Thank you very much for clearing that up. That did it!! Thank you very much for your help Sviva
On Dec 19, 2013, at 8:42 AM, Francesco Chicchiriccò <ilgro...@apache.org> wrote: > On 19/12/2013 14:33, Siva Nookala wrote: >> Hi Francesco, >> >> Here are the details, >> >> Database: mysql >> JEE container: tomcat >> Content.xml is modified to add default roles (attached) >> The roles I tried to access from syncope console are all created in >> content.xml. Its fails even after I logout or re-start tomcat. > > Ok, found the problem then. > > When a new role is created, Syncope automatically crates the correspondent > role entitlement and takes care of assigning such entitlement to the user > that created that role [1]. > > You have added <SyncopeRole/> entities to your content.xml but missed to add > role entitlements: appending > > <Entitlement name="ROLE_1"/> > <Entitlement name="ROLE_2"/> > <Entitlement name="ROLE_3"/> > <Entitlement name="ROLE_4"/> > <Entitlement name="ROLE_5"/> > <Entitlement name="ROLE_6"/> > > to content.xml, stopping the JEE container, wiping your database and starting > again the JEE container should fix your issue. > Alternatively you can directly add the entries above to the Entitlement table > and restart the JEE container. > > Manually changing content.xml is not recommended, since this might lead to > inconsistencies (as you have just experimented); the best practice is to > create entities via admin console and then export the resulting content.xml: > see [2] for more details. > > Regards. > > [1] > https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization > [2] https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=31819687 > >> On Dec 19, 2013, at 8:22 AM, Francesco Chicchiriccò <ilgro...@apache.org> >> wrote: >> >>> On 19/12/2013 14:17, Siva Nookala wrote: >>>> Hi Francesco, >>>> >>>> Thank you for the prompt reply. I am running real-world setup. >>> >>> Ok: some more information requested, then: >>> >>> * which DBMS? >>> * which JEE container? >>> * have you modified core/src/main/resources/content.xml? >>> * was such role '5' created by you via admin console? what if you logout, >>> restart the JEE container and login again: is it still failing? >>> >>> Regards. >>> >>>> On Dec 19, 2013, at 3:23 AM, Francesco Chicchiriccò <ilgro...@apache.org> >>>> wrote: >>>> >>>>> On 18/12/2013 23:14, Siva Nookala wrote: >>>>>> Hi, >>>>>> >>>>>> In the documentation it is mentioned that the root administrator (admin) >>>>>> has all the entitlements. >>>>>> >>>>>> https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization#Authenticationandauthorization-Rootadministrator >>>>>> >>>>>> When I try to click on a role in Roles screen, I get the following >>>>>> exception. I am running Apache Syncope 1.1.5. Is the expected >>>>>> behavior? >>>>> >>>>> Hi Siva, >>>>> not at all: as admin you are able to perform any action. >>>>> >>>>> You said you are on 1.1.5, but how are you running system? Standalone >>>>> distribution [1], embedded [2] or real-world [3]? >>>>> >>>>> Regards. >>>>> >>>>> [1] >>>>> https://cwiki.apache.org/confluence/display/SYNCOPE/Run+Syncope+standalone+distribution >>>>> [2] >>>>> https://cwiki.apache.org/confluence/display/SYNCOPE/Run+Syncope+in+embedded+mode >>>>> [3] >>>>> https://cwiki.apache.org/confluence/display/SYNCOPE/Run+Syncope+in+real+environments >>>>> >>>>>> SEVERE: Servlet.service() for servlet [syncope-core-rest] in context >>>>>> with path [/syncope-core] threw exception [Request processing failed; >>>>>> nested exception is >>>>>> org.apache.syncope.core.rest.controller.UnauthorizedRoleException: >>>>>> Missing entitlement for role(s) [5]] with root cause >>>>>> org.apache.syncope.core.rest.controller.UnauthorizedRoleException: >>>>>> Missing entitlement for role(s) [5] >>>>>> at >>>>>> org.apache.syncope.core.rest.data.RoleDataBinder.getRoleFromId(RoleDataBinder.java:78) >>>>>> at >>>>>> org.apache.syncope.core.rest.data.RoleDataBinder$$FastClassByCGLIB$$75f19568.invoke(<generated>) >>>>>> at >>>>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) >>>>>> at >>>>>> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:698) >>>>>> at >>>>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) >>>>>> at >>>>>> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96) >>>>>> at >>>>>> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260) >>>>>> at >>>>>> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94) >>>>>> at >>>>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) >>>>>> at >>>>>> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:631) >>>>>> at >>>>>> org.apache.syncope.core.rest.data.RoleDataBinder$$EnhancerByCGLIB$$b31f3528.getRoleFromId(<generated>) >>>>>> at >>>>>> org.apache.syncope.core.rest.controller.RoleController.read(RoleController.java:100) >>>>>> at >>>>>> org.apache.syncope.core.rest.controller.RoleController$$FastClassByCGLIB$$77c6d55e.invoke(<generated>) >>>>>> at >>>>>> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) >>>>>> at >>>>>> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:698) >>>>>> at >>>>>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) >>>>>> at >>>>>> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80) >>>>>> at >>>>>> org.apache.syncope.core.rest.controller.ControllerHandler.around(ControllerHandler.java:75) >>>>>> at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member > http://people.apache.org/~ilgrosso/