Details
-
Bug
-
Status: Closed
-
Resolution: Fixed
-
6.1.X EE, 6.2.X EE, 7.0.X, 7.1.X, Master
-
7.1.x, 7.0.x
-
Committed
-
3
-
Accessibility
Description
We're running into this exception (403 Forbidden) when trying to invoke get-company-users and then get-contact for each returned user.
2018-07-19 21:52:33.023 INFO 54 --- [Timer-0] c.l.o.a.d.e.dog.impl.UserDogImpl : Body: {"$user = /user/get-company-users":{"companyId":20115,"start":0,"end":500,"$contact = /contact/get-contact":{"@contactId":"$user.contactId"}}}
2018-07-19 21:52:33.439 ERROR 54 --- [Timer-0] .a.d.e.b.OSBAsahDXPExtractorBotTimerTask : org.springframework.web.client.HttpClientErrorException: 403 Forbidden
org.springframework.web.client.HttpClientErrorException: 403 Forbidden
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:63) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:531) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
at com.liferay.osb.asah.dxp.extractor.spring.http.HttpUtil.get(HttpUtil.java:67) ~[main/:na]
at com.liferay.osb.asah.dxp.extractor.client.impl.DXPClientImpl._get(DXPClientImpl.java:83) ~[main/:na]
at com.liferay.osb.asah.dxp.extractor.client.impl.DXPClientImpl.getJSONArray(DXPClientImpl.java:44) ~[main/:na]
at com.liferay.osb.asah.dxp.extractor.dog.impl.UserDogImpl.getCompanyUsersJSONArray(UserDogImpl.java:58) ~[main/:na]
at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot$4.paginate(OSBAsahDXPExtractorBot.java:301) ~[main/:na]
at com.liferay.osb.asah.common.json.JSONArrayPaginator.<init>(JSONArrayPaginator.java:37) ~[com.liferay.osb.asah.common-1.0.0-20180712.210807-37.jar:na]
at com.liferay.osb.asah.common.json.JSONArrayPaginator.<init>(JSONArrayPaginator.java:25) ~[com.liferay.osb.asah.common-1.0.0-20180712.210807-37.jar:na]
at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot$4.<init>(OSBAsahDXPExtractorBot.java:295) ~[main/:na]
at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populateUsers(OSBAsahDXPExtractorBot.java:295) ~[main/:na]
at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populateCompanies(OSBAsahDXPExtractorBot.java:161) ~[main/:na]
at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populate(OSBAsahDXPExtractorBot.java:133) ~[main/:na]
at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.run(OSBAsahDXPExtractorBot.java:79) ~[main/:na]
at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBotTimerTask._run(OSBAsahDXPExtractorBotTimerTask.java:143) ~[main/:na]
at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBotTimerTask.run(OSBAsahDXPExtractorBotTimerTask.java:62) ~[main/:na]
at java.util.TimerThread.mainLoop(Timer.java:555) [na:1.8.0_171]
at java.util.TimerThread.run(Timer.java:505) [na:1.8.0_171]
We figured that omniuser doesn't have permission to VIEW default user.
We confirmed with these steps:
1. Spin up a fresh DXP instance
2. Log in with omniadmin user [email protected]
3. Through /api/jsonws, invoke get-companies to get companyId
[
{
"accountId": "20117",
"active": true,
"companyId": "20115",
"homeURL": "",
"key": "/Y4qoMyBD164al+vwqY9LA==",
"logoId": "0",
"maxUsers": 0,
"mvccVersion": "1",
"mx": "liferay.com",
"system": false,
"webId": "liferay.com"
}
]
4. Invoke get-company-users with companyId from result above (20115) (start -1, end -1)
[
{
"agreedToTermsOfUse": true,
"comments": "",
"companyId": "20115",
"contactId": "20120",
"createDate": 1532021961711,
"defaultUser": true,
"emailAddress": "",
"emailAddressVerified": false,
"facebookId": "0",
"failedLoginAttempts": 0,
"firstName": "",
"googleUserId": "",
"graceLoginCount": 0,
"greeting": "Welcome!",
"jobTitle": "",
"languageId": "en_US",
"lastFailedLoginDate": null,
"lastLoginDate": null,
"lastLoginIP": "",
"lastName": "",
"ldapServerId": "0",
"lockout": false,
"lockoutDate": null,
"loginDate": 1532021961407,
"loginIP": "",
"middleName": "",
"modifiedDate": 1532022110986,
"mvccVersion": "2",
"openId": "",
"portraitId": "0",
"reminderQueryAnswer": "",
"reminderQueryQuestion": "",
"screenName": "20119",
"status": 0,
"timeZoneId": "UTC",
"userId": "20119",
"uuid": "63fd8e01-5c28-5398-45ed-bb4b37d4e8a0"
},
{
"agreedToTermsOfUse": true,
"comments": "",
"companyId": "20115",
"contactId": "20157",
"createDate": 1532021963255,
"defaultUser": false,
"emailAddress": "[email protected]",
"emailAddressVerified": true,
"facebookId": "0",
"failedLoginAttempts": 0,
"firstName": "Test",
"googleUserId": "",
"graceLoginCount": 0,
"greeting": "Welcome Test Test!",
"jobTitle": "",
"languageId": "en_US",
"lastFailedLoginDate": null,
"lastLoginDate": 1532022616837,
"lastLoginIP": "10.255.0.13",
"lastName": "Test",
"ldapServerId": "-1",
"lockout": false,
"lockoutDate": null,
"loginDate": 1532037295748,
"loginIP": "10.255.0.13",
"middleName": "",
"modifiedDate": 1532037295748,
"mvccVersion": "9",
"openId": "",
"portraitId": "0",
"reminderQueryAnswer": "test",
"reminderQueryQuestion": "what-is-your-father's-middle-name",
"screenName": "test",
"status": 0,
"timeZoneId": "UTC",
"userId": "20155",
"uuid": "41e1579e-c58e-4012-d02b-4538c760351b"
}
]
5. Invoke get-user-by-id with the Id of the default user from result #4 (20119)
"User 20155 must have VIEW permission for com.liferay.portal.kernel.model.User 20119"
6. Invoke get-contact with the contactId of the default user from result #4 (20120)
"User 20155 must have VIEW permission for com.liferay.portal.kernel.model.User 20119"
Expected:
Omniadmin user should be able to "VIEW" default user using get-user-by-id and get-contact, since it was able to "VIEW" default user using get-company-users