AccessDeniedException Due to Creating of Thumbnails in Alfresco Share

This week i was in struggle with a realy strange issue in Alfresco. If you belong to a site with lower permissions on this site or something similary you got an exception on Thumnbail-creation. For sure, you can upload and edit a document being added to a site but the creation of the previewes like the images in the doclib as well as the whole webpreview failed if you have no permissions doing a appropriate operation on the particular document you have actually under edit. Thus, its getting weird if you got to a document-details page and its gettin showed up the old content of the old version of the document. So a normal user expects a failure of himself so he is giving himself another try to upload a new version and runs into the same pitfall as the time before … Actually there exists a JIRA-Bug-entry at Alfresco but its still keeped under the open issues so we have to move on with our own ifx regarding this:

So the easiest solution without cross-cutting concers is to using Aspect-orientied programming. With that technique we getting rid of the current AuthenticationContext (the current logged on user) so we can run the thumnailcreation with admin-permissions. This has no drawbacks about permissions.

At first we have to create the appropriated Proxy-Helper class to register a AOP-Class. But be aware its just a little excerpt where you can starting from:

public class PostBeanServiceProcessor implements BeanFactoryPostProcessor { ...

public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
   for (String bean : affectedBeans) {
      BeanDefinition beanDefinition = beanFactory.getBeanDefinition(bean);
      List<RuntimeBeanNameReference> proxies = (List<RuntimeBeanNameReference>) beanDefinition
      .getPropertyValues().getPropertyValue("interceptorNames").getValue();

      proxies.add(new RuntimeBeanNameReference(this.interceptorName));

      ((DefaultListableBeanFactory) beanFactory).registerBeanDefinition(bean, beanDefinition);
    }
}
...
}

There we go: next step is to add the particular code we want to run on it at a particular timepoint. On our implementation means this that we want to use that code if a thumbnail shall be created or at least updated to a upper version. Then we run this creation with Admin-Functionality.

public class ProxyAdminThumbnailService implements MethodInterceptor{...

public Object invoke(final MethodInvocation method) throws Throwable {
    if( method.getMethod().getName().equals("createThumbnail") ||
       method.getMethod().getName().equals("updateThumbnail")){

       return AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork() {

          public Object doWork() throws Exception {
            try {
             return method.proceed();
            }
            catch (Throwable e) {
                throw new RuntimeException(e);
            }
          }
       }, AuthenticationUtil.SYSTEM_USER_NAME);
}

return method.proceed();
...
}

This is all we have to do right here: last step is to add the beandefinition for this two classes:

<bean id="mcgThumbnailInterceptor" class="com.westernacher.wps.alfresco.aop.ProxyAdminThumbnailService">
</bean>
<bean id="mcgThumbnailInterception" class="com.westernacher.wps.alfresco.aop.PostBeanServiceProcessor">
   <property name="interceptorName" value="mcgThumbnailInterceptor"/>
   <property name="affectedBeans">
      <list>
        <value>ThumbnailService</value>
      </list>
   </property>
</bean>

Gotcha! Next issue!

November 22, 2009 | Filed Under Uncategorized

 

Comments

2 Responses to “AccessDeniedException Due to Creating of Thumbnails in Alfresco Share”

  1. Paul HH on December 8th, 2009 8:30 pm

    Hi - what’s the JIRA number so we can check how to reproduce it?

    Many thanks!
    Paul.

  2. admin on December 10th, 2009 12:08 am

    It is https://issues.alfresco.com/jira/browse/ETHREEOH-2282

    For more question, do not shy to contact me directly via my westernacher-account(Jan should have gave you already my eMail)

Leave a Reply




Security Code: