Uploaded image for project: 'PUBLIC - OAuth2'
  1. PUBLIC - OAuth2
  2. OAUTH2-234

User without View permissions for OAuth application causes PrincipalException$MustHavePermission within grant authorization portlet

    Details

    • Type: Bug
    • Status: Verified
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: Master, 1.1-marketplace_7.1.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Fix Priority:
      2

      Description

      Steps to reproduce:

      1. Create and set up an Application Authorization Request page.
        1. Add a new public page > Full Application Page
        2. Select Application Authorization Request within the Full Page Application drop down and save
        3. Navigate to this page
        4. Enter the permissions window for the Application Authorization Request portlet and check the "View" permission for the role "User"
        5. Copy the URL of this page (e.g. http://localhost:8080/web/guest/testauthpage)
        6. Navigate to Control Panel > Configuration > System Settings > OAuth 2 > Authorize Screen
        7. Paste the URL of the authorization page copied earlier into the Authorize Screen URL field and save
      2. Create an OAuth 2 Application with the Authorization Code type
      3. Configure the application's permissions for the "User" role
        1. On the OAuth 2 Administration page, click on the vertical ellipsis to the right of the application just added, and click on "Permissions"
        2. For the "User" role, check all permission checkboxes EXCEPT for "View"
      4. Create a new user with no roles and log in as this user
      5. Navigate to the Authorization Code endpoint for the application you added. (e.g.http://localhost:8080/o/oauth2/authorize?client_id=TESTCLIENTID&response_type=code)

      Actual Result:
      Application Authorization Request portlet shows an error message reading "Portlet is temporarily unavailable" and the following stacktrace shows up in the server logs:

      2018-10-29 20:56:45.428 ERROR [http-nio-8080-exec-2][PortletServlet:112] javax.portlet.PortletException: com.liferay.portal.kernel.security.auth.PrincipalException$MustHavePermission: User 37451 must have VIEW permission for com.liferay.oauth2.provider.model.OAuth2Application 2
      javax.portlet.PortletException: com.liferay.portal.kernel.security.auth.PrincipalException$MustHavePermission: User 37451 must have VIEW permission for com.liferay.oauth2.provider.model.OAuth2Application 2
      	at com.liferay.oauth2.provider.web.internal.portlet.action.ViewAuthorizationRequestMVCRenderCommand.render(ViewAuthorizationRequestMVCRenderCommand.java:142)
      	at com.liferay.portal.kernel.portlet.bridges.mvc.MVCPortlet.render(MVCPortlet.java:286)
      	at com.liferay.portlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:127)
      	at com.liferay.portlet.ScriptDataPortletFilter.doFilter(ScriptDataPortletFilter.java:58)
      	at com.liferay.portlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:124)
      	at com.liferay.portal.kernel.portlet.PortletFilterUtil.doFilter(PortletFilterUtil.java:71)
      	at com.liferay.portal.kernel.servlet.PortletServlet.service(PortletServlet.java:108)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      	at org.eclipse.equinox.http.servlet.internal.registration.EndpointRegistration.service(EndpointRegistration.java:153)
      	at org.eclipse.equinox.http.servlet.internal.servlet.ResponseStateHandler.processRequest(ResponseStateHandler.java:62)
      	at org.eclipse.equinox.http.servlet.internal.context.DispatchTargets.doDispatch(DispatchTargets.java:120)
      	at org.eclipse.equinox.http.servlet.internal.servlet.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:48)
      	at com.liferay.portlet.internal.InvokerPortletImpl.invoke(InvokerPortletImpl.java:562)
      	at com.liferay.portlet.internal.InvokerPortletImpl.invokeRender(InvokerPortletImpl.java:658)
      	at com.liferay.portlet.internal.InvokerPortletImpl.render(InvokerPortletImpl.java:355)
      	at com.liferay.portal.monitoring.internal.portlet.MonitoringInvokerPortlet.lambda$render$0(MonitoringInvokerPortlet.java:280)
      	at com.liferay.portal.monitoring.internal.portlet.MonitoringInvokerPortlet._render(MonitoringInvokerPortlet.java:383)
      	at com.liferay.portal.monitoring.internal.portlet.MonitoringInvokerPortlet.render(MonitoringInvokerPortlet.java:278)
      	at org.apache.jsp.html.portal.render_005fportlet_jsp._jspService(render_005fportlet_jsp.java:1534)
      	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      	at com.liferay.portal.servlet.DirectRequestDispatcher.include(DirectRequestDispatcher.java:64)
      	at com.liferay.portal.servlet.DirectRequestDispatcherFactoryImpl$IndirectRequestDispatcher.include(DirectRequestDispatcherFactoryImpl.java:179)
      	at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.doDispatch(ClassLoaderRequestDispatcherWrapper.java:78)
      	at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.include(ClassLoaderRequestDispatcherWrapper.java:53)
      	at com.liferay.portal.servlet.TransferHeadersHelperImpl$TransferHeadersRequestDispatcher.include(TransferHeadersHelperImpl.java:163)
      	at com.liferay.portlet.internal.PortletContainerImpl._render(PortletContainerImpl.java:869)
      	at com.liferay.portlet.internal.PortletContainerImpl.lambda$render$2(PortletContainerImpl.java:215)
      	at com.liferay.portlet.internal.PortletContainerImpl._preserveGroupIds(PortletContainerImpl.java:394)
      	at com.liferay.portlet.internal.PortletContainerImpl.render(PortletContainerImpl.java:204)
      	at com.liferay.portlet.SecurityPortletContainerWrapper.render(SecurityPortletContainerWrapper.java:142)
      	at com.liferay.portlet.RestrictPortletContainerWrapper.lambda$render$0(RestrictPortletContainerWrapper.java:126)
      	at com.liferay.portlet.RestrictPortletContainerWrapper._render(RestrictPortletContainerWrapper.java:183)
      	at com.liferay.portlet.RestrictPortletContainerWrapper.render(RestrictPortletContainerWrapper.java:124)
      	at com.liferay.portal.kernel.portlet.PortletContainerUtil.render(PortletContainerUtil.java:185)
      	at com.liferay.portal.layoutconfiguration.util.velocity.TemplateProcessor.processMax(TemplateProcessor.java:181)
      	at sun.reflect.GeneratedMethodAccessor1020.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:389)
      	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:378)
      	at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:270)
      	at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:262)
      	at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:342)
      	at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336)
      	at org.apache.velocity.Template.merge(Template.java:328)
      	at org.apache.velocity.Template.merge(Template.java:235)
      	at com.liferay.portal.template.velocity.internal.VelocityTemplate.processTemplate(VelocityTemplate.java:99)
      	at com.liferay.portal.template.AbstractSingleResourceTemplate.processTemplate(AbstractSingleResourceTemplate.java:78)
      	at com.liferay.portal.layoutconfiguration.util.RuntimePageImpl.doProcessTemplate(RuntimePageImpl.java:423)
      	at com.liferay.portal.layoutconfiguration.util.RuntimePageImpl.doDispatch(RuntimePageImpl.java:340)
      	at com.liferay.portal.layoutconfiguration.util.RuntimePageImpl.processTemplate(RuntimePageImpl.java:141)
      	at com.liferay.portal.kernel.layoutconfiguration.util.RuntimePageUtil.processTemplate(RuntimePageUtil.java:67)
      	at org.apache.jsp.layout.view.full_005fpage_005fapplication_jsp._jspService(full_005fpage_005fapplication_jsp.java:166)
      	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:411)
      	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:473)
      	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:377)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      	at com.liferay.portal.osgi.web.servlet.jsp.compiler.internal.JspServlet.service(JspServlet.java:319)
      	at com.liferay.portal.osgi.web.servlet.jsp.compiler.internal.JspServlet.service(JspServlet.java:330)
      	at org.eclipse.equinox.http.servlet.internal.registration.EndpointRegistration.service(EndpointRegistration.java:153)
      	at org.eclipse.equinox.http.servlet.internal.servlet.ResponseStateHandler.processRequest(ResponseStateHandler.java:62)
      	at org.eclipse.equinox.http.servlet.internal.context.DispatchTargets.doDispatch(DispatchTargets.java:120)
      	at org.eclipse.equinox.http.servlet.internal.servlet.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:48)
      	at com.liferay.portal.servlet.TransferHeadersHelperImpl$TransferHeadersRequestDispatcher.include(TransferHeadersHelperImpl.java:163)
      	at com.liferay.portal.kernel.model.impl.BaseLayoutTypeControllerImpl.includeLayoutContent(BaseLayoutTypeControllerImpl.java:106)
      	at com.liferay.portal.model.impl.LayoutImpl.includeLayoutContent(LayoutImpl.java:904)
      	at com.liferay.portal.action.LayoutAction.processLayout(LayoutAction.java:407)
      	at com.liferay.portal.action.LayoutAction.execute(LayoutAction.java:174)
      	at com.liferay.portal.struts.PortalRequestProcessor._processActionPerform(PortalRequestProcessor.java:706)
      	at com.liferay.portal.struts.PortalRequestProcessor._process(PortalRequestProcessor.java:646)
      	at com.liferay.portal.struts.PortalRequestProcessor.process(PortalRequestProcessor.java:194)
      	at com.liferay.portal.servlet.MainServlet.process(MainServlet.java:1066)
      	at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
      	at com.liferay.portal.servlet.MainServlet.callParentService(MainServlet.java:596)
      	at com.liferay.portal.servlet.MainServlet.service(MainServlet.java:573)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:119)
      	at com.liferay.portal.servlet.filters.password.modified.PasswordModifiedFilter.processFilter(PasswordModifiedFilter.java:57)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
      	at com.liferay.portal.servlet.filters.secure.BaseAuthFilter.processFilter(BaseAuthFilter.java:340)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
      	at com.liferay.portal.monitoring.internal.servlet.filter.MonitoringFilter.processFilter(MonitoringFilter.java:178)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:101)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:712)
      	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:459)
      	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:384)
      	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:312)
      	at com.liferay.friendly.url.internal.servlet.FriendlyURLServlet.service(FriendlyURLServlet.java:367)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      	at com.liferay.portal.servlet.ServletAdapter.service(ServletAdapter.java:98)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:119)
      	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
      	at com.liferay.portal.servlet.filters.strip.StripFilter.processFilter(StripFilter.java:340)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
      	at com.liferay.portal.servlet.filters.i18n.I18nFilter.processFilter(I18nFilter.java:356)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.servlet.filters.password.modified.PasswordModifiedFilter.processFilter(PasswordModifiedFilter.java:57)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
      	at com.liferay.portal.servlet.filters.secure.BaseAuthFilter.processFilter(BaseAuthFilter.java:340)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
      	at com.liferay.portal.servlet.filters.etag.ETagFilter.processFilter(ETagFilter.java:88)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
      	at com.liferay.portal.servlet.filters.autologin.AutoLoginFilter.processFilter(AutoLoginFilter.java:260)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
      	at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:88)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
      	at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:263)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:144)
      	at com.liferay.portal.monitoring.internal.servlet.filter.MonitoringFilter.processFilter(MonitoringFilter.java:178)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:188)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:188)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      	at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
      	at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
      	at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
      	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)
      	at com.liferay.portal.servlet.filters.urlrewrite.UrlRewriteFilter.processFilter(UrlRewriteFilter.java:65)
      	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:49)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:207)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:112)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:168)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:168)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:188)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
      	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:101)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:494)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
      	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:651)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
      	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:407)
      	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1376)
      	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: com.liferay.portal.kernel.security.auth.PrincipalException$MustHavePermission: User 37451 must have VIEW permission for com.liferay.oauth2.provider.model.OAuth2Application 2
      	at com.liferay.oauth2.provider.internal.security.permission.resource.OAuth2ApplicationModelResourcePermission.check(OAuth2ApplicationModelResourcePermission.java:62)
      	at com.liferay.oauth2.provider.internal.security.permission.resource.OAuth2ApplicationModelResourcePermission.check(OAuth2ApplicationModelResourcePermission.java:32)
      	at com.liferay.oauth2.provider.service.impl.OAuth2ApplicationServiceImpl.getOAuth2Application(OAuth2ApplicationServiceImpl.java:121)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:153)
      	at com.liferay.portal.spring.transaction.DefaultTransactionExecutor._execute(DefaultTransactionExecutor.java:203)
      	at com.liferay.portal.spring.transaction.DefaultTransactionExecutor.execute(DefaultTransactionExecutor.java:94)
      	at com.liferay.portal.spring.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:113)
      	at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:130)
      	at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:55)
      	at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:130)
      	at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:55)
      	at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:130)
      	at com.liferay.portal.spring.aop.ChainableMethodAdvice.invoke(ChainableMethodAdvice.java:55)
      	at com.liferay.portal.spring.aop.ServiceBeanMethodInvocation.proceed(ServiceBeanMethodInvocation.java:130)
      	at com.liferay.portal.spring.aop.ServiceBeanAopProxy.invoke(ServiceBeanAopProxy.java:125)
      	at com.sun.proxy.$Proxy445.getOAuth2Application(Unknown Source)
      	at com.liferay.oauth2.provider.web.internal.portlet.action.ViewAuthorizationRequestMVCRenderCommand.render(ViewAuthorizationRequestMVCRenderCommand.java:104)
      	... 198 more
      

      Note:
      Possible alternatives to this behavior is to use the same logic for when the user does not have the "Create Token" permission set but does have "View" set which looks like this:

      Reproduced on:
      Portal master Git SHA: 209fe1d2cd5c3081e414d8301828ae5c6e751d6c
      Portal DXP 7.1 + GA1 + Fix pack 3 + Liferay Plugin for OAuth 2.0 (version 1.1.0)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              joshua.chong Joshua Chong
              Participants of an Issue:
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:

                Packages

                Version Package