Bonita Studio 6.3.3 - Form Preview - Access denied: you do not have the rights to view this page.

1
0
-1

Hi there,

Bonita Studio 6.3.3, Java 1.7.0.67, Windows 8.1

whenever I try to preview a form in Studio I get a

Access denied: you do not have the rights to view this page.

Under design this shouldn't need authentication or other credentials. How do I get round this without having to fix all my Actors first? It shouldn't be necessary.

Many thanks and best regards Seán

The Engine Log is as follows:

INFO: THREAD_ID=51 | HOSTNAME=Mainframe | TENANT_ID=1 | The user <install> has installed process <StartHere preview> in version <1.0> with id <7723886910851068673>
2014-09-08 10:44:56 org.bonitasoft.engine.api.impl.transaction.process.EnableProcess
INFO: THREAD_ID=51 | HOSTNAME=Mainframe | TENANT_ID=1 | The user <install> has enabled process <StartHere preview> in version <1.0> with id <7723886910851068673>
2014-09-08 10:45:02 org.bonitasoft.forms.server.provider.impl.FormServiceProviderImpl
SEVERE: Username<studio> Form<StartHere preview--1.0$entry> Process<StartHere preview 1.0>
org.bonitasoft.engine.session.InvalidSessionException: USERNAME=walter.bates | Invalid session
        at org.bonitasoft.engine.api.impl.ServerAPIImpl.checkTenantSession(ServerAPIImpl.java:406)
        at org.bonitasoft.engine.api.impl.ServerAPIImpl.beforeInvokeMethodForAPISession(ServerAPIImpl.java:242)
        at org.bonitasoft.engine.api.impl.ServerAPIImpl.beforeInvokeMethod(ServerAPIImpl.java:220)
        at org.bonitasoft.engine.api.impl.ServerAPIImpl.invokeMethod(ServerAPIImpl.java:127)
        at org.bonitasoft.engine.api.impl.ClientInterceptor.invoke(ClientInterceptor.java:88)
        at com.sun.proxy.$Proxy15.getProcessDeploymentInfo(Unknown Source)
        at org.bonitasoft.forms.server.util.FormContextUtil.getProcess(FormContextUtil.java:103)
        at org.bonitasoft.forms.server.util.FormContextUtil.getProcessName(FormContextUtil.java:81)
        at org.bonitasoft.forms.server.util.FormLogger.log(FormLogger.java:70)
        at org.bonitasoft.forms.server.util.FormLogger.logWithoutContext(FormLogger.java:41)
        at org.bonitasoft.forms.server.util.FormLogger.log(FormLogger.java:24)
        at org.bonitasoft.forms.server.provider.impl.FormServiceProviderImpl.canUserInstantiateProcess(FormServiceProviderImpl.java:609)
        at org.bonitasoft.forms.server.provider.impl.FormServiceProviderImpl.isAllowed(FormServiceProviderImpl.java:417)
        at org.bonitasoft.forms.server.FormsServlet.getFormFirstPage(FormsServlet.java:219)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:561)
        at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208)
        at org.bonitasoft.forms.server.FormsServlet.processCall(FormsServlet.java:138)
        at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)
        at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.bonitasoft.console.common.server.login.filter.NoCacheFilter.doFilter(NoCacheFilter.java:53)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.bonitasoft.console.security.SessionFixationValve.invoke(SessionFixationValve.java:77)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
        at java.lang.Thread.run(Unknown Source)
1 answer

1
0
-1

Hi,

When you run the process, the actor defined in "Configurate > Authentification" is not allowed to run the process. Change it to one who is an initiator of the process defined in the process. http://www.hostingpics.net/viewer.php?id=9360321301.png

Comments

Submitted by Sean McP on Mon, 09/08/2014 - 13:38

Hi Sylvain,

running the process is not a problem and it works fine,

I am not running the process just using the PREVIEW FORM during design process, there should be no-need for RUNTIME authentication except if you are running the process.

I am simply changing the fonts for an already working process and form, click on the PREVIEW button to see what it looks like and this is when you you get the Authentication error. This is not an execution of the form just a does it look right, there should be no need for authentication.

regards Seán

Submitted by aurelien.pupier on Mon, 09/08/2014 - 21:49

Hi,

in fact authentication is needed as you may have form with different display dependening on the user connected.

regards,

Submitted by Sean McP on Tue, 09/09/2014 - 12:23

Humbly and respectfully disagree.

In design mode there should be no such concept of authentication. Design is design, it is not testing the veracity of the users ability to see a screen.

Now as to how a screen looks as to the role they play, this I suggest needs to be looked at differently, how about a drop down list of applicable roles and the draft screen in a refresh-able iFrame?

I suspect 80% of screens will not have different views per role, easier to implement a non-auth version that allows a developer to see these cases dynamically (drop down list).

regards Seán

Notifications