Hi, I am working on this issue. I am inquiring how one can identify an anonymously-accessed global property or a global property accessed before login. @dkayiwa @samuel34 @mozzy ? Thank you.
For all methods that get global properties in here openmrs-core/api/src/main/java/org/openmrs/api/AdministrationService.java at master · openmrs/openmrs-core · GitHub add this annotation @Authorized(PrivilegeConstants.GET_GLOBAL_PROPERTIES)
and then run the reference application. In your server side logs, you will get privilege errors for each global property that is being accessed before login.
Thanks a lot. Let me do that!
@dkayiwa I followed your suggestion, but I have not yet got those properties. Let me explain what I have done. I have added @Authorized(PrivilegeConstants.GET_GLOBAL_PROPERTIES) to the getGlobalProperties as shown in the screenshots below:
Running mvn clean package
would not work since changes fail the tests. So I rather used mvn clean package -Dmaven.test.failure.ignore=true
. then ran mvn openmrs-sdk:deploy -DserverId=server
and started the reference application with mvn openmrs-sdk:run -DserverId=server
.
The server side logs are here Using JAVA_HOME: /usr/lib/jvm/java-8-openjdk-amd64/jreUsing MAVEN_OPTS: - Pastebin.com. And I only see ModuleException and ZipException. No priviledge exception whatsoever. Could there be something I have not done right?
The errors you are getting a probably being caused by something else, because the only ones i would expect from those changes are missing privilege exceptions. Try remove the annotations and see if all is well. Then add them back but one at a time.
Alright. Let me go on with that!
Hi @dkayiwa @ibacher I am facing this [ERROR] Failures:[ERROR] AuthorizationAdviceTest.before_shouldNotifyListener - Pastebin.com I have realized they are not directly about AdministrationService but are triggered when I add @Authorized(PrivilegeConstants.GET_GLOBAL_PROPERTIES) to all methods that get the global property in the AdministrationService Any advice on how to go on is highly appreciated. TRUNK-6203: Global properties access should be privileged by Seremba · Pull Request #4547 · openmrs/openmrs-core (github.com)
Can you start by just adding the annotation and see what happens?
You can run the Maven build with -DskipTests
to bypass those issues…
Added the annotation and skipped the tests like @ibacher had suggested. I was able to identify a few classes that have the global properties I need.
Thanks @ibacher
Hi @dkayiwa @ibacher I encounter this error [ERROR] org.openmrs.annotation.OpenmrsProfileExcludeFilterWithModulesTest.match_s - Pastebin.com](ERROR] org.openmrs.annotation.OpenmrsProfileExcludeFilterWithModulesTest.match_s - Pastebin.com) but I have kind of failed go to past it. I have so far refactored getGlobalProperty, as per instructions in the issue as shown in the screenshot below.
When I run the application minus tests, I get everything working properly. When I run mvn clean package
, I face that error. I have also noted that public String getGlobalProperty(String propertyName, String defaultValue);
is the one causing the error as it calls getGlobalProperty. I want to find a way of handling authentication but I am kind of stuck.
Thanks a lot.
Can you share a draft pull request with all your changes?
@dkayiwa it here TRUNK-6203: Global properties access should be privileged by Seremba · Pull Request #4562 · openmrs/openmrs-core (github.com)
I have put a comment on github.