org.cesecore.authorization.AuthorizationDeniedException - not authorized to CA 0 #594

chuegel · 2024-05-17T04:16:52Z

chuegel
May 17, 2024

Coming from Keyfactor/ejbca-community-helm#15

Environment: k8s 1.27
Deployment: Ejbca 8.2.0.1 / Helm

As a superadmin I created a crypto token.
When adding a new CA following exception occurs:

2024-05-16 18:42:07,576+0000 INFO  [org.ejbca.core.ejb.services.ServiceSessionBean] (EJB default - 1) Timer was triggered. Trying to run service with ID 153437219.
2024-05-16 18:42:07,586+0000 INFO  [org.ejbca.core.ejb.services.ServiceSessionBean] (EJB default - 1) Attempting to run service: CertExpirationCheck
2024-05-16 18:42:07,586+0000 INFO  [org.ejbca.core.ejb.services.ServiceSessionBean] (EJB default - 1) Service CertExpirationCheck executed with the following result: No action. Certificate Expiration Worker ran, but no notifications were needed to be sent out.
2024-05-16 18:43:38,256+0000 INFO  [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-13) 2024-05-16 18:43:38+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;CN=SuperAdmin;;;;resource0=/administrator;resource1=/cryptotoken/view
2024-05-16 18:43:41,697+0000 INFO  [org.cesecore.certificates.certificate.CertificateStoreSessionBean] (EJB default - 1) Reloading CA certificate cache.
2024-05-16 18:43:41,703+0000 INFO  [org.cesecore.certificates.certificate.CertificateStoreSessionBean] (EJB default - 1) Reloaded CA certificate cache with 2 certificates
2024-05-16 18:43:43,960+0000 INFO  [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-13) 2024-05-16 18:43:43+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;CN=SuperAdmin;;;;resource0=/administrator;resource1=/ca_functionality/view_ca
2024-05-16 18:43:47,961+0000 INFO  [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-13) 2024-05-16 18:43:47+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;CN=SuperAdmin;;;;resource0=/administrator;resource1=/ca_functionality/view_ca
2024-05-16 18:43:51,649+0000 INFO  [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-13) 2024-05-16 18:43:51+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;CN=SuperAdmin;;;;resource0=/administrator;resource1=/ca_functionality/view_certificate_profiles
2024-05-16 18:44:09,217+0000 INFO  [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-13) 2024-05-16 18:44:09+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;CN=SuperAdmin;;;;resource0=/administrator;resource1=/ca_functionality/view_certificate_profiles
2024-05-16 18:44:13,625+0000 INFO  [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-13) 2024-05-16 18:44:13+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;CN=SuperAdmin;;;;resource0=/administrator;resource1=/ca_functionality/view_ca
2024-05-16 18:44:22,818+0000 INFO  [org.cesecore.authorization.AuthorizationSessionBean] (default task-13) Authorization failed for 10.83.240.34 (TRANSPORT_CONFIDENTIAL) of type PublicAccessAuthenticationToken for resource /ca/0
2024-05-16 18:44:22,818+0000 ERROR [org.ejbca.ui.web.admin.ca.EditCAsMBean] (default task-13) Error while trying to get the ca info!: org.cesecore.authorization.AuthorizationDeniedException: Administrator '10.83.240.34 (TRANSPORT_CONFIDENTIAL)' not authorized to CA 0.
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.certificates.ca.CaSessionBean.getCA(CaSessionBean.java:440)
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.certificates.ca.CaSessionBean.getCAInfo(CaSessionBean.java:512)
	at jdk.internal.reflect.GeneratedMethodAccessor894.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:79)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:89)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:102)
	at [email protected]//org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:49)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:56)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:232)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:446)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:164)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
	at [email protected]//org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.IdentityOutflowInterceptor.processInvocation(IdentityOutflowInterceptor.java:73)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.SecurityDomainInterceptor.processInvocation(SecurityDomainInterceptor.java:44)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
	at [email protected]//org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:633)
	at [email protected]//org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
	at [email protected]//org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:191)
	at [email protected]//org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:81)
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.certificates.ca.CaSessionLocal$$$view91.getCAInfo(Unknown Source)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.cainterface.CAInterfaceBean.getCAInfo(CAInterfaceBean.java:198)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.ca.EditCAsMBean.initialize(EditCAsMBean.java:356)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at [email protected]//org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.invokeMethods(DefaultLifecycleCallbackInvoker.java:83)
	at [email protected]//org.jboss.weld.injection.producer.DefaultLifecycleCallbackInvoker.postConstruct(DefaultLifecycleCallbackInvoker.java:66)
	at [email protected]//org.jboss.weld.injection.producer.BasicInjectionTarget.postConstruct(BasicInjectionTarget.java:122)
	at [email protected]//org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:164)
	at [email protected]//org.jboss.weld.util.bean.IsolatedForwardingBean.create(IsolatedForwardingBean.java:45)
	at [email protected]//com.sun.faces.application.view.ViewScopeContextManager.createBean(ViewScopeContextManager.java:142)
	at [email protected]//com.sun.faces.application.view.ViewScopeContext.get(ViewScopeContext.java:114)
	at [email protected]//org.jboss.weld.contexts.PassivatingContextWrapper$AbstractPassivatingContextWrapper.get(PassivatingContextWrapper.java:84)
	at [email protected]//org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.get(ContextualInstanceStrategy.java:100)
	at [email protected]//org.jboss.weld.bean.ContextualInstance.get(ContextualInstance.java:50)
	at [email protected]//org.jboss.weld.manager.BeanManagerImpl.getReference(BeanManagerImpl.java:694)
	at [email protected]//org.jboss.weld.module.web.el.AbstractWeldELResolver.lookup(AbstractWeldELResolver.java:107)
	at [email protected]//org.jboss.weld.module.web.el.AbstractWeldELResolver.getValue(AbstractWeldELResolver.java:90)
	at org.jboss.as.jsf-injection//org.jboss.as.jsf.injection.weld.ForwardingELResolver.getValue(ForwardingELResolver.java:46)
	at [email protected]//javax.el.CompositeELResolver.getValue(CompositeELResolver.java:136)
	at [email protected]//com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:156)
	at [email protected]//com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:184)
	at [email protected]//com.sun.el.parser.AstIdentifier.getValue(AstIdentifier.java:91)
	at [email protected]//com.sun.el.parser.AstValue.getBase(AstValue.java:125)
	at [email protected]//com.sun.el.parser.AstValue.getValue(AstValue.java:173)
	at [email protected]//com.sun.el.parser.AstNot.getValue(AstNot.java:39)
	at [email protected]//com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:183)
	at [email protected]//org.jboss.weld.module.web.el.WeldValueExpression.getValue(WeldValueExpression.java:50)
	at [email protected]//org.jboss.weld.module.web.el.WeldValueExpression.getValue(WeldValueExpression.java:50)
	at [email protected]//com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:73)
	at [email protected]//com.sun.faces.facelets.tag.TagAttributeImpl.getObject(TagAttributeImpl.java:316)
	at [email protected]//com.sun.faces.facelets.tag.TagAttributeImpl.getBoolean(TagAttributeImpl.java:109)
	at [email protected]//com.sun.faces.facelets.tag.jstl.core.IfHandler.apply(IfHandler.java:50)
	at [email protected]//javax.faces.view.facelets.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:55)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.applyNextHandler(DelegatingMetaTagHandler.java:137)
	at [email protected]//com.sun.faces.facelets.tag.jsf.ComponentTagHandlerDelegateImpl.apply(ComponentTagHandlerDelegateImpl.java:179)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.apply(DelegatingMetaTagHandler.java:111)
	at [email protected]//javax.faces.view.facelets.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:55)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.applyNextHandler(DelegatingMetaTagHandler.java:137)
	at [email protected]//com.sun.faces.facelets.tag.jsf.ComponentTagHandlerDelegateImpl.apply(ComponentTagHandlerDelegateImpl.java:179)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.apply(DelegatingMetaTagHandler.java:111)
	at [email protected]//javax.faces.view.facelets.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:55)
	at [email protected]//com.sun.faces.facelets.tag.ui.DefineHandler.applyDefinition(DefineHandler.java:65)
	at [email protected]//com.sun.faces.facelets.tag.ui.CompositionHandler.apply(CompositionHandler.java:166)
	at [email protected]//com.sun.faces.facelets.impl.DefaultFaceletContext$TemplateManager.apply(DefaultFaceletContext.java:372)
	at [email protected]//com.sun.faces.facelets.impl.DefaultFaceletContext.includeDefinition(DefaultFaceletContext.java:342)
	at [email protected]//com.sun.faces.facelets.tag.ui.InsertHandler.apply(InsertHandler.java:70)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.applyNextHandler(DelegatingMetaTagHandler.java:137)
	at [email protected]//com.sun.faces.facelets.tag.jsf.ComponentTagHandlerDelegateImpl.apply(ComponentTagHandlerDelegateImpl.java:179)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.apply(DelegatingMetaTagHandler.java:111)
	at [email protected]//javax.faces.view.facelets.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:55)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.applyNextHandler(DelegatingMetaTagHandler.java:137)
	at [email protected]//com.sun.faces.facelets.tag.jsf.ComponentTagHandlerDelegateImpl.apply(ComponentTagHandlerDelegateImpl.java:179)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.apply(DelegatingMetaTagHandler.java:111)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.applyNextHandler(DelegatingMetaTagHandler.java:137)
	at [email protected]//com.sun.faces.facelets.tag.jsf.ComponentTagHandlerDelegateImpl.apply(ComponentTagHandlerDelegateImpl.java:179)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.apply(DelegatingMetaTagHandler.java:111)
	at [email protected]//javax.faces.view.facelets.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:55)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.applyNextHandler(DelegatingMetaTagHandler.java:137)
	at [email protected]//com.sun.faces.facelets.tag.jsf.ComponentTagHandlerDelegateImpl.apply(ComponentTagHandlerDelegateImpl.java:179)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.apply(DelegatingMetaTagHandler.java:111)
	at [email protected]//javax.faces.view.facelets.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:55)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.applyNextHandler(DelegatingMetaTagHandler.java:137)
	at [email protected]//com.sun.faces.facelets.tag.jsf.ComponentTagHandlerDelegateImpl.apply(ComponentTagHandlerDelegateImpl.java:179)
	at [email protected]//javax.faces.view.facelets.DelegatingMetaTagHandler.apply(DelegatingMetaTagHandler.java:111)
	at [email protected]//javax.faces.view.facelets.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:55)
	at [email protected]//com.sun.faces.facelets.tag.jsf.core.ViewHandler.apply(ViewHandler.java:182)
	at [email protected]//javax.faces.view.facelets.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:55)
	at [email protected]//com.sun.faces.facelets.compiler.NamespaceHandler.apply(NamespaceHandler.java:52)
	at [email protected]//com.sun.faces.facelets.compiler.EncodingHandler.apply(EncodingHandler.java:46)
	at [email protected]//com.sun.faces.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:278)
	at [email protected]//com.sun.faces.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:337)
	at [email protected]//com.sun.faces.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:316)
	at [email protected]//com.sun.faces.facelets.impl.DefaultFaceletContext.includeFacelet(DefaultFaceletContext.java:162)
	at [email protected]//com.sun.faces.facelets.tag.ui.CompositionHandler.apply(CompositionHandler.java:133)
	at [email protected]//com.sun.faces.facelets.compiler.NamespaceHandler.apply(NamespaceHandler.java:52)
	at [email protected]//com.sun.faces.facelets.compiler.EncodingHandler.apply(EncodingHandler.java:46)
	at [email protected]//com.sun.faces.facelets.impl.DefaultFacelet.apply(DefaultFacelet.java:127)
	at [email protected]//com.sun.faces.application.view.FaceletViewHandlingStrategy.buildView(FaceletViewHandlingStrategy.java:358)
	at [email protected]//com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:78)
	at [email protected]//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
	at [email protected]//com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:199)
	at [email protected]//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:708)
	at [email protected]//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
	at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.ejbca.ear//org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:137)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
	at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
	at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68)
	at [email protected]//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103)
	at [email protected]//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
	at [email protected]//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73)
	at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
	at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
	at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
	at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
	at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
	at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
	at [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//io.undertow.server.handlers.MetricsHandler.handleRequest(MetricsHandler.java:64)
	at [email protected]//io.undertow.servlet.core.MetricsChainHandler.handleRequest(MetricsChainHandler.java:59)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
	at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1544)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)
	at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
	at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)
	at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
	at java.base/java.lang.Thread.run(Unknown Source)

In the GUI i cannot select the previously generated token:

primetomas · 2024-05-27T15:27:07Z

primetomas
May 27, 2024
Maintainer

How is the authentication happening? It says it is a PublicAccessAuthenticationToken, which means it's not an administrator. Some front end, and no certificate based aithentication?

4 replies

chuegel May 27, 2024
Author

Thanks for you reply.
I'm authenticated as superuser with a client cert issued by the Management CA

primetomas May 28, 2024
Maintainer

How did you deploy? Is there a front-end proxy? The authentication log doesn't show a client certificate being used.

chuegel May 28, 2024
Author

Deployed via helm chart.

The authentication log doesn't show a client certificate being used.

Thats weird because it's the only way I authenticate:

As I mentioned, I could access the GUI as superadmin and create the keys. Only when creating the CA I was unable to select those keys.

primetomas Dec 6, 2024
Maintainer

There seems to be something wrong with the helm chart used. What helm chart is this?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

org.cesecore.authorization.AuthorizationDeniedException - not authorized to CA 0 #594

{{title}}

Replies: 1 comment 4 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

org.cesecore.authorization.AuthorizationDeniedException - not authorized to CA 0 #594

chuegel May 17, 2024

Replies: 1 comment · 4 replies

primetomas May 27, 2024 Maintainer

chuegel May 27, 2024 Author

primetomas May 28, 2024 Maintainer

chuegel May 28, 2024 Author

primetomas Dec 6, 2024 Maintainer

chuegel
May 17, 2024

Replies: 1 comment 4 replies

primetomas
May 27, 2024
Maintainer

chuegel May 27, 2024
Author

primetomas May 28, 2024
Maintainer

chuegel May 28, 2024
Author

primetomas Dec 6, 2024
Maintainer