Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6639

RA: New role can not be created if RA-login-role belongs to Namespace

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.10.1.2
    • Fix Version/s: EJBCA 6.12.0
    • Component/s: RA UI
    • Labels:
    • Environment:
      EJBCA 6.10.1.2 or further
    • Sprint:
      EJBCA Sprint 9

      Description

      If RA Administrator profile belongs to a certain Namespace, when it tries to create a new role in > RA > Role Management > Roles > Create New Role, the new role is not added.
      Also there is no option in the role creation to choose the Namespace. Same test with an Administrator Role that has no Namespace is successful.

      Error in the server.log:
      2018-02-21 12:33:59,343 WARNING [javax.enterprise.resource.webcontainer.jsf.lifecycle] (default task-11) #

      {raRoleBean.save}: org.cesecore.authorization.AuthorizationDeniedException: Current AuthenticationToken is not authorized to the namespace ''.: javax.faces.FacesException: #{raRoleBean.save}

      : org.cesecore.authorization.AuthorizationDeniedException: Current AuthenticationToken is not authorized to the namespace ''.

      To reproduce this error:

      • Create a Administrator Role that belongs to a Namespace with for example the access rules in the picture attached to this ticket.
      • Create end entity, generate a certificate for it.
      • Add the certificate serial number to the Administrator role created in step 1.
      • Login with the new certificate to /ejbca/ra
      • Go to Role Management > Roles > Create New Role
      • Fill the parameters and click Add

        Attachments

        1. eca-6639_role_namespace_fix.diff
          1 kB
          Samuel Lidén Borell
        2. Screenshot from 2018-02-21 13-40-56.png
          171 kB
          Blanca Morales
        3. Screenshot from 2018-02-21 13-42-14.png
          126 kB
          Blanca Morales
        4. Screenshot from 2018-02-21 13-42-35.png
          109 kB
          Blanca Morales
        5. Screenshot from 2018-02-21 13-42-50.png
          87 kB
          Blanca Morales

          Issue Links

            Activity

              People

              Assignee:
              samuel Samuel Lidén Borell
              Reporter:
              blanca.morales@primekey.com Blanca Morales
              Verified by:
              Henrik Sunmark
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 20 minutes
                  1d 20m