[ https://issues.apache.org/jira/browse/JENA-2055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17292858#comment-17292858 ]
Andy Seaborne commented on JENA-2055: ------------------------------------- Thanks for testing. As for the other comment - different issue, specifically its related to jena-permissions itself. Please open a new ticket. I have reformatted it to be more readable using \{noformat} blocks e.g. stacktraces and JSON. > handle properly the denied access generated by jena-permission security > evaluator > --------------------------------------------------------------------------------- > > Key: JENA-2055 > URL: https://issues.apache.org/jira/browse/JENA-2055 > Project: Apache Jena > Issue Type: Bug > Components: Fuseki > Affects Versions: Jena 3.17.0 > Environment: jena-fuseki 3.17.0 > openjdk version "1.8.0_275" > Reporter: info parlepeuple > Assignee: Andy Seaborne > Priority: Major > Labels: fuseki2, permission > Fix For: Jena 4.0.0 > > Attachments: > 0001-handle-properly-the-denied-access-generated-by-jena.patch, > ShiroEvaluator.java, localData.ttl, pom.xml > > > When the dataset is secured with [jena > permission|https://jena.apache.org/documentation/permissions/] , and some > access is denied, an exception is thrown from the SecuredGraph. > This exception is not catched in SPARQLQueryProcessor, which results in a 500 > error returned to the HTTP client. > exception OperationDeniedException should return a 403, not a 500. > > attached is the patch ! > > [2021-02-21 03:10:26] Fuseki WARN [3] RC = 500 : Model permissions violation: > org.apache.jena.shared.ReadDeniedException: Model permissions violation: > at > org.apache.jena.permissions.impl.SecuredItemImpl.checkRead(SecuredItemImpl.java:683) > ~[jena-permissions-3.17.0.jar:3.17.0] > at > org.apache.jena.permissions.graph.impl.SecuredGraphImpl.find(SecuredGraphImpl.java:154) > ~[jena-permissions-3.17.0.jar:3.17.0] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_275] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:1.8.0_275] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:1.8.0_275] > at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_275] > at > org.apache.jena.permissions.impl.SecuredItemInvoker.invoke(SecuredItemInvoker.java:120) > ~[jena-permissions-3.17.0.jar:3.17.0] > at com.sun.proxy.$Proxy18.find(Unknown Source) ~[?:?] > at > org.apache.jena.sparql.graph.GraphUnionRead.graphBaseFind(GraphUnionRead.java:104) > ~[fuseki-server.jar:3.17.0] > at org.apache.jena.graph.impl.GraphBase.find(GraphBase.java:244) > ~[fuseki-server.jar:3.17.0] > at org.apache.jena.graph.impl.GraphBase.graphBaseFind(GraphBase.java:261) > ~[fuseki-server.jar:3.17.0] > at org.apache.jena.graph.impl.GraphBase.find(GraphBase.java:258) > ~[fuseki-server.jar:3.17.0] > at org.apache.jena.graph.impl.WrappedGraph.find(WrappedGraph.java:100) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIterTriplePattern$TripleMapper.<init>(QueryIterTriplePattern.java:83) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIterTriplePattern.nextStage(QueryIterTriplePattern.java:52) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIterRepeatApply.makeNextStage(QueryIterRepeatApply.java:108) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIterRepeatApply.hasNextBinding(QueryIterRepeatApply.java:65) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIterBlockTriplesStar.hasNextBinding(QueryIterBlockTriplesStar.java:54) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIterConvert.hasNextBinding(QueryIterConvert.java:58) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIteratorWrapper.hasNextBinding(QueryIteratorWrapper.java:38) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIteratorWrapper.hasNextBinding(QueryIteratorWrapper.java:38) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.iterator.QueryIteratorBase.hasNext(QueryIteratorBase.java:114) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.ResultSetStream.hasNext(ResultSetStream.java:74) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.sparql.engine.ResultSetCheckCondition.hasNext(ResultSetCheckCondition.java:55) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.executeQuery(SPARQLQueryProcessor.java:324) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.execute(SPARQLQueryProcessor.java:273) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.executeWithParameter(SPARQLQueryProcessor.java:222) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.execute(SPARQLQueryProcessor.java:207) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.servlets.ActionService.executeLifecycle(ActionService.java:58) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.servlets.SPARQLQueryProcessor.execPost(SPARQLQueryProcessor.java:83) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.servlets.ActionProcessor.process(ActionProcessor.java:34) > ~[fuseki-server.jar:3.17.0] > at org.apache.jena.fuseki.servlets.ActionBase.process(ActionBase.java:55) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.servlets.ActionExecLib.execAction(ActionExecLib.java:106) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.server.Dispatcher.dispatchAction(Dispatcher.java:118) > ~[fuseki-server.jar:3.17.0] > at org.apache.jena.fuseki.server.Dispatcher.process(Dispatcher.java:110) > ~[fuseki-server.jar:3.17.0] > at org.apache.jena.fuseki.server.Dispatcher.dispatch(Dispatcher.java:96) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.servlets.FusekiFilter.doFilter(FusekiFilter.java:51) > ~[fuseki-server.jar:3.17.0] > at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:450) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) > ~[fuseki-server.jar:3.17.0] > at > org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) > ~[fuseki-server.jar:3.17.0] > at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:284) > ~[fuseki-server.jar:3.17.0] > at > org.apache.jena.fuseki.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:247) > ~[fuseki-server.jar:3.17.0] > at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1612) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) > ~[fuseki-server.jar:3.17.0] > at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1582) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:716) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) > ~[fuseki-server.jar:3.17.0] > at org.eclipse.jetty.server.Server.handle(Server.java:516) > ~[fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383) > ~[fuseki-server.jar:3.17.0] > at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556) > [fuseki-server.jar:3.17.0] > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375) > [fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) > [fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) > [fuseki-server.jar:3.17.0] > at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) > [fuseki-server.jar:3.17.0] > at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) > [fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) > [fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) > [fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) > [fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) > [fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) > [fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) > [fuseki-server.jar:3.17.0] > at > org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) > [fuseki-server.jar:3.17.0] > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_275] > [2021-02-21 03:10:26] Fuseki INFO [3] 500 Server Error (18 ms) -- This message was sent by Atlassian Jira (v8.3.4#803005)