I am trying to upgrade Enonic XP from 6.5.4 to 6.6.0 but after upgradation,it is giving error on accessing the home page with this exception :You don’t have permission to access [com.enonic.xp.admin.ui:home] .
Please let me know what could be the possible cause for it .
are you using vhost to map the admin interface? If yes, you should add a last line to get this working:
mapping.admin.userStore = system
I have my settings like in VHOST file :
enabled = true
mapping.posten.host = ****** (removed the URL)
mapping.posten.source = /
mapping.posten.target = ****** (removed the URL)
mapping.admin.host = **** (removed URL)
mapping.admin.source = /admin
mapping.admin.target = /admin
mapping.admin.userStore = system
But again i get the same error:
You don’t have permission to access [com.enonic.xp.admin.ui:home]
But if I commented out ‘enabled=true’ ,the it works perfectly but the problem is now my deployed site start asking for password and enonic redirect them to its home page
Exception trace
com.enonic.xp.portal.PortalException.forbidden(PortalException.java:43)
2com.enonic.xp.portal.handler.PortalHandlerWorker.forbidden(PortalHandlerWorker.java:33)
3com.enonic.xp.admin.impl.portal.AdminToolHandlerWorker.execute(AdminToolHandlerWorker.java:41)
4com.enonic.xp.portal.handler.BaseHandler.handle(BaseHandler.java:68)
5com.enonic.xp.portal.impl.PortalServlet.doHandle(PortalServlet.java:206)
6com.enonic.xp.portal.impl.PortalServlet.service(PortalServlet.java:76)
7javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
8org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:85)
9org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:79)
10com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:26)
11com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
12org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
13org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
14com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:26)
15com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
16org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
17org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
18com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:26)
19com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
20org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
21org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
22com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:26)
23com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
24org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
25org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
26org.apache.felix.http.base.internal.dispatch.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:73)
27com.enonic.xp.admin.impl.portal.PortalToolForwardHandler.forwardToPortal(PortalToolForwardHandler.java:47)
28com.enonic.xp.admin.impl.portal.PortalToolForwardHandler.service(PortalToolForwardHandler.java:34)
29javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
30org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:85)
31org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:79)
32com.enonic.xp.portal.impl.auth.AuthFilter.doHandle(AuthFilter.java:43)
33com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
34com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
35org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
36org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
37com.enonic.xp.web.impl.auth.BasicAuthFilter.doHandle(BasicAuthFilter.java:31)
38com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
39com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
40org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
41org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
42com.enonic.xp.web.impl.context.ContextFilter.lambda$doHandle$0(ContextFilter.java:34)
43com.enonic.xp.context.ContextImpl.callWith(ContextImpl.java:101)
44com.enonic.xp.web.impl.context.ContextFilter.doHandle(ContextFilter.java:33)
45com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
46com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
47org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
48org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
49com.enonic.xp.web.vhost.impl.VirtualHostFilter.doHandle(VirtualHostFilter.java:35)
50com.enonic.xp.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:31)
51com.enonic.xp.web.filter.BaseWebFilter.doFilter(BaseWebFilter.java:33)
52org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
53org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
54com.enonic.xp.web.impl.dos.DosFilterWrapper.doFilter(DosFilterWrapper.java:60)
55org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
56org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:74)
57org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:124)
58org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:61)
59javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
60org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:821)
61org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:583)
62org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
63org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:437)
64org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
65org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158)
66org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
67org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
68org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090)
69org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
70org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
71org.eclipse.jetty.server.Server.handle(Server.java:517)
72org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:306)
73org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)
74org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
75org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
76org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
77org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
78org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
79org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
80org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
You can change you site permissions and set to the role “Everyone” reads it, so, you won’t have problems with permission, since everyone can see it, not only authenticated users.
Where can I find the property file where I can mention about permissions
There is no properties file for permissions. It’s all handled in the Content Studio. Did you reindex with the toolbox? http://xp.readthedocs.io/en/stable/reference/toolbox/index.html
I have reindexed the toolbox with below commands and it gave the error:
Authentication failed: {
“status” : 403,
“message” : “HTTP 403 Forbidden”,
“context” : {
“authenticated” : false,
“principals” : [ “user:system:anonymous”, “role:system.everyone” ]
}
}
So we are unable to login to admin after upgrade, reindex, downgrade.
So I’m thinking maybe the reindex in 6.6.0 did something that makes 6.5.4 not work anymore.
We are also unable to run a new reindex with 6.5.4.
Is the su user’s password stored in cleartext somewhere under blobs/node?
Or perhaps it is stored in blobs/binary?
If one looses the password, how should one go about overwriting it?
Btw any thought on encrypting the blob store? I guess it would slow things down.
What do you mean with downgrade?
You cannot upgrade the data to 6.6.0 and then run it again in 6.5.4 . I suggest that you revert to the backup previous to the upgrade.
No password is stored in cleartext in XP. We only store password hashes.
Hi Aro,
How can we reset the password now for su ?
ref: http://xp.readthedocs.io/en/stable/appendix/upgrade/index.html
Before we revert to backup I think we should try this:
If the reindex does not complain about invalid credentials, I think one should be able to login to admin aswell.
Since the index is not in the blob store that means that one has to run reindex on all nodes, right?
One important comment here.
As the repository is global for the entire installation, you only need to run upgrade scripts or perform re-indexing once, not for every node. All changes to data will propagate to all nodes automatically.
Just to confirm: So the $XP_HOME/repo/index/data/$CLUSTER_NAME/nodes will be updated on all nodes with one index command?