Title:
Latest Updates Break Administrator Settings Summary Screen for non-root admins
| View in TrackerStatus/Resolution/Reason: Closed/Fixed/Fixed
Reporter/Name(from Bugbase): Michael O. / ()
Created: 02/26/2019
Components: Administrator, Administrator Console
Versions: 2016,11.0,2018
Failure Type: Crash
Found In Build/Fixed In Build: CF11 Patch 17 (11,0,17,314003) and CF2016 Patch 8 ( 2016,0,08,313934 ) / CF11U19,CF2016U11,CF2018U4
Priority/Frequency: Normal /
Locale/System: / Platforms All
Vote Count: 2
Problem Description: After applying Update 17 to CF11 Enterprise on CentOS, or Update 8 to CF 2016 Enterprise on Windows Server (I'm seeing this on several different installations), the Settings Summary screen crashes for non-root admins, and generates the following error:
"Error","http-nio-8500-exec-7","02/25/19","08:43:27",cfadmin,"The current user is not authorized to invoke this method. The specific sequence of files included or processed is: C:\ColdFusion-2016\cfusion\wwwroot\CFIDE\administrator\reports\index.cfm, line: 105 "
coldfusion.runtime.CustomException: The current user is not authorized to invoke this method.
at coldfusion.tagext.lang.ThrowTag.doStartTag(ThrowTag.java:142)
at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:3707)
at cfaccessmanager2ecfc103390807$funcCHECKROOTADMINUSER.runFunction(/CFIDE/adminapi/accessmanager.cfc:105)
at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:493)
at coldfusion.filter.SilentFilter.invoke(SilentFilter.java:47)
at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:389)
at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:95)
at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:340)
at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:235)
at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:653)
at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:442)
at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:412)
at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3103)
at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3080)
at cfsecurity2ecfc1729176081$funcISALLOWCONCURRENTADMINLOGIN.runFunction(/CFIDE/adminapi/security.cfc:38)
at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:493)
at coldfusion.filter.SilentFilter.invoke(SilentFilter.java:47)
at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:389)
at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:95)
at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:340)
at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:235)
at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:653)
at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:442)
at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:412)
at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3103)
at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3080)
at cf_report2ecfm349977107._factor76(C:\ColdFusion-2016\cfusion\wwwroot\CFIDE\administrator\reports\_report.cfm:2631)
at cf_report2ecfm349977107._factor78(C:\ColdFusion-2016\cfusion\wwwroot\CFIDE\administrator\reports\_report.cfm:72)
at cf_report2ecfm349977107.runPage(C:\ColdFusion-2016\cfusion\wwwroot\CFIDE\administrator\reports\_report.cfm:1)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:254)
at coldfusion.tagext.lang.IncludeTag.handlePageInvoke(IncludeTag.java:737)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:573)
at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:3707)
at cfindex2ecfm1395148943.runPage(/CFIDE/administrator/reports/index.cfm:41)
at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:254)
at coldfusion.tagext.lang.IncludeTag.handlePageInvoke(IncludeTag.java:737)
at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:573)
at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65)
at coldfusion.filter.IpFilter.invoke(IpFilter.java:45)
at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:505)
at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:43)
at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40)
at coldfusion.filter.PathFilter.invoke(PathFilter.java:153)
at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94)
at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:60)
at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62)
at coldfusion.CfmServlet.service(CfmServlet.java:223)
at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at coldfusion.filter.ClickjackingProtectionFilter.doFilter(ClickjackingProtectionFilter.java:75)
at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:355)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
Uninstalling the patch fixes it.
Steps to Reproduce: Install the patch, log into CFIDE/administrator as non-root admin, access the Settings Summary Screen
Actual Result: Admin Settings Summary Screen breaks (see error above) for non-root admins
Expected Result: Admin Settings Summary Screen works for all admins
Any Workarounds: login with the root administrator or uninstall the patchAttachments:
Comments: