Anonymous can't attach shared config topics that live in Admin workspace
In this example non-admin user "jri" creates a new user account "irau". An exception occurs while the new username is attached with its config topics, e.g. "Disk Quota". In DM5 config topics are shared, so the value integrator tries to reuse the existing Disk Quota topic (as already shared by "admin" and "jri"), but user "jri" has no READ access to it as it is assigned to the "Administration" workspace.
Jun 21, 2019 1:47:01 AM systems.dmx.accesscontrol.AccessControlPlugin createUserAccount
INFO: Creating user account "irau"
Jun 21, 2019 1:47:01 AM systems.dmx.accesscontrol.AccessControlPlugin createUsername
INFO: Creating username topic "irau"
Jun 21, 2019 1:47:01 AM systems.dmx.config.ConfigPlugin _createConfigTopic
INFO: ### Creating config topic of type "dmx.workspaces.enabled_sharing_modes" for topic 4066
Jun 21, 2019 1:47:01 AM systems.dmx.core.impl.ValueIntegrator createCompositeTopic
INFO: ### Creating composite 4069 (typeUri="dmx.workspaces.enabled_sharing_modes")
Jun 21, 2019 1:47:01 AM systems.dmx.config.ConfigPlugin _createConfigTopic
INFO: ### Creating config topic of type "dmx.files.disk_quota" for topic 4066
Jun 21, 2019 1:47:01 AM systems.dmx.core.util.UniversalExceptionMapper logException
SEVERE: Request "POST /accesscontrol/user_account" failed. Responding with 401 (Unauthorized). The original exception/error is:
java.lang.RuntimeException: Creating user account "irau" failed
at systems.dmx.accesscontrol.AccessControlPlugin.createUserAccount(AccessControlPlugin.java:260)
...
Caused by: java.lang.RuntimeException: Creating username topic "irau" failed
at systems.dmx.accesscontrol.AccessControlPlugin.createUsername(AccessControlPlugin.java:304)
at systems.dmx.accesscontrol.AccessControlPlugin.createUserAccount(AccessControlPlugin.java:237)
... 51 more
Caused by: java.lang.RuntimeException: Creating topic failed, model=TopicModelImpl {
"id": -1,
"uri": "",
"typeUri": "dmx.accesscontrol.username",
"value": "irau",
"childs": {}
}
at systems.dmx.core.impl.PersistenceLayer.createTopic(PersistenceLayer.java:133)
at systems.dmx.core.impl.CoreServiceImpl.createTopic(CoreServiceImpl.java:117)
at systems.dmx.core.impl.CoreServiceImpl.createTopic(CoreServiceImpl.java:31)
at systems.dmx.accesscontrol.AccessControlPlugin$4.call(AccessControlPlugin.java:284)
at systems.dmx.accesscontrol.AccessControlPlugin$4.call(AccessControlPlugin.java:281)
at systems.dmx.core.util.ContextTracker.run(ContextTracker.java:24)
at systems.dmx.core.impl.AccessControlImpl.runWithoutWorkspaceAssignment(AccessControlImpl.java:356)
at systems.dmx.accesscontrol.AccessControlPlugin.createUsername(AccessControlPlugin.java:281)
... 52 more
Caused by: java.lang.RuntimeException: Value integration failed, newValues=TopicModelImpl {
"id": -1,
"uri": "",
"typeUri": "dmx.accesscontrol.username",
"value": "irau",
"childs": {}
}, targetObject=null, assocDef=null
at systems.dmx.core.impl.ValueIntegrator.integrate(ValueIntegrator.java:112)
at systems.dmx.core.impl.PersistenceLayer.updateValues(PersistenceLayer.java:893)
at systems.dmx.core.impl.PersistenceLayer.createTopic(PersistenceLayer.java:131)
... 59 more
Caused by: java.lang.RuntimeException: Creating single topic failed, model=TopicModelImpl {
"id": 4066,
"uri": "",
"typeUri": "dmx.accesscontrol.username",
"value": "irau",
"childs": {}
}, uriPrefix="null"
at systems.dmx.core.impl.PersistenceLayer.createSingleTopic(PersistenceLayer.java:178)
at systems.dmx.core.impl.PersistenceLayer.createSingleTopic(PersistenceLayer.java:141)
at systems.dmx.core.impl.ValueIntegrator.createSimpleTopic(ValueIntegrator.java:742)
at systems.dmx.core.impl.ValueIntegrator.unifySimple(ValueIntegrator.java:209)
at systems.dmx.core.impl.ValueIntegrator.integrateSimple(ValueIntegrator.java:172)
at systems.dmx.core.impl.ValueIntegrator.integrate(ValueIntegrator.java:103)
... 61 more
Caused by: java.lang.RuntimeException: An error occurred in the PostCreateTopicListener of plugin "DMX Config"
at systems.dmx.core.impl.EventManager.dispatchEvent(EventManager.java:96)
at systems.dmx.core.impl.EventManager.fireEvent(EventManager.java:59)
at systems.dmx.core.impl.PersistenceLayer.createSingleTopic(PersistenceLayer.java:174)
... 66 more
Caused by: java.lang.RuntimeException: Creating config topic of type "dmx.files.disk_quota" for topic 4066 failed
at systems.dmx.config.ConfigPlugin._createConfigTopic(ConfigPlugin.java:185)
at systems.dmx.config.ConfigPlugin.postCreateTopic(ConfigPlugin.java:153)
at systems.dmx.core.impl.CoreEvent$9.dispatch(CoreEvent.java:115)
at systems.dmx.core.impl.EventManager.dispatchEvent(EventManager.java:83)
... 68 more
Caused by: java.lang.RuntimeException: Creating topic failed, model=TopicModelImpl {
"id": 2520,
"uri": "",
"typeUri": "dmx.files.disk_quota",
"value": -1,
"childs": {}
}
at systems.dmx.core.impl.PersistenceLayer.createTopic(PersistenceLayer.java:133)
at systems.dmx.core.impl.CoreServiceImpl.createTopic(CoreServiceImpl.java:117)
at systems.dmx.core.impl.CoreServiceImpl.createTopic(CoreServiceImpl.java:31)
at systems.dmx.config.ConfigPlugin$1.call(ConfigPlugin.java:174)
at systems.dmx.config.ConfigPlugin$1.call(ConfigPlugin.java:171)
at systems.dmx.core.util.ContextTracker.run(ContextTracker.java:24)
at systems.dmx.core.impl.AccessControlImpl.runWithoutWorkspaceAssignment(AccessControlImpl.java:356)
at systems.dmx.config.ConfigPlugin._createConfigTopic(ConfigPlugin.java:171)
... 71 more
Caused by: java.lang.RuntimeException: Value integration failed, newValues=TopicModelImpl {
"id": 2520,
"uri": "",
"typeUri": "dmx.files.disk_quota",
"value": -1,
"childs": {}
}, targetObject=null, assocDef=null
at systems.dmx.core.impl.ValueIntegrator.integrate(ValueIntegrator.java:112)
at systems.dmx.core.impl.PersistenceLayer.updateValues(PersistenceLayer.java:893)
at systems.dmx.core.impl.PersistenceLayer.createTopic(PersistenceLayer.java:131)
... 78 more
Caused by: java.lang.RuntimeException: Fetching topic failed (key="dmx.files.disk_quota", value="-1")
at systems.dmx.core.impl.PersistenceLayer.getTopicByValue(PersistenceLayer.java:94)
at systems.dmx.core.impl.ValueIntegrator.unifySimple(ValueIntegrator.java:204)
at systems.dmx.core.impl.ValueIntegrator.integrateSimple(ValueIntegrator.java:172)
at systems.dmx.core.impl.ValueIntegrator.integrate(ValueIntegrator.java:103)
... 80 more
Caused by: systems.dmx.core.service.accesscontrol.AccessControlException: user "jri" has no READ permission for object 2520
at systems.dmx.accesscontrol.AccessControlPlugin.checkAccess(AccessControlPlugin.java:930)
at systems.dmx.accesscontrol.AccessControlPlugin.checkReadAccess(AccessControlPlugin.java:906)
at systems.dmx.accesscontrol.AccessControlPlugin.checkTopicReadAccess(AccessControlPlugin.java:517)
at systems.dmx.core.impl.CoreEvent$1.dispatch(CoreEvent.java:35)
at systems.dmx.core.impl.EventManager.dispatchEvent(EventManager.java:83)
at systems.dmx.core.impl.EventManager.fireEvent(EventManager.java:59)
at systems.dmx.core.impl.PersistenceLayer.checkTopicReadAccess(PersistenceLayer.java:787)
at systems.dmx.core.impl.TopicModelImpl.checkReadAccess(TopicModelImpl.java:129)
at systems.dmx.core.impl.PersistenceLayer.checkReadAccess(PersistenceLayer.java:777)
at systems.dmx.core.impl.PersistenceLayer.checkReadAccessAndInstantiate(PersistenceLayer.java:744)
at systems.dmx.core.impl.PersistenceLayer.getTopicByValue(PersistenceLayer.java:91)
... 83 more
Jun 21, 2019 1:47:01 AM systems.dmx.core.impl.TransactionFactory$TransactionResourceFilter$2 filter
WARNING: ### Rollback transaction of systems.dmx.accesscontrol.AccessControlPlugin#createUserAccount()
Thank you @jpn and @sme for bringing up this issue!
@mukil FYI