CalendarPortlet_INSTANCE_blablabla

        Attachments

          Activity

            People

            • Assignee:
              sharry.shi Sharry Shi
              Reporter:
              jorge.diaz Jorge Diaz
              Participants of an Issue:
              Recent user:
              Csaba Turcsan
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 47 weeks, 2 days ago

                Packages

                Version Package
                7.0.0 DXP FP35
                7.0.0 DXP SP7
                7.0.5 CE GA6
                7.0.X
                7.1.0 M1
                7.1.X
                Master