Access control for explorer app

Help
1

Enonic version: 7.11.3
Headless
com.enonic.app.explorer version 1.5.2

In the documentation it says the user needs either “Explorer Admin” or “System Admin” role to access the interface.
In our case Explorer Admin is not sufficient for some reason (System Admin works).

I’ve tried:
Changing the permissions on the com.enonic.app.explorer node
Deleted explorer nodes, roles and installed explorer app version 2.0.0-RC5
Debugging the source-code with no luck

Any ideas about what could be the issue?

User:

image
image802×1024 41.5 KB

Stacktrace:

2023-04-04 10:41:59,816 ERROR c.e.x.p.i.e.ExceptionRendererImpl - Access denied to user [user:system:amund0] ''amund0''
com.enonic.xp.web.WebException: Access denied to user [user:system:amund0] ''amund0''
	at com.enonic.xp.web.impl.exception.ExceptionMapperImpl.map(ExceptionMapperImpl.java:33)
	at com.enonic.xp.portal.handler.BasePortalHandler.handleError(BasePortalHandler.java:60)
	at com.enonic.xp.portal.handler.BasePortalHandler.doHandle(BasePortalHandler.java:52)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.impl.trace.TraceWebFilter.doHandle(TraceWebFilter.java:38)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.impl.handler.WebDispatcherImpl.dispatch(WebDispatcherImpl.java:35)
	at com.enonic.xp.web.impl.handler.WebDispatcherServlet.doHandle(WebDispatcherServlet.java:140)
	at com.enonic.xp.web.impl.handler.WebDispatcherServlet.service(WebDispatcherServlet.java:68)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at com.enonic.xp.web.impl.dispatch.mapping.ServletDefinitionImpl.service(ServletDefinitionImpl.java:40)
	at com.enonic.xp.web.impl.dispatch.pipeline.ServletPipelineImpl.service(ServletPipelineImpl.java:38)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:51)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.portal.impl.idprovider.IdProviderFilter.doHandle(IdProviderFilter.java:46)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.context.ContextFilter.lambda$doHandle$0(ContextFilter.java:34)
	at com.enonic.xp.context.ContextImpl.callWith(ContextImpl.java:100)
	at com.enonic.xp.web.impl.context.ContextFilter.doHandle(ContextFilter.java:33)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:26)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.dos.DosFilterWrapper.doFilter(DosFilterWrapper.java:65)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:26)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterPipelineImpl.filter(FilterPipelineImpl.java:37)
	at com.enonic.xp.web.impl.dispatch.DispatchServletImpl.service(DispatchServletImpl.java:51)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:626)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:229)
	at org.eclipse.jetty.server.Dispatcher.forward(Dispatcher.java:81)
	at com.enonic.xp.web.vhost.impl.VirtualHostFilter.doHandle(VirtualHostFilter.java:66)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.dos.DosFilterWrapper.doFilter(DosFilterWrapper.java:65)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at org.eclipse.jetty.servlets.HeaderFilter.doFilter(HeaderFilter.java:117)
	at com.enonic.xp.web.impl.header.HeaderFilterWrapper.doHandle(HeaderFilterWrapper.java:51)
	at com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
	at com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
	at com.enonic.xp.web.impl.dispatch.mapping.FilterDefinitionImpl.doFilter(FilterDefinitionImpl.java:41)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:42)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterChainImpl.doFilter(FilterChainImpl.java:33)
	at com.enonic.xp.web.impl.dispatch.pipeline.FilterPipelineImpl.filter(FilterPipelineImpl.java:37)
	at com.enonic.xp.web.impl.dispatch.DispatchServletImpl.service(DispatchServletImpl.java:51)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:554)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:772)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: com.enonic.xp.exception.ForbiddenAccessException: Access denied to user [user:system:amund0] ''amund0''
	at com.enonic.xp.repo.impl.repository.RepositoryServiceImpl.requireAdminRole(RepositoryServiceImpl.java:314)
	at com.enonic.xp.repo.impl.repository.RepositoryServiceImpl.get(RepositoryServiceImpl.java:212)
	at com.enonic.xp.lib.repo.GetRepositoryHandler.execute(GetRepositoryHandler.java:28)
	at jdk.scripting.nashorn.scripts/jdk.nashorn.internal.scripts.Script$Recompilation$18249$3877A$repo.L:1#get(com.enonic.app.explorer:/lib/xp/repo.js:123)
	at jdk.scripting.nashorn.scripts/jdk.nashorn.internal.scripts.Script$Recompilation$23358$334183A$explorer.L:1#\==\_\!1#\==\_\!11242#htmlResponse(com.enonic.app.explorer:/admin/tools/explorer/explorer.js:11267)
	at jdk.scripting.nashorn.scripts/jdk.nashorn.internal.scripts.Script$Recompilation$23355$351838A$explorer.L:1#\==\_\!1#\==\_\!11713#L:11736(com.enonic.app.explorer:/admin/tools/explorer/explorer.js:11737)
	at jdk.scripting.nashorn/jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:657)
	at jdk.scripting.nashorn/jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:513)
	at jdk.scripting.nashorn/jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:527)
	at jdk.scripting.nashorn/jdk.nashorn.api.scripting.ScriptObjectMirror.call(ScriptObjectMirror.java:120)
	at jdk.scripting.nashorn/jdk.nashorn.internal.runtime.linker.JSObjectLinker.jsObjectScopeCall(JSObjectLinker.java:254)
	at jdk.scripting.nashorn.scripts/jdk.nashorn.internal.scripts.Script$Recompilation$23354$3181AA$router.L:1#handleRoute(com.enonic.app.explorer:/lib/router.js:162)
	at jdk.scripting.nashorn.scripts/jdk.nashorn.internal.scripts.Script$Recompilation$23353$3536A$router.L:1#nextInChain#last(com.enonic.app.explorer:/lib/router.js:167)
	at jdk.scripting.nashorn.scripts/jdk.nashorn.internal.scripts.Script$Recompilation$23351$351618AA$explorer.L:1#\==\_\!1#\==\_\!11713#L:11728(com.enonic.app.explorer:/admin/tools/explorer/explorer.js:11734)
	at jdk.scripting.nashorn.scripts/jdk.nashorn.internal.scripts.Script$Recompilation$23350$3682A$router.L:1#nextInChain#L:173(com.enonic.app.explorer:/lib/router.js:175)
	at jdk.scripting.nashorn.scripts/jdk.nashorn.internal.scripts.Script$Recompilation$23348$4082A$router.L:1#dispatch(com.enonic.app.explorer:/lib/router.js:193)
	at jdk.scripting.nashorn.scripts/jdk.nashorn.internal.scripts.Script$Recompilation$23347$352116A$explorer.L:1#\==\_\!1#\==\_\!11713#all(com.enonic.app.explorer:/admin/tools/explorer/explorer.js:11748)
	at jdk.scripting.nashorn/jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:657)
	at jdk.scripting.nashorn/jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:513)
	at jdk.scripting.nashorn/jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:527)
	at jdk.scripting.nashorn/jdk.nashorn.api.scripting.ScriptObjectMirror.call(ScriptObjectMirror.java:120)
	at com.enonic.xp.script.impl.value.FunctionScriptValue.call(FunctionScriptValue.java:38)
	at com.enonic.xp.script.impl.executor.ScriptExportsImpl.executeMethod(ScriptExportsImpl.java:59)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.doExecute(ControllerScriptImpl.java:71)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.lambda$execute$0(ControllerScriptImpl.java:36)
	at com.enonic.xp.trace.Tracer.traceEx(Tracer.java:72)
	at com.enonic.xp.trace.Tracer.trace(Tracer.java:51)
	at com.enonic.xp.trace.Tracer.trace(Tracer.java:98)
	at com.enonic.xp.portal.impl.controller.ControllerScriptImpl.execute(ControllerScriptImpl.java:36)
	at com.enonic.xp.admin.impl.portal.AdminToolHandlerWorker.execute(AdminToolHandlerWorker.java:54)
	at com.enonic.xp.admin.impl.portal.AdminToolHandler.doHandle(AdminToolHandler.java:58)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:66)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.portal.impl.handler.mapping.MappingHandler.handle(MappingHandler.java:91)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.web.handler.BaseWebHandler.handle(BaseWebHandler.java:75)
	at com.enonic.xp.web.impl.handler.WebHandlerChainImpl.handle(WebHandlerChainImpl.java:28)
	at com.enonic.xp.portal.handler.BasePortalHandler.doHandle(BasePortalHandler.java:46)
	... 116 common frames omitted
2

This should work. So it could be a bug. If this work is for a customer, please create a support case, so we can prioritize.

3

Created a support case :slight_smile:

1 Like