[NXP-30854] Fix marshalling of DocumentModel with unauthenticated requests - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 10.10-HF54
Fix Version/s: 10.10-HF59, 2021.17
Component/s: Core IO

Release Notes Summary:
DocumentModel marshalling works with unauthenticated requests
Tags:
- SupCom
- nxplatform
Backlog priority:
900
Sprint:
nxplatform #55, nxplatform #56
Story Points:
2

Description

Steps to reproduce:

define an endpoint which calls a page provider in an unrestricted session

    @Path("/pp/city")
    @POST
    public Object getCities(@Context HttpServletRequest request) throws IOException, MessagingException {
        Map<String, Object> params = new HashMap<>(3);
        params.put("providerName", CITY_SUGGESTIONS_PAGE_PROVIDER);
        params.put("pageSize", 200);
        params.put("sortBy", "dc:title");
        params.put("sortOrder", "ASC");
        InputStream in = request.getInputStream();
        String body = IOUtils.toString(in, Charset.defaultCharset());
        params.put("searchTerm", body.isEmpty() ? "" : new ObjectMapper().readValue(body, Map.class).get("searchTerm"));

        CoreSession session = CoreInstance.openCoreSessionSystem(null);
        OperationContext ctx = new OperationContext(session);

        Object cities = Framework.doPrivileged(() -> {
            try {
                return Framework.getService(AutomationService.class).run(ctx, DocumentPageProviderOperation.ID, params);
            } catch (Exception e) {
                log.error("Error running DocumentPageProviderOperation: city-suggestions");
                return null;
            }
        });
        Object object = ResponseHelper.getResponse(cities, request, HttpStatus.SC_OK);
        if (session != null) {
            ((CloseableCoreSession) session).close();
            session = null;
        }
        return object;
    }

configure Nuxeo to bypass the authentication for this endpoint
call this endpoint POST http://localhost:8080/nuxeo/site/requestaccess/pp/city without authentication
observe the following error

Caused by: java.lang.IllegalStateException: Not authenticated user is trying to get a core session
	at org.nuxeo.ecm.webengine.jaxrs.session.CoreSessionProvider.createSession(CoreSessionProvider.java:67) ~[nuxeo-webengine-jaxrs-10.10-HF44.jar:?]
	at org.nuxeo.ecm.webengine.jaxrs.session.CoreSessionProvider.getSessionRef(CoreSessionProvider.java:55) ~[nuxeo-webengine-jaxrs-10.10-HF44.jar:?]
	at org.nuxeo.ecm.webengine.jaxrs.session.CoreSessionProvider.getSession(CoreSessionProvider.java:62) ~[nuxeo-webengine-jaxrs-10.10-HF44.jar:?]
	at org.nuxeo.ecm.webengine.jaxrs.session.SessionFactory.getSession(SessionFactory.java:109) ~[nuxeo-webengine-jaxrs-10.10-HF44.jar:?]
	at org.nuxeo.ecm.webengine.jaxrs.session.SessionFactory.getSession(SessionFactory.java:105) ~[nuxeo-webengine-jaxrs-10.10-HF44.jar:?]
	at org.nuxeo.ecm.webengine.jaxrs.coreiodelegate.RenderingContextWebUtils.lambda$fillContext$0(RenderingContextWebUtils.java:116) ~[nuxeo-webengine-jaxrs-10.10-HF44.jar:?]
	at org.nuxeo.ecm.core.io.registry.context.RenderingContextImpl.getSession(RenderingContextImpl.java:100) ~[nuxeo-core-io-10.10-HF55.jar:?]
	at org.nuxeo.ecm.core.io.registry.context.ThreadSafeRenderingContext.getSession(ThreadSafeRenderingContext.java:75) ~[nuxeo-core-io-10.10-HF55.jar:?]
	at org.nuxeo.ecm.core.io.marshallers.json.document.DocumentModelJsonWriter.withDocumentAttached(DocumentModelJsonWriter.java:275) ~[nuxeo-core-io-10.10-HF55.jar:?]
	at org.nuxeo.ecm.core.io.marshallers.json.document.DocumentModelJsonWriter.writeEntityBody(DocumentModelJsonWriter.java:154) ~[nuxeo-core-io-10.10-HF55.jar:?]
	at org.nuxeo.ecm.core.io.marshallers.json.document.DocumentModelJsonWriter.writeEntityBody(DocumentModelJsonWriter.java:117) ~[nuxeo-core-io-10.10-HF55.jar:?]
	at org.nuxeo.ecm.core.io.marshallers.json.ExtensibleEntityJsonWriter.write(ExtensibleEntityJsonWriter.java:80) ~[nuxeo-core-io-10.10-HF55.jar:?]
	at org.nuxeo.ecm.core.io.marshallers.json.AbstractJsonWriter.write(AbstractJsonWriter.java:81) ~[nuxeo-core-io-10.10-HF55.jar:?]
	at org.nuxeo.ecm.core.io.marshallers.json.DefaultListJsonWriter.write(DefaultListJsonWriter.java:127) ~[nuxeo-core-io-10.10-HF55.jar:?]
	at org.nuxeo.ecm.core.io.marshallers.json.document.DocumentModelListJsonWriter.write(DocumentModelListJsonWriter.java:57) ~[nuxeo-core-io-10.10-HF55.jar:?]
	at org.nuxeo.ecm.core.io.marshallers.json.document.DocumentModelListJsonWriter.write(DocumentModelListJsonWriter.java:42) ~[nuxeo-core-io-10.10-HF55.jar:?]

This is due to the fact that no user can be retrieved from the HTTP request: when it arrives to CoreSessionProvider#createSession, request.getUserPrincipal() returns null and causes this error.

Attachments

Issue Links

is caused by

NXP-30615 Fix CoreSession association error after executing multi-repo Page Provider

Resolved

Activity

People

Assignee:

Thomas Roger

Reporter:

Thierry Martins

Participants:

Jenkins, Support Tech User, Thierry Martins, Thomas Roger

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

2022-01-28 11:42

Updated:

2022-03-14 15:04

Resolved:

2022-02-25 10:32