Hybris UAC:具有创建员工的用户访问权限的员工无法创建员工
Hybris UAC: Employee with user access rights to create Employee cannot create an Employee
Hybris:1905.9(也用 1905.12 测试过)
我使用下面的 impex 创建了一个密码为 1234 的 testEmployee Employee。我将 testEmployee 配置为拥有创建员工和客户的用户访问权限,以及查看用户组的权限。
通过 Backoffice,此 testEmployee 可以创建客户,但在尝试创建员工时会导致错误。
我错过了什么?我是否也需要为其他类型添加 UAC 权限?
备注:
- 属于
backofficeadmingroup 的 testBackofficeAdmin 无法创建员工或客户
- OOTB
admin 用户可以创建员工
- 属于
admingroup的员工可以创建员工
Impex:
$password=1234
INSERT_UPDATE Employee;UID[unique=true];password[default=$password];description;name;groups(uid);loginDisabled;backofficeLoginDisabled
;testEmployee;;description;name;employeegroup;false;false
;testBackofficeAdmin;;description;name;backofficeadmingroup;false;false
$START_USERRIGHTS;;;;;;;;;
Type;UID;MemberOfGroups;Password;Target;read;change;create;remove;change_perm
Employee;testEmployee;employeegroup;$password;;;;;;
;;;;Employee;+;+;+;+;;
;;;;Customer;+;+;+;+;;
;;;;UserGroup;+;-;-;-;;
$END_USERRIGHTS;;;;;
截图:
堆栈跟踪:
INFO [hybrisHTTP17] [fe80:0:0:0:0:0:0:1%1] [ConfigurableFlowController] Object sampleEmployee [sampleEmployee] could not be saved
com.hybris.cockpitng.dataaccess.facades.object.exceptions.ObjectSavePermissionException: Object sampleEmployee [sampleEmployee] could not be saved
at com.hybris.cockpitng.dataaccess.facades.object.impl.PermissionAwareObjectFacade.save(PermissionAwareObjectFacade.java:125) ~[cockpit-data-integration-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.dataaccess.facades.object.impl.DefaultObjectFacade.save(DefaultObjectFacade.java:137) ~[cockpit-data-integration-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.persistWidgetProperty(ConfigurableFlowController.java:1132) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.persistProperties(ConfigurableFlowController.java:531) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.doDone(ConfigurableFlowController.java:882) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.doDone(ConfigurableFlowController.java:869) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.listener.TransitionListener.onEvent(TransitionListener.java:43) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.renderer.ConfigurableFlowRenderer.lambda$createAndAppendButton(ConfigurableFlowRenderer.java:1145) [backoffice-widgets-19.05.12-RC5.jar:?]
at org.zkoss.zk.ui.AbstractComponent.onEvent(AbstractComponent.java:3177) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.AbstractComponent.service(AbstractComponent.java:3147) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.AbstractComponent.service(AbstractComponent.java:3089) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.EventProcessor.process(EventProcessor.java:138) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.UiEngineImpl.processEvent(UiEngineImpl.java:1846) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.UiEngineImpl.process(UiEngineImpl.java:1618) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.UiEngineImpl.execUpdate(UiEngineImpl.java:1321) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.au.http.DHtmlUpdateServlet.process(DHtmlUpdateServlet.java:611) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.au.http.DHtmlUpdateServlet.doGet(DHtmlUpdateServlet.java:487) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.au.http.DHtmlUpdateServlet.doPost(DHtmlUpdateServlet.java:495) [zk-8.6.0.1.jar:8.6.0.1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) [servlet-api.jar:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) [servlet-api.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:209) [spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at com.hybris.backoffice.mobile.filter.BackofficeMobileFilter.doFilter(BackofficeMobileFilter.java:56) [classes/:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at de.hybris.platform.servicelayer.web.WebAppMediaFilter.doFilter(WebAppMediaFilter.java:129) [coreserver.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:329) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$StatisticsGatewayFilter.doFilter(AbstractPlatformFilterChain.java:417) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at com.hybris.backoffice.security.BackofficeDynamicCatalogVersionActivationFilter.doFilter(BackofficeDynamicCatalogVersionActivationFilter.java:81) [classes/:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.DataSourceSwitchingFilter.doFilter(DataSourceSwitchingFilter.java:66) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.SessionFilter.doFilter(SessionFilter.java:96) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.session.HybrisSpringSessionFilter.doFilter(HybrisSpringSessionFilter.java:74) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at com.hybris.cockpitng.modules.spring.filter.ExternalModuleContextClassLoaderFilter.doFilter(ExternalModuleContextClassLoaderFilter.java:37) [cockpit-module-aggregator-19.05.12-RC5.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.RedirectWhenSystemIsNotInitializedFilter.doFilter(RedirectWhenSystemIsNotInitializedFilter.java:101) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.TenantActivationFilter.doFilter(TenantActivationFilter.java:83) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.Log4JFilter.doFilter(Log4JFilter.java:44) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at com.hybris.backoffice.filter.responseheaders.BackofficeResponseHeadersFilter.doFilter(BackofficeResponseHeadersFilter.java:31) [classes/:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain.processStandardFilterChain(AbstractPlatformFilterChain.java:207) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain.doFilterInternal(AbstractPlatformFilterChain.java:184) [coreserver.jar:?]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at de.hybris.platform.servicelayer.web.XSSFilter.processPatternsAndDoFilter(XSSFilter.java:358) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.XSSFilter.doFilter(XSSFilter.java:306) [coreserver.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:8.5.50]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [catalina.jar:8.5.50]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [catalina.jar:8.5.50]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) [catalina.jar:8.5.50]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [catalina.jar:8.5.50]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609) [tomcat-coyote.jar:8.5.50]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-coyote.jar:8.5.50]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810) [tomcat-coyote.jar:8.5.50]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) [tomcat-coyote.jar:8.5.50]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:8.5.50]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.50]
at java.lang.Thread.run(Thread.java:834) [?:?]
在进一步的投资中,似乎 OOTB employeegroup 无法创建 Employee。此外,它明确无权更改 groups 属性。
如果您创建一个属于 employeegroup 的用户组,并为 Employee 明确定义创建访问权限,它仍然无法将组分配给员工。
我认为这种行为是预料之中的,并且可能是 ECP-2722 Preventing employee to assign himself administrator permissions 的结果。
解决方法可以是:
- 通过属于 admingroup
的用户创建员工
- 明确定义对
Employee.groups 的写入权限
Hybris:1905.9(也用 1905.12 测试过)
我使用下面的 impex 创建了一个密码为 1234 的 testEmployee Employee。我将 testEmployee 配置为拥有创建员工和客户的用户访问权限,以及查看用户组的权限。
通过 Backoffice,此 testEmployee 可以创建客户,但在尝试创建员工时会导致错误。
我错过了什么?我是否也需要为其他类型添加 UAC 权限?
备注:
- 属于
backofficeadmingroup的testBackofficeAdmin无法创建员工或客户 - OOTB
admin用户可以创建员工 - 属于
admingroup的员工可以创建员工
Impex:
$password=1234
INSERT_UPDATE Employee;UID[unique=true];password[default=$password];description;name;groups(uid);loginDisabled;backofficeLoginDisabled
;testEmployee;;description;name;employeegroup;false;false
;testBackofficeAdmin;;description;name;backofficeadmingroup;false;false
$START_USERRIGHTS;;;;;;;;;
Type;UID;MemberOfGroups;Password;Target;read;change;create;remove;change_perm
Employee;testEmployee;employeegroup;$password;;;;;;
;;;;Employee;+;+;+;+;;
;;;;Customer;+;+;+;+;;
;;;;UserGroup;+;-;-;-;;
$END_USERRIGHTS;;;;;
截图:
堆栈跟踪:
INFO [hybrisHTTP17] [fe80:0:0:0:0:0:0:1%1] [ConfigurableFlowController] Object sampleEmployee [sampleEmployee] could not be saved
com.hybris.cockpitng.dataaccess.facades.object.exceptions.ObjectSavePermissionException: Object sampleEmployee [sampleEmployee] could not be saved
at com.hybris.cockpitng.dataaccess.facades.object.impl.PermissionAwareObjectFacade.save(PermissionAwareObjectFacade.java:125) ~[cockpit-data-integration-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.dataaccess.facades.object.impl.DefaultObjectFacade.save(DefaultObjectFacade.java:137) ~[cockpit-data-integration-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.persistWidgetProperty(ConfigurableFlowController.java:1132) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.persistProperties(ConfigurableFlowController.java:531) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.doDone(ConfigurableFlowController.java:882) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.ConfigurableFlowController.doDone(ConfigurableFlowController.java:869) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.listener.TransitionListener.onEvent(TransitionListener.java:43) [backoffice-widgets-19.05.12-RC5.jar:?]
at com.hybris.cockpitng.widgets.configurableflow.renderer.ConfigurableFlowRenderer.lambda$createAndAppendButton(ConfigurableFlowRenderer.java:1145) [backoffice-widgets-19.05.12-RC5.jar:?]
at org.zkoss.zk.ui.AbstractComponent.onEvent(AbstractComponent.java:3177) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.AbstractComponent.service(AbstractComponent.java:3147) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.AbstractComponent.service(AbstractComponent.java:3089) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.EventProcessor.process(EventProcessor.java:138) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.UiEngineImpl.processEvent(UiEngineImpl.java:1846) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.UiEngineImpl.process(UiEngineImpl.java:1618) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.ui.impl.UiEngineImpl.execUpdate(UiEngineImpl.java:1321) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.au.http.DHtmlUpdateServlet.process(DHtmlUpdateServlet.java:611) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.au.http.DHtmlUpdateServlet.doGet(DHtmlUpdateServlet.java:487) [zk-8.6.0.1.jar:8.6.0.1]
at org.zkoss.zk.au.http.DHtmlUpdateServlet.doPost(DHtmlUpdateServlet.java:495) [zk-8.6.0.1.jar:8.6.0.1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) [servlet-api.jar:?]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) [servlet-api.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:209) [spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at com.hybris.backoffice.mobile.filter.BackofficeMobileFilter.doFilter(BackofficeMobileFilter.java:56) [classes/:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at de.hybris.platform.servicelayer.web.WebAppMediaFilter.doFilter(WebAppMediaFilter.java:129) [coreserver.jar:?]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:329) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$StatisticsGatewayFilter.doFilter(AbstractPlatformFilterChain.java:417) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at com.hybris.backoffice.security.BackofficeDynamicCatalogVersionActivationFilter.doFilter(BackofficeDynamicCatalogVersionActivationFilter.java:81) [classes/:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.DataSourceSwitchingFilter.doFilter(DataSourceSwitchingFilter.java:66) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.SessionFilter.doFilter(SessionFilter.java:96) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.session.HybrisSpringSessionFilter.doFilter(HybrisSpringSessionFilter.java:74) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at com.hybris.cockpitng.modules.spring.filter.ExternalModuleContextClassLoaderFilter.doFilter(ExternalModuleContextClassLoaderFilter.java:37) [cockpit-module-aggregator-19.05.12-RC5.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.RedirectWhenSystemIsNotInitializedFilter.doFilter(RedirectWhenSystemIsNotInitializedFilter.java:101) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.TenantActivationFilter.doFilter(TenantActivationFilter.java:83) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.Log4JFilter.doFilter(Log4JFilter.java:44) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at com.hybris.backoffice.filter.responseheaders.BackofficeResponseHeadersFilter.doFilter(BackofficeResponseHeadersFilter.java:31) [classes/:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain$InternalFilterChain.doFilter(AbstractPlatformFilterChain.java:299) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain.processStandardFilterChain(AbstractPlatformFilterChain.java:207) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.AbstractPlatformFilterChain.doFilterInternal(AbstractPlatformFilterChain.java:184) [coreserver.jar:?]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at de.hybris.platform.servicelayer.web.XSSFilter.processPatternsAndDoFilter(XSSFilter.java:358) [coreserver.jar:?]
at de.hybris.platform.servicelayer.web.XSSFilter.doFilter(XSSFilter.java:306) [coreserver.jar:?]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.50]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:8.5.50]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [catalina.jar:8.5.50]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [catalina.jar:8.5.50]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [catalina.jar:8.5.50]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) [catalina.jar:8.5.50]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [catalina.jar:8.5.50]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609) [tomcat-coyote.jar:8.5.50]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-coyote.jar:8.5.50]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810) [tomcat-coyote.jar:8.5.50]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) [tomcat-coyote.jar:8.5.50]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:8.5.50]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.50]
at java.lang.Thread.run(Thread.java:834) [?:?]
在进一步的投资中,似乎 OOTB employeegroup 无法创建 Employee。此外,它明确无权更改 groups 属性。
如果您创建一个属于 employeegroup 的用户组,并为 Employee 明确定义创建访问权限,它仍然无法将组分配给员工。
我认为这种行为是预料之中的,并且可能是 ECP-2722 Preventing employee to assign himself administrator permissions 的结果。
解决方法可以是:
- 通过属于 admingroup 的用户创建员工
- 明确定义对
Employee.groups 的写入权限