Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-24017

Security token issue using legacy bridge

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • 2015.01, 5.3.5, 5.4.2
    • Engineering tracked issues
    • Legacy bridge
    • None
    • Pollux Platform S6

    Description

      When logged in both in frontend and backend, following exception is thrown :

      Cannot set this token to trusted after instantiation

      Stack trace:

      [1] LogicException: Cannot set this token to trusted after instantiation.
    at n/a
        in /Users/lolautruche/workspace/ezsystems/ezpublish/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Token/UsernamePasswordToken.php line 57

    at Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken->setAuthenticated(true)
        in /Users/lolautruche/workspace/ezsystems/LegacyBridge/bundle/EventListener/RequestListener.php line 79

    at eZ\Bundle\EzPublishLegacyBundle\EventListener\RequestListener->onKernelRequest(object(GetResponseEvent), 'kernel.request', object(TraceableEventDispatcher))
        in  line 

    at call_user_func(array(object(RequestListener), 'onKernelRequest'), object(GetResponseEvent), 'kernel.request', object(TraceableEventDispatcher))
        in /Users/lolautruche/workspace/ezsystems/ezpublish/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/WrappedListener.php line 61

    at Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object(GetResponseEvent), 'kernel.request', object(ContainerAwareEventDispatcher))
        in  line 

    at call_user_func(object(WrappedListener), object(GetResponseEvent), 'kernel.request', object(ContainerAwareEventDispatcher))
        in /Users/lolautruche/workspace/ezsystems/ezpublish/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php line 164

    at Symfony\Component\EventDispatcher\EventDispatcher->doDispatch(array(object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener)), 'kernel.request', object(GetResponseEvent))
        in /Users/lolautruche/workspace/ezsystems/ezpublish/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php line 53

    at Symfony\Component\EventDispatcher\EventDispatcher->dispatch('kernel.request', object(GetResponseEvent))
        in /Users/lolautruche/workspace/ezsystems/ezpublish/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/ContainerAwareEventDispatcher.php line 167

    at Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch('kernel.request', object(GetResponseEvent))
        in /Users/lolautruche/workspace/ezsystems/ezpublish/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/TraceableEventDispatcher.php line 112

    at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch('kernel.request', object(GetResponseEvent))
        in /Users/lolautruche/workspace/ezsystems/ezpublish/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php line 126

    at Symfony\Component\HttpKernel\HttpKernel->handleRaw(object(Request), '1')
        in /Users/lolautruche/workspace/ezsystems/ezpublish/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php line 66

    at Symfony\Component\HttpKernel\HttpKernel->handle(object(Request), '1', true)
        in /Users/lolautruche/workspace/ezsystems/ezpublish/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/DependencyInjection/ContainerAwareHttpKernel.php line 64

    at Symfony\Component\HttpKernel\DependencyInjection\ContainerAwareHttpKernel->handle(object(Request), '1', true)
        in /Users/lolautruche/workspace/ezsystems/ezpublish/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php line 186

    at Symfony\Component\HttpKernel\Kernel->handle(object(Request))
        in /Users/lolautruche/workspace/ezsystems/ezpublish/web/index.php line 81

      This is a regression caused by fix for EZP-23953. Reason is that LegacySessionStorage does not inherit from NativeSessionStorage, and thus session name and other session options from siteaccess configuration are not passed to it any more.

      Steps to reproduce

      Using the same browser (different tabs), with siteaccesses on the same domain (e.g. using URIElement matching) :

      1. Log in to legacy admin with admin user
      2. Log in on frontend with a different user (ideally with a user which doesn't have login permission on admin interface, like subscriber)
      3. Go back on admin and refresh. The exception will occur.

      Attachments

        Activity

          People

            Unassigned Unassigned
            jerome.vieilledent-obsolete@ez.no Jérôme Vieilledent (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: