Hi,
I have a batch program that I run as user admin. In a nutshell the batch program reads data from a 3rd party and creates products, parties etc ... It starts off fine, but at some point during the batch run the admin password becomes disabled which causes some of the services required by the batch run to fail. The first bit of the log below shows the service createPartyContactMechPurpose working fine, the second bit of the log shows the permission errors ocurring as a result of the admin user been disabled. Any ideas on what is causing the admin user to disable?Any work arounds? Kind regards Grant Edwards [PartyContactMechServices.xml#createPartyTelecomNumber] Creating telecom number [ContactMechServices.xml#createContactMech] Contact mech created with id 12142 Sync service [webtools/createTelecomNumber] finished in [103] milliseconds [PartyContactMechServices.xml#createPartyTelecomNumber] Copied id to createPartyContactMechMap: 12142 [CommonPermissionServices.xml#genericBasePermissionCheck] Checking for primary permission PARTYMGR_CREATE [CommonPermissionServices.xml#genericBasePermissionCheck] Checking for alternate permission PARTYMGR_PCM_CREATE [PartyContactMechServices.xml#createPartyContactMech] Contact mechTypeId: 12142 already exists with value: for party: 8140 Running Service ECA Service: createPartyContactMechPurpose, triggered by rule on Service: createPartyContactMech Sync service [webtools/createPartyTelecomNumber] finished in [223] milliseconds Setting ACCOUNTS_PARTY = EventsNow for productId = 8140 Running Entity ECA Service: indexProductKeywords, triggered by rule on Entity: Product CommonPermissionServices.xml#genericBasePermissionCheck] Checking for primary permission PARTYMGR_CREATE [CommonPermissionServices.xml#genericBasePermissionCheck] Checking for alternate permission PARTYMGR_PCM_CREATE PartyContactMechServices.xml#createPartyContactMech] Contact mechTypeId: 12144 already exists with value: for party: 8806 Running Service ECA Service: createPartyContactMechPurpose, triggered by rule on Service: createPartyContactMech ResourceBundle ServiceErrorUiLabels (en) created in 0.135s with 6 properties ServiceDispatcher.java:530:ERROR] Error in Service [createPartyContactMechPurpose]: You do not have permission to perform this operation for this party. 2009-07-16 10:12:58,615 (http-0.0.0.0-18443-1) [ TransactionUtil.java:321:WARN ] ---- exception report ---------------------------------------------------------- [TransactionUtil.setRollbackOnly] Calling transaction setRollbackOnly; this stack trace shows where this is happening: Exception: java.lang.Exception Message: Error in Service [createPartyContactMechPurpose]: You do not have permission to perform this operation for this party. ---- stack trace --------------------------------------------------------------- java.lang.Exception: Error in Service [createPartyContactMechPurpose]: You do not have permission to perform this operation for this party. org.ofbiz.entity.transaction.TransactionUtil.setRollbackOnly(TransactionUtil.java:321) |
Hi Grant,
Other than the error below, what is that makes you think the admin user has been disabled? Is it possible that the userLogin being passed to the services accidentally gets changed at some point during execution? Regards Scott HotWax Media http://www.hotwaxmedia.com On 16/07/2009, at 8:46 PM, Grant Edwards wrote: > Hi, > > I have a batch program that I run as user admin. In a nutshell the > batch program reads data from a 3rd party and creates products, > parties etc ... > > It starts off fine, but at some point during the batch run the admin > password becomes disabled which causes some of the services required > by the batch run to fail. The first bit of the log below shows the > service createPartyContactMechPurpose working fine, the second bit > of the log shows the permission errors ocurring as a result of the > admin user been disabled. > > Any ideas on what is causing the admin user to disable?Any work > arounds? > > Kind regards > > Grant Edwards > > [PartyContactMechServices.xml#createPartyTelecomNumber] Creating > telecom number > [ContactMechServices.xml#createContactMech] Contact mech created > with id 12142 > Sync service [webtools/createTelecomNumber] finished in [103] > milliseconds > [PartyContactMechServices.xml#createPartyTelecomNumber] Copied id to > createPartyContactMechMap: 12142 > [CommonPermissionServices.xml#genericBasePermissionCheck] Checking > for primary permission PARTYMGR_CREATE > [CommonPermissionServices.xml#genericBasePermissionCheck] Checking > for alternate permission PARTYMGR_PCM_CREATE > [PartyContactMechServices.xml#createPartyContactMech] Contact > mechTypeId: 12142 already exists with value: for party: 8140 > Running Service ECA Service: createPartyContactMechPurpose, > triggered by rule on Service: createPartyContactMech > Sync service [webtools/createPartyTelecomNumber] finished in [223] > milliseconds > Setting ACCOUNTS_PARTY = EventsNow for productId = 8140 > Running Entity ECA Service: indexProductKeywords, triggered by rule > on Entity: Product > > > > > CommonPermissionServices.xml#genericBasePermissionCheck] Checking > for primary permission PARTYMGR_CREATE > [CommonPermissionServices.xml#genericBasePermissionCheck] Checking > for alternate permission PARTYMGR_PCM_CREATE > PartyContactMechServices.xml#createPartyContactMech] Contact > mechTypeId: 12144 already exists with value: for party: 8806 > Running Service ECA Service: createPartyContactMechPurpose, > triggered by rule on Service: createPartyContactMech > ResourceBundle ServiceErrorUiLabels (en) created in 0.135s with 6 > properties > ServiceDispatcher.java:530:ERROR] Error in Service > [createPartyContactMechPurpose]: You do not have permission to > perform this operation for this party. > 2009-07-16 10:12:58,615 (http-0.0.0.0-18443-1) > [ TransactionUtil.java:321:WARN ] > ---- exception report > ---------------------------------------------------------- > [TransactionUtil.setRollbackOnly] Calling transaction > setRollbackOnly; this stack trace shows where this is happening: > Exception: java.lang.Exception > Message: Error in Service [createPartyContactMechPurpose]: You do > not have permission to perform this operation for this party. > ---- stack trace > --------------------------------------------------------------- > java.lang.Exception: Error in Service > [createPartyContactMechPurpose]: You do not have permission to > perform this operation for this party. > org > .ofbiz > .entity > .transaction.TransactionUtil.setRollbackOnly(TransactionUtil.java:321) > > > smime.p7s (3K) Download Attachment |
Hi Scott,
Following on from your email I did some further digging ...... Prior to starting the batch run, check that the admin account is NOT DISABLED. For each row of data read from the 3rd party, a new transaction is created. As part of this transaction product, party and other entities are created. Because the current transaction is not yet committed I am unable to set the userLogin based on the new party, as a result I am making use of the admin user to set the userLogin. At some point during the processing the code below is called. partyId = 4641 userLogin = admin result = ok (1st row of data processed) partyId = 9423 userLogin = admin result = ok partyId = 8140 userLogin = admin result = ok partyId = 8806 userLogin = admin result = not ok (4th row of data processed) Its is in processing the 4th row of data that the serviceUtil.no_permission_to_operation error is thrown. While a break point set on this row stops execution, via a second browser tab and the Party Manager Console I am able to see the the user admin account is now DISABLED ServiceUtil.getPartyIdCheckSecurity(.......) { ................... // <b>security check</b>: userLogin partyId must equal partyId, or must have PARTYMGR_CREATE permission if (!partyId.equals(userLogin.getString("partyId"))) { if (!security.hasEntityPermission(secEntity, secOperation, userLogin)) { result.put(ModelService.RESPONSE_MESSAGE, ModelService.RESPOND_ERROR); String errMsg = UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.no_permission_to_operation", locale) + "."; result.put(ModelService.ERROR_MESSAGE, errMsg); return partyId; } } .............................. } Any help would be appreciated. Kind regards Grant Edwards ________________________________ From: Scott Gray <[hidden email]> To: [hidden email] Sent: Thursday, July 16, 2009 12:54:13 PM Subject: Re: user admin disables during batch run Hi Grant, Other than the error below, what is that makes you think the admin user has been disabled? Is it possible that the userLogin being passed to the services accidentally gets changed at some point during execution? Regards Scott HotWax Media http://www.hotwaxmedia.com On 16/07/2009, at 8:46 PM, Grant Edwards wrote: > Hi, > > I have a batch program that I run as user admin. In a nutshell the batch program reads data from a 3rd party and creates products, parties etc ... > > It starts off fine, but at some point during the batch run the admin password becomes disabled which causes some of the services required by the batch run to fail. The first bit of the log below shows the service createPartyContactMechPurpose working fine, the second bit of the log shows the permission errors ocurring as a result of the admin user been disabled. > > Any ideas on what is causing the admin user to disable?Any work arounds? > > Kind regards > > Grant Edwards > > [PartyContactMechServices.xml#createPartyTelecomNumber] Creating telecom number > [ContactMechServices.xml#createContactMech] Contact mech created with id 12142 > Sync service [webtools/createTelecomNumber] finished in [103] milliseconds > [PartyContactMechServices.xml#createPartyTelecomNumber] Copied id to createPartyContactMechMap: 12142 > [CommonPermissionServices.xml#genericBasePermissionCheck] Checking for primary permission PARTYMGR_CREATE > [CommonPermissionServices.xml#genericBasePermissionCheck] Checking for alternate permission PARTYMGR_PCM_CREATE > [PartyContactMechServices.xml#createPartyContactMech] Contact mechTypeId: 12142 already exists with value: for party: 8140 > Running Service ECA Service: createPartyContactMechPurpose, triggered by rule on Service: createPartyContactMech > Sync service [webtools/createPartyTelecomNumber] finished in [223] milliseconds > Setting ACCOUNTS_PARTY = EventsNow for productId = 8140 > Running Entity ECA Service: indexProductKeywords, triggered by rule on Entity: Product > > > > > CommonPermissionServices.xml#genericBasePermissionCheck] Checking for primary permission PARTYMGR_CREATE > [CommonPermissionServices.xml#genericBasePermissionCheck] Checking for alternate permission PARTYMGR_PCM_CREATE > PartyContactMechServices.xml#createPartyContactMech] Contact mechTypeId: 12144 already exists with value: for party: 8806 > Running Service ECA Service: createPartyContactMechPurpose, triggered by rule on Service: createPartyContactMech > ResourceBundle ServiceErrorUiLabels (en) created in 0.135s with 6 properties > ServiceDispatcher.java:530:ERROR] Error in Service [createPartyContactMechPurpose]: You do not have permission to perform this operation for this party. > 2009-07-16 10:12:58,615 (http-0.0.0.0-18443-1) [ TransactionUtil.java:321:WARN ] > ---- exception report ---------------------------------------------------------- > [TransactionUtil.setRollbackOnly] Calling transaction setRollbackOnly; this stack trace shows where this is happening: > Exception: java.lang.Exception > Message: Error in Service [createPartyContactMechPurpose]: You do not have permission to perform this operation for this party. > ---- stack trace --------------------------------------------------------------- > java.lang.Exception: Error in Service [createPartyContactMechPurpose]: You do not have permission to perform this operation for this party. > org.ofbiz.entity.transaction.TransactionUtil.setRollbackOnly(TransactionUtil.java:321) > > > |
Are you talking about the statusId on the admin Party record? Even if
it is strange, that wouldn't cause the permission check to fail because it is dealing with the UserLogin record and even then hasEntityPermission just uses it to get the related UserLoginSecurityGroup records. Something strange is going on but I think you'll have to keep digging to get to the bottom of it. Regards Scott On 17/07/2009, at 12:40 AM, Grant Edwards wrote: > Hi Scott, > > Following on from your email I did some further digging ...... > > Prior to starting the batch run, check that the admin account is NOT > DISABLED. > For each row of data read from the 3rd party, a new transaction is > created. > As part of this transaction product, party and other entities are > created. Because the current transaction is not yet committed I am > unable to set the userLogin based on the new party, as a result I am > making use of the admin user to set the userLogin. At some point > during the processing the code below is called. > > partyId = 4641 userLogin = admin result = ok (1st row of data > processed) > partyId = 9423 userLogin = admin result = ok > partyId = 8140 userLogin = admin result = ok > partyId = 8806 userLogin = admin result = not ok (4th row of > data processed) > > Its is in processing the 4th row of data that the > serviceUtil.no_permission_to_operation error is thrown. > > While a break point set on this row stops execution, via a second > browser tab and the Party Manager Console I am able to see the the > user admin account is now DISABLED > > > ServiceUtil.getPartyIdCheckSecurity(.......) { > > ................... > > // <b>security check</b>: userLogin partyId must equal > partyId, or must have PARTYMGR_CREATE permission > if (!partyId.equals(userLogin.getString("partyId"))) { > if (!security.hasEntityPermission(secEntity, > secOperation, userLogin)) { > result.put(ModelService.RESPONSE_MESSAGE, > ModelService.RESPOND_ERROR); > String errMsg = > UtilProperties.getMessage(ServiceUtil.resource, > "serviceUtil.no_permission_to_operation", locale) + "."; > result.put(ModelService.ERROR_MESSAGE, errMsg); > return partyId; > } > } > > .............................. > > } > > Any help would be appreciated. > > Kind regards > > Grant Edwards > > > > > > ________________________________ > From: Scott Gray <[hidden email]> > To: [hidden email] > Sent: Thursday, July 16, 2009 12:54:13 PM > Subject: Re: user admin disables during batch run > > Hi Grant, > > Other than the error below, what is that makes you think the admin > user has been disabled? Is it possible that the userLogin being > passed to the services accidentally gets changed at some point > during execution? > > Regards > Scott > > HotWax Media > http://www.hotwaxmedia.com > > On 16/07/2009, at 8:46 PM, Grant Edwards wrote: > >> Hi, >> >> I have a batch program that I run as user admin. In a nutshell the >> batch program reads data from a 3rd party and creates products, >> parties etc ... >> >> It starts off fine, but at some point during the batch run the >> admin password becomes disabled which causes some of the services >> required by the batch run to fail. The first bit of the log below >> shows the service createPartyContactMechPurpose working fine, the >> second bit of the log shows the permission errors ocurring as a >> result of the admin user been disabled. >> >> Any ideas on what is causing the admin user to disable?Any work >> arounds? >> >> Kind regards >> >> Grant Edwards >> >> [PartyContactMechServices.xml#createPartyTelecomNumber] Creating >> telecom number >> [ContactMechServices.xml#createContactMech] Contact mech created >> with id 12142 >> Sync service [webtools/createTelecomNumber] finished in [103] >> milliseconds >> [PartyContactMechServices.xml#createPartyTelecomNumber] Copied id >> to createPartyContactMechMap: 12142 >> [CommonPermissionServices.xml#genericBasePermissionCheck] Checking >> for primary permission PARTYMGR_CREATE >> [CommonPermissionServices.xml#genericBasePermissionCheck] Checking >> for alternate permission PARTYMGR_PCM_CREATE >> [PartyContactMechServices.xml#createPartyContactMech] Contact >> mechTypeId: 12142 already exists with value: for party: 8140 >> Running Service ECA Service: createPartyContactMechPurpose, >> triggered by rule on Service: createPartyContactMech >> Sync service [webtools/createPartyTelecomNumber] finished in [223] >> milliseconds >> Setting ACCOUNTS_PARTY = EventsNow for productId = 8140 >> Running Entity ECA Service: indexProductKeywords, triggered by rule >> on Entity: Product >> >> >> >> >> CommonPermissionServices.xml#genericBasePermissionCheck] Checking >> for primary permission PARTYMGR_CREATE >> [CommonPermissionServices.xml#genericBasePermissionCheck] Checking >> for alternate permission PARTYMGR_PCM_CREATE >> PartyContactMechServices.xml#createPartyContactMech] Contact >> mechTypeId: 12144 already exists with value: for party: 8806 >> Running Service ECA Service: createPartyContactMechPurpose, >> triggered by rule on Service: createPartyContactMech >> ResourceBundle ServiceErrorUiLabels (en) created in 0.135s with 6 >> properties >> ServiceDispatcher.java:530:ERROR] Error in Service >> [createPartyContactMechPurpose]: You do not have permission to >> perform this operation for this party. >> 2009-07-16 10:12:58,615 (http-0.0.0.0-18443-1) >> [ TransactionUtil.java:321:WARN ] >> ---- exception report >> ---------------------------------------------------------- >> [TransactionUtil.setRollbackOnly] Calling transaction >> setRollbackOnly; this stack trace shows where this is happening: >> Exception: java.lang.Exception >> Message: Error in Service [createPartyContactMechPurpose]: You do >> not have permission to perform this operation for this party. >> ---- stack trace >> --------------------------------------------------------------- >> java.lang.Exception: Error in Service >> [createPartyContactMechPurpose]: You do not have permission to >> perform this operation for this party. >> org >> .ofbiz >> .entity >> .transaction.TransactionUtil.setRollbackOnly(TransactionUtil.java: >> 321) >> >> >> > > smime.p7s (3K) Download Attachment |
In reply to this post by africa4you
off the top this sound like admin is going through the login process and
is being disabled for to many login in a period. Scott Gray sent the following on 7/16/2009 6:57 AM: > Are you talking about the statusId on the admin Party record? Even if > it is strange, that wouldn't cause the permission check to fail because > it is dealing with the UserLogin record and even then > hasEntityPermission just uses it to get the related > UserLoginSecurityGroup records. Something strange is going on but I > think you'll have to keep digging to get to the bottom of it. > > Regards > Scott > > On 17/07/2009, at 12:40 AM, Grant Edwards wrote: > >> Hi Scott, >> >> Following on from your email I did some further digging ...... >> >> Prior to starting the batch run, check that the admin account is NOT >> DISABLED. >> For each row of data read from the 3rd party, a new transaction is >> created. >> As part of this transaction product, party and other entities are >> created. Because the current transaction is not yet committed I am >> unable to set the userLogin based on the new party, as a result I am >> making use of the admin user to set the userLogin. At some point >> during the processing the code below is called. >> >> partyId = 4641 userLogin = admin result = ok (1st row of data >> processed) >> partyId = 9423 userLogin = admin result = ok >> partyId = 8140 userLogin = admin result = ok >> partyId = 8806 userLogin = admin result = not ok (4th row of >> data processed) >> >> Its is in processing the 4th row of data that the >> serviceUtil.no_permission_to_operation error is thrown. >> >> While a break point set on this row stops execution, via a second >> browser tab and the Party Manager Console I am able to see the the >> user admin account is now DISABLED >> >> >> ServiceUtil.getPartyIdCheckSecurity(.......) { >> >> ................... >> >> // <b>security check</b>: userLogin partyId must equal partyId, >> or must have PARTYMGR_CREATE permission >> if (!partyId.equals(userLogin.getString("partyId"))) { >> if (!security.hasEntityPermission(secEntity, secOperation, >> userLogin)) { >> result.put(ModelService.RESPONSE_MESSAGE, >> ModelService.RESPOND_ERROR); >> String errMsg = >> UtilProperties.getMessage(ServiceUtil.resource, >> "serviceUtil.no_permission_to_operation", locale) + "."; >> result.put(ModelService.ERROR_MESSAGE, errMsg); >> return partyId; >> } >> } >> >> .............................. >> >> } >> >> Any help would be appreciated. >> >> Kind regards >> >> Grant Edwards >> >> >> >> >> >> ________________________________ >> From: Scott Gray <[hidden email]> >> To: [hidden email] >> Sent: Thursday, July 16, 2009 12:54:13 PM >> Subject: Re: user admin disables during batch run >> >> Hi Grant, >> >> Other than the error below, what is that makes you think the admin >> user has been disabled? Is it possible that the userLogin being >> passed to the services accidentally gets changed at some point during >> execution? >> >> Regards >> Scott >> >> HotWax Media >> http://www.hotwaxmedia.com >> >> On 16/07/2009, at 8:46 PM, Grant Edwards wrote: >> >>> Hi, >>> >>> I have a batch program that I run as user admin. In a nutshell the >>> batch program reads data from a 3rd party and creates products, >>> parties etc ... >>> >>> It starts off fine, but at some point during the batch run the admin >>> password becomes disabled which causes some of the services required >>> by the batch run to fail. The first bit of the log below shows the >>> service createPartyContactMechPurpose working fine, the second bit of >>> the log shows the permission errors ocurring as a result of the admin >>> user been disabled. >>> >>> Any ideas on what is causing the admin user to disable?Any work arounds? >>> >>> Kind regards >>> >>> Grant Edwards >>> >>> [PartyContactMechServices.xml#createPartyTelecomNumber] Creating >>> telecom number >>> [ContactMechServices.xml#createContactMech] Contact mech created with >>> id 12142 >>> Sync service [webtools/createTelecomNumber] finished in [103] >>> milliseconds >>> [PartyContactMechServices.xml#createPartyTelecomNumber] Copied id to >>> createPartyContactMechMap: 12142 >>> [CommonPermissionServices.xml#genericBasePermissionCheck] Checking >>> for primary permission PARTYMGR_CREATE >>> [CommonPermissionServices.xml#genericBasePermissionCheck] Checking >>> for alternate permission PARTYMGR_PCM_CREATE >>> [PartyContactMechServices.xml#createPartyContactMech] Contact >>> mechTypeId: 12142 already exists with value: for party: 8140 >>> Running Service ECA Service: createPartyContactMechPurpose, triggered >>> by rule on Service: createPartyContactMech >>> Sync service [webtools/createPartyTelecomNumber] finished in [223] >>> milliseconds >>> Setting ACCOUNTS_PARTY = EventsNow for productId = 8140 >>> Running Entity ECA Service: indexProductKeywords, triggered by rule >>> on Entity: Product >>> >>> >>> >>> >>> CommonPermissionServices.xml#genericBasePermissionCheck] Checking for >>> primary permission PARTYMGR_CREATE >>> [CommonPermissionServices.xml#genericBasePermissionCheck] Checking >>> for alternate permission PARTYMGR_PCM_CREATE >>> PartyContactMechServices.xml#createPartyContactMech] Contact >>> mechTypeId: 12144 already exists with value: for party: 8806 >>> Running Service ECA Service: createPartyContactMechPurpose, triggered >>> by rule on Service: createPartyContactMech >>> ResourceBundle ServiceErrorUiLabels (en) created in 0.135s with 6 >>> properties >>> ServiceDispatcher.java:530:ERROR] Error in Service >>> [createPartyContactMechPurpose]: You do not have permission to >>> perform this operation for this party. >>> 2009-07-16 10:12:58,615 (http-0.0.0.0-18443-1) [ >>> TransactionUtil.java:321:WARN ] >>> ---- exception report >>> ---------------------------------------------------------- >>> [TransactionUtil.setRollbackOnly] Calling transaction >>> setRollbackOnly; this stack trace shows where this is happening: >>> Exception: java.lang.Exception >>> Message: Error in Service [createPartyContactMechPurpose]: You do not >>> have permission to perform this operation for this party. >>> ---- stack trace >>> --------------------------------------------------------------- >>> java.lang.Exception: Error in Service >>> [createPartyContactMechPurpose]: You do not have permission to >>> perform this operation for this party. >>> org.ofbiz.entity.transaction.TransactionUtil.setRollbackOnly(TransactionUtil.java:321) >>> >>> >>> >>> >> >> > -- BJ Freeman http://www.businessesnetwork.com/automation http://bjfreeman.elance.com http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro Systems Integrator. |
Free forum by Nabble | Edit this page |