tracker issue : CF-3546323

select a category, or use search below
(searches all categories and all time range)
Title:

Unable to use Datasource.cfc in Admin API - The current user is not authorized to invoke this method

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/CannotReproduce

Reporter/Name(from Bugbase): Gavin Baumanis / Gavin Baumanis (GavinBaumanis)

Created: 04/22/2013

Components: Security

Versions: 10.0

Failure Type: Non Functioning

Found In Build/Fixed In Build: Final /

Priority/Frequency: Critical / All users will encounter

Locale/System: English / Win 2008 Server R2 64 bit

Vote Count: 2

Hi Everyone,
I am having some issues accessing the methods in the datasource.cfc in the adminAPI.
 
I can successfully load the administrator CFC and am told that I have successsfuly logged in;
 
But when I try to subsequently USE the datasource.cfc I get an error that the current user is unable to access the method.
 
/* Create an Admin API object and call the login method */
var local = {};
local.adminObj = createObject("component", "cfide.adminapi.administrator");
/* Enter your password for the CF Admin */
/* if you dump this - TRUE is returned */
local.adminObj.login(adminPassword="my_admin _user_password");
 
/* Create an object of datasource component */
local.dsnObj = createObject("component", "cfide.adminapi.datasource");
writeDump(local.dsnObj.getDataSources());
 
 
I tried creating separate admin users and passwords - thinking that perhaps a recent hotfix had stopped the "admin" user from being allowed to use the adminAPI - but changing to a new admin user yielded the same results.
I could login to the admin API with the new username and password - but could not access any methods of the datasource.cfc after that.
 
 
13:09:56.056 - cfadminapiSecurityError Exception - in E:/cf10_final/cfusion/wwwroot/CFIDE/adminapi/accessmanager.cfc : line 48
         The current user is not authorized to invoke this method. 
13:09:56.056 - cfadminapiSecurityError Exception - in E:/cf10_final/cfusion/wwwroot/CFIDE/adminapi/accessmanager.cfc : line 48
         The current user is not authorized to invoke this method. 
13:09:56.056 - java.io.FileNotFoundException - in C:/ColdFusion10/cfusion/wwwroot/WEB-INF/exception/errorcontext.cfm : line 44
         E:/cf10_final/cfusion/wwwroot/CFIDE/adminapi/accessmanager.cfc (The system cannot find the path specified)
 

I am assuming some sort of hard-coded path error / issue?
I do not have an "E" drive.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3546323

External Customer Info:
External Company:  
External Customer Name: GavinBaumanis
External Customer Email:  
External Test Config: CF10 Enterprise - latest hotfix applied.

Attachments:

Comments:

This person seems to be having the same issue; http://forums.adobe.com/message/5051892
Comment by External U.
15578 | April 22, 2013 12:20:04 AM GMT
I did have en enterprise key but downgraded my development installation to standard to test some things so not sure if this is in any way related.Also makes it impossible to use my website auto-creation code which is a pain.
Vote by External U.
15583 | July 06, 2013 12:13:23 AM GMT
Hi , We are unable to repro the Issue on the latest update . Can you please let us know about your update level ? Also are you facing the same even with the latest update ? I see that in the below mentioned forum link that one person has confirmed the Issue is resolved in the latest update . Please confirm . The code I used was : <cfscript> function getdb() { var local = {}; local.adminObj = createObject("component", "cfide.adminapi.administrator"); local.adminObj.login(adminPassword="admin"); local.dsnObj = createObject("component", "cfide.adminapi.datasource"); writeDump(local.dsnObj.getDataSources()); return 1; } </cfscript> <cfoutput> #getdb()# </cfoutput> Regards , YASHAS R R ADOBE CF TEAM (Comment added from ex-user id:yrr)
Comment by Adobe D.
15579 | September 05, 2013 05:47:00 AM GMT
I can confirm the issue no longer exists using the latest updater for CF10. Thanks!
Comment by External U.
15580 | October 30, 2013 02:51:09 PM GMT
+1 - This issue still exists in CF11 Update 3. <cfloginuser> breaks Admin API access
Vote by External U.
15584 | January 23, 2015 02:04:40 AM GMT
Hi Yashas, This issue still exists in CF11 Update 3. The cause is <cfloginuser>. Steps to reproduce: 1) Run the following code: <cflogout> <cflogin> <cfloginuser name="foo" password="bar" roles="foobar"> </cflogin> <cfscript> function myFunction() { adminAPI = new CFIDE.adminapi.administrator(); loginResult = adminAPI.login(thePassword, theUsername); writeOutput(loginResult); try { obj = new CFIDE.adminapi.servermonitoring(); activeRequests = obj.getAllActiveRequests(); writeOutput("success!"); } catch(any e) { writeOutput(e.message); } } myFunction(); </cfscript> <cflogout><br> <cfset myFunction()> Expected Result: true success! true success! Actual Result: true The current user is not authorized to invoke this method. true success! - If user is not logged-in via <cflogin> framework, then Admin API calls succeed. - If user is logged-in via <cflogin> framework, then Admin API calls fail. <cfloginuser> should not be breaking Admin API access. Thanks!, -Aaron
Comment by External U.
15581 | January 23, 2015 02:12:10 AM GMT
Filed as #CF-3926238 so that I can track it, and in case it is a different issue. Thanks!, -Aaron
Comment by External U.
15582 | January 23, 2015 02:23:56 AM GMT