Page 1 of 1

Can't access with root user

PostPosted: Wed Aug 01, 2012 12:48 pm
by girelli
Hi, just finished installing Omero and the web deployment seems to be working fine.
Then I try to manage a few users and groups through the admin tab of the root user.
Accidentally I've assigned the root user to a read-only group, and now the access as root is always denied (Error: Connection not available, please check your user name and password.).
The error showed in var/log/OMEROweb_request.log is the following:
Code: Select all
2012-08-01 11:48:00,108 WARNI [                          django.request] (proc.20097) get_response:142 Not Found: /omero/static/webgateway/img/spinner.gif
2012-08-01 11:49:27,756 ERROR [                          django.request] (proc.20098) handle_uncaught_exception:209 Internal Server Error: /omero/webadmin/
experimenters/
Traceback (most recent call last):
  File "/data/omerorun/lib/python/django/core/handlers/base.py", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)
  File "/data/omerorun/lib/python/omeroweb/decorators.py", line 376, in wrapped
    retval = f(request, *args, **kwargs)
  File "/data/omerorun/lib/python/omeroweb/decorators.py", line 413, in wrapper
    context = f(request, *args, **kwargs)
  File "/data/omerorun/lib/python/omeroweb/webadmin/views.py", line 359, in experimenters
    experimenterList = prepare_experimenterList(conn)
  File "/data/omerorun/lib/python/omeroweb/webadmin/views.py", line 114, in prepare_experimenterList
    experimentersList = list(conn.getObjects("Experimenter"))
  File "/data/omerorun/lib/python/omero/gateway/__init__.py", line 2506, in getObjects
    result = self.getQueryService().findAllByQuery(query, params, self.SERVICE_OPTS)
  File "/data/omerorun/lib/python/omero/gateway/__init__.py", line 3271, in __call__
    return self.handle_exception(e, *args, **kwargs)
  File "/data/omerorun/lib/python/omeroweb/webclient/webclient_gateway.py", line 1875, in handle_exception
    e, *args, **kwargs)
  File "/data/omerorun/lib/python/omero/gateway/__init__.py", line 3268, in __call__
    return self.f(*args, **kwargs)
  File "/data/omerorun/lib/python/omero_api_IQuery_ice.py", line 213, in findAllByQuery
    return _M_omero.api.IQuery._op_findAllByQuery.invoke(self, ((query, params), _ctx))
SecurityViolation: exception ::omero::SecurityViolation
{
    serverStackTrace = ome.conditions.SecurityViolation: No matching roles found in [system, workers] for session c0043e0e-ba57-4da5-87af-70dc0722e20b (allowed: [user])
        at ome.security.basic.BasicMethodSecurity.checkMethod(BasicMethodSecurity.java:137)
        at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:81)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
        at $Proxy80.findAllByQuery(Unknown Source)
        at sun.reflect.GeneratedMethodAccessor329.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179)
        at ome.services.throttling.Callback.run(Callback.java:56)
        at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
        at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:137)
        at ome.services.blitz.impl.QueryI.findAllByQuery_async(QueryI.java:66)
        at sun.reflect.GeneratedMethodAccessor328.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
        at omero.cmd.CallContext.invoke(CallContext.java:59)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
        at $Proxy81.findAllByQuery_async(Unknown Source)
        at omero.api._IQueryTie.findAllByQuery_async(_IQueryTie.java:101)
        at omero.api._IQueryDisp.___findAllByQuery(_IQueryDisp.java:378)
        at omero.api._IQueryDisp.__dispatch(_IQueryDisp.java:508)
        at IceInternal.Incoming.invoke(Incoming.java:159)
        at Ice.ConnectionI.invokeAll(ConnectionI.java:2357)
        at Ice.ConnectionI.dispatch(ConnectionI.java:1208)
        at Ice.ConnectionI.message(ConnectionI.java:1163)
        at IceInternal.ThreadPool.run(ThreadPool.java:302)
        at IceInternal.ThreadPool.access$300(ThreadPool.java:12)
        at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:643)
        at java.lang.Thread.run(Thread.java:662)

    serverExceptionClass = ome.conditions.SecurityViolation
    message = No matching roles found in [system, workers] for session c0043e0e-ba57-4da5-87af-70dc0722e20b (allowed: [user])
}
Does anyone know how to solve this? Thanks!

Re: Can't access with root user

PostPosted: Wed Aug 01, 2012 1:16 pm
by girelli
Tried deleting and creating again the postgres database... now getting this error:
Code: Select all
Traceback (most recent call last):

  File "/data/omerorun/lib/python/django/core/handlers/base.py", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)

  File "/data/omerorun/lib/python/omeroweb/decorators.py", line 376, in wrapped
    retval = f(request, *args, **kwargs)

  File "/data/omerorun/lib/python/omeroweb/decorators.py", line 413, in wrapper
    context = f(request, *args, **kwargs)

  File "/data/omerorun/lib/python/omeroweb/webclient/views.py", line 333, in load_template
    s = conn.groupSummary(active_group)

  File "/data/omerorun/lib/python/omero/gateway/__init__.py", line 2368, in groupSummary
    default = self.getObject("ExperimenterGroup", gid)

  File "/data/omerorun/lib/python/omero/gateway/__init__.py", line 2486, in getObject
    result = self.getQueryService().findByQuery(query, params, self.SERVICE_OPTS)

  File "/data/omerorun/lib/python/omero/gateway/__init__.py", line 3271, in __call__
    return self.handle_exception(e, *args, **kwargs)

  File "/data/omerorun/lib/python/omeroweb/webclient/webclient_gateway.py", line 1875, in handle_exception
    e, *args, **kwargs)

  File "/data/omerorun/lib/python/omero/gateway/__init__.py", line 3268, in __call__
    return self.f(*args, **kwargs)

  File "/data/omerorun/lib/python/omero_api_IQuery_ice.py", line 201, in findByQuery
    return _M_omero.api.IQuery._op_findByQuery.invoke(self, ((query, params), _ctx))

ValidationException: exception ::omero::ValidationException
{
    serverStackTrace = ome.conditions.ValidationException: No row with the given identifier exists: [ome.model.meta.ExperimenterGroup#3]; nested exception is org.hibernate.ObjectNotFoundException: No row with the given identifier exists: [ome.model.meta.ExperimenterGroup#3]
   at org.springframework.orm.hibernate3.SessionFactoryUtils.convertHibernateAccessException(SessionFactoryUtils.java:663)
   at org.springframework.orm.hibernate3.HibernateAccessor.convertHibernateAccessException(HibernateAccessor.java:412)
   at org.springframework.orm.hibernate3.HibernateTemplate.doExecute(HibernateTemplate.java:411)
   at org.springframework.orm.hibernate3.HibernateTemplate.execute(HibernateTemplate.java:339)
   at ome.logic.QueryImpl.get(QueryImpl.java:159)
   at ome.logic.AdminImpl.groupProxy(AdminImpl.java:193)
   at ome.security.basic.BasicEventContext.checkAndInitialize(BasicEventContext.java:159)
   at ome.security.basic.CurrentDetails.checkAndInitialize(CurrentDetails.java:240)
   at ome.security.basic.BasicSecuritySystem.loadEventContext(BasicSecuritySystem.java:336)
   at ome.security.basic.EventHandler.doLogin(EventHandler.java:210)
   at ome.security.basic.EventHandler.invoke(EventHandler.java:146)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:241)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy80.findByQuery(Unknown Source)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
   at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:98)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy80.findByQuery(Unknown Source)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179)
   at ome.services.throttling.Callback.run(Callback.java:56)
   at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
   at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:137)
   at ome.services.blitz.impl.QueryI.findByQuery_async(QueryI.java:92)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
   at omero.cmd.CallContext.invoke(CallContext.java:59)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy81.findByQuery_async(Unknown Source)
   at omero.api._IQueryTie.findByQuery_async(_IQueryTie.java:122)
   at omero.api._IQueryDisp.___findByQuery(_IQueryDisp.java:354)
   at omero.api._IQueryDisp.__dispatch(_IQueryDisp.java:520)
   at IceInternal.Incoming.invoke(Incoming.java:159)
   at Ice.ConnectionI.invokeAll(ConnectionI.java:2357)
   at Ice.ConnectionI.dispatch(ConnectionI.java:1208)
   at Ice.ConnectionI.message(ConnectionI.java:1163)
   at IceInternal.ThreadPool.run(ThreadPool.java:302)
   at IceInternal.ThreadPool.access$300(ThreadPool.java:12)
   at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:643)
   at java.lang.Thread.run(Thread.java:662)

    serverExceptionClass = ome.conditions.ValidationException
    message = No row with the given identifier exists: [ome.model.meta.ExperimenterGroup#3]; nested exception is org.hibernate.ObjectNotFoundException: No row with the given identifier exists: [ome.model.meta.ExperimenterGroup#3]
}


<WSGIRequest
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{'PHPSESSID': '5ktkmnf3e51tgl7pktqn0npjq2',
'SESS4c96828d73f96fe067a360ba27fadc06': 'a00c321ca22d7f8ad81628af57c395ef',
'__utma': '37249655.1540569459.1343318878.1343318878.1343318878.1',
'__utmz': '37249655.1343318878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)',
'sessionid': '423dfa47c396c3f0b87e0922fe51d1de'},
META:{'DOCUMENT_ROOT': '/www/omero/html',
'GATEWAY_INTERFACE': 'CGI/1.1',
'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
'HTTP_ACCEPT_LANGUAGE': 'it-it,it;q=0.8,en-us;q=0.5,en;q=0.3',
'HTTP_CONNECTION': 'keep-alive',
'HTTP_COOKIE': 'SESS4c96828d73f96fe067a360ba27fadc06=a00c321ca22d7f8ad81628af57c395ef; __utma=37249655.1540569459.1343318878.1343318878.1343318878.1; __utmz=37249655.1343318878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=5ktkmnf3e51tgl7pktqn0npjq2; sessionid=423dfa47c396c3f0b87e0922fe51d1de',
'HTTP_DNT': '1',
'HTTP_HOST': 'omero.fbk.eu',
'HTTP_REFERER': 'http://omero.fbk.eu/omero/webclient/login/?url=%2Fomero%2Fwebclient%2F',
'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1',
'PATH': '/sbin:/usr/sbin:/bin:/usr/bin',
'PATH_INFO': u'/webclient/',
'PATH_TRANSLATED': '/www/omero/html/webclient/',
'QUERY_STRING': '',
'REMOTE_ADDR': '10.0.5.70',
'REMOTE_PORT': '38179',
'REQUEST_METHOD': 'GET',
'REQUEST_URI': '/omero/webclient/',
'SCRIPT_FILENAME': '/data/omerorun/var/omero.fcgi',
'SCRIPT_NAME': u'/omero',
'SCRIPT_URI': 'http://omero.fbk.eu/omero/webclient/',
'SCRIPT_URL': '/omero/webclient/',
'SERVER_ADDR': '192.168.138.45',
'SERVER_ADMIN': 'sysop@fbk.eu',
'SERVER_NAME': 'omero.fbk.eu',
'SERVER_PORT': '80',
'SERVER_PROTOCOL': 'HTTP/1.1',
'SERVER_SIGNATURE': '<address>Apache/2.2.15 (Red Hat) Server at omero.fbk.eu Port 80</address>\n',
'SERVER_SOFTWARE': 'Apache/2.2.15 (Red Hat)',
'wsgi.errors': <flup.server.fcgi_base.TeeOutputStream object at 0x2c56990>,
'wsgi.input': <flup.server.fcgi_base.InputStream object at 0x2c56710>,
'wsgi.multiprocess': True,
'wsgi.multithread': False,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 0)}>

Re: Can't access with root user

PostPosted: Wed Aug 01, 2012 11:02 pm
by wmoore
Hi,

It looks like the first error you got was because you managed to 'disable' the root user. We use a "user" group in the DB to define active vv disabled users. I seem to remember "fixing" the bug that allowed you to disable yourself! Can you remember the exact steps you took to do that? I guess you're reluctant to try it again, but if you can remember, that would be great.

The second error seems to be saying that no Group ID 3 exists in the DB, which is strange since the "system", "user" and "guest" groups are always created in a clean DB. Did you drop the database and create a new DB...

Code: Select all
$ bin/omero db script
...
$ psql -h localhost -U db_user omero_database < OMERO4.4__0.sql


etc...?

Maybe you could check the DB and see what ExperimenterGroups exist?

Code: Select all
$ psql omero
omero=# select * from experimentergroup order by id;
id  |             description             | permissions |                            name                            | version | external_id
-----+-------------------------------------+-------------+------------------------------------------------------------+---------+-------------
   0 |                                     |        -120 | system                                                     |       0 |           
   1 |                                     |         -52 | user                                                       |       0 |           
   2 |                                     |        -120 | guest                                                      |       0 |           
...

Re: Can't access with root user

PostPosted: Thu Aug 02, 2012 11:51 am
by girelli
Hi, in my recklessness I deleted my Omero installation and started again, now it's working fine :D

About the 'disabled-root' bug I just edited the root user adding it to the user group... :(

About the second error it was probably beacuse I had created a 4th group (with ID3 then) and when I dropped and created the database it hasn't been auto-generated by Omero (of course)... probably the best solution was to manually add a 4th group with ID 3 to the database but... well... to delete and start again seemed the best and safest choice yesterday :oops: