tracker issue : CF-4204466

select a category, or use search below
(searches all categories and all time range)
Title:

Lost access to Settings Summary page in CFAdmin

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/Duplicate

Reporter/Name(from Bugbase): Dave I. / ()

Created: 05/29/2019

Components: Administrator, Administrator Console

Versions: 2016

Failure Type: Non Functioning

Found In Build/Fixed In Build: 314028 /

Priority/Frequency: Normal / Most users will encounter

Locale/System: English / Win 2016

Vote Count: 0

Problem Description: After upgrading to update 10 on CF2016 Enterprise, the normal users (developers) who were created in the Security | User Manager panel and were granted the Allowed Role to see the Server Settings > Settings Summary, can no longer load that page in the admin console.  The admin account can still see this page fine.

Steps to Reproduce: Just performed the hf-2016-00010-314028 hotfix, login as a limited user, and try to click on the Settings Summary page on the left panel.

Actual Result: In the ColdFusion logs, we are seeing the following:

-- application.log

"Error","http-nio-8501-exec-8","03/06/19","16:23:19","cfadmin","The current user is not authorized to invoke this method. The specific sequence of files included or processed is: E:\ColdFusion2016\CFTST-FinDEV\wwwroot\CFIDE\administrator\reports\index.cfm, line: 105 "

-- cf_custom_error.log

"Information","http-nio-8501-exec-8","03/06/19","16:23:18","CFADMIN","/CFIDE/administrator/reports/index.cfm [/CFIDE/adminapi/accessmanager.cfc 105 ] : The current user is not authorized to invoke this method. - The current user is not authorized to invoke this method.  <br>The error occurred on line 105.)"

-- exception.log

"Error","http-nio-8501-exec-8","03/06/19","16:23:19","cfadmin","The current user is not authorized to invoke this method. The specific sequence of files included or processed is: E:\ColdFusion2016\CFTST-FinDEV\wwwroot\CFIDE\administrator\reports\index.cfm, line: 105 "
coldfusion.runtime.CustomException: The current user is not authorized to invoke this method.

Expected Result: User granted this role can run the page successfully.

Any Workarounds: None, besides uninstalling the hotfix.

Attachments:

Comments:

The stack trace for the error in the exception.log is below: "Error","http-nio-8501-exec-8","03/06/19","16:23:19","cfadmin","The current user is not authorized to invoke this method. The specific sequence of files included or processed is: E:\ColdFusion2016\CFTST-FinDEV\wwwroot\CFIDE\administrator\reports\index.cfm, line: 105 " coldfusion.runtime.CustomException: The current user is not authorized to invoke this method. at coldfusion.tagext.lang.ThrowTag.doStartTag(ThrowTag.java:142) at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:3707) at cfaccessmanager2ecfc103390807$funcCHECKROOTADMINUSER.runFunction(/CFIDE/adminapi/accessmanager.cfc:105) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:493) at coldfusion.filter.SilentFilter.invoke(SilentFilter.java:47) at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:389) at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:95) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:340) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:235) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:653) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:442) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:412) at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3103) at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3080) at cfsecurity2ecfc1729176081$funcISALLOWCONCURRENTADMINLOGIN.runFunction(/CFIDE/adminapi/security.cfc:38) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:493) at coldfusion.filter.SilentFilter.invoke(SilentFilter.java:47) at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:389) at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:95) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:340) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:235) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:653) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:442) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:412) at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3103) at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3080) at cf_report2ecfm343960336._factor76(E:\ColdFusion2016\CFTST-FinDEV\wwwroot\CFIDE\administrator\reports\_report.cfm:2631) at cf_report2ecfm343960336._factor78(E:\ColdFusion2016\CFTST-FinDEV\wwwroot\CFIDE\administrator\reports\_report.cfm:72) at cf_report2ecfm343960336.runPage(E:\ColdFusion2016\CFTST-FinDEV\wwwroot\CFIDE\administrator\reports\_report.cfm:1) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:254) at coldfusion.tagext.lang.IncludeTag.handlePageInvoke(IncludeTag.java:737) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:573) at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:3707) at cfindex2ecfm1395148943.runPage(/CFIDE/administrator/reports/index.cfm:41) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:254) at coldfusion.tagext.lang.IncludeTag.handlePageInvoke(IncludeTag.java:737) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:573) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.IpFilter.invoke(IpFilter.java:45) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:505) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:43) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:153) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:78) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:60) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:223) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at coldfusion.filter.ClickjackingProtectionFilter.doFilter(ClickjackingProtectionFilter.java:75) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at sun.reflect.GeneratedMethodAccessor320.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.intergral.fusionreactor.j2ee.filterchain.WrappedFilterChain.doFilter(WrappedFilterChain.java:134) at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doNext(FusionReactorRequestHandler.java:764) at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doHttpServletRequest(FusionReactorRequestHandler.java:344) at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doFusionRequest(FusionReactorRequestHandler.java:207) at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.handle(FusionReactorRequestHandler.java:801) at com.intergral.fusionreactor.j2ee.filter.FusionReactorCoreFilter.doFilter(FusionReactorCoreFilter.java:36) at sun.reflect.GeneratedMethodAccessor316.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.intergral.fusionreactor.j2ee.filterchain.WrappedFilterChain.doFilter(WrappedFilterChain.java:71) at sun.reflect.GeneratedMethodAccessor315.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.intergral.fusionreactor.agent.filter.FusionReactorStaticFilter.doFilter(FusionReactorStaticFilter.java:54) at com.intergral.fusionreactor.agent.pointcuts.NewFilterChainPointCut$1.invoke(NewFilterChainPointCut.java:41) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:355) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)
Comment by Dave I.
30840 | May 29, 2019 07:15:53 PM GMT