Opened 14 years ago

Closed 14 years ago

#1002 closed defect (fixed)

Possible PermissionDeniedException when listing rawbioassay through webservices

Reported by: Nicklas Nordborg Owned by: Nicklas Nordborg
Priority: minor Milestone: BASE 2.6.3
Component: webservices Version:
Keywords: Cc:

Description

This happens if one of the raw bioassays the user has access to is linked to an array design that the user doesn't has access to. Here is part of the stacktrace from the client side:

org.apache.axis2.AxisFault: Permission denied: Not allowed to read Array design[id=3; name=HG-U133A.cdf]
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528)
at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:508)
at org.apache.axis2.rpc.client.RPCServiceClient.invokeBlocking(RPCServiceClient.java:101)
at net.sf.basedb.ws.client.AbstractRPCClient.invokeBlocking(AbstractRPCClient.java:59)
at net.sf.basedb.ws.client.AbstractRPCClient.invokeBlocking(AbstractRPCClient.java:65)
at net.sf.basedb.ws.client.RawBioAssayClient.getRawBioAssays(RawBioAssayClient.java:86)
at net.sf.basedb.ws.example.Main.listRawBioassays(Main.java:224)
at net.sf.basedb.ws.example.Main.main(Main.java:94)
...

Change History (2)

comment:1 Changed 14 years ago by Nicklas Nordborg

Status: newassigned

The problem is the RawBioAssay.toTransferable() method, which just loads the array design with checking for permissions. It seems like there are similiar issues with other items. I think we need to go through all toTransferable() methods and implement error handling.

comment:2 Changed 14 years ago by Nicklas Nordborg

Resolution: fixed
Status: assignedclosed

(In [4245]) Fixes #1002: Possible PermissionDeniedException? when listing rawbioassay through webservices

Note: See TracTickets for help on using tickets.