Liferay NoSuchResourcePermissionException Error Fix

 

Permission Checking Error Fix

How to fix "Someone may be trying to circumvent the permission checker" error in Liferay

Overview


Sometimes you may see notice strange errors on the portal related to permissions checking, similar to this one:

2023-10-10 07:37:39.152 ERROR [http-nio-8080-exec-1][MainServlet:1111] null

com.liferay.portal.kernel.events.ActionException: java.lang.IllegalArgumentException: Someone may be trying to circumvent the permission checker: {companyId=224404, name=com.liferay.portal.kernel.model.Layout, primKey=9730, scope=4}


This article explains how to find the reason and fix the issue.


Problem


If you check the stacktrace in more details - you'll see in the end, that the main reason is the missing ResourcePermission record for the resource on which permissions check is executed:


Caused by: com.liferay.portal.kernel.exception.NoSuchResourcePermissionException: {companyId=224404, name=com.liferay.portal.kernel.model.Layout, primKey=9730, scope=4} at com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl

.hasResourcePermission(ResourcePermissionLocalServiceImpl.java:1082) ~[portal-impl.jar:?]


There are might be different reasons that caused that state (a code issue or unintentional manual DB update, etc.), but that's the root cause and it should be fixed.


Solution


To fix the issue you need to restore the default ResourcePermission in the database.

Keep in mind: manual DB manipulations are forbidden in the Liferay world 😉

You need to invoke Liferay-provided API, to make sure all the data is inserted to Liferay tables in a correct way.

You can implement an Upgrade Step with the logic to register the missing ResourcePermission, or use the Groovy scripting console for ad-hoc solutions.

To fix the error mentioned above I'll use the Groovy Scripting Console in Server Administration.

First, I can identify which Layout (page) exactly has the missing ResourcePermission (using the primKey=9730 from the stacktrace above, which is Layout's plid):



This way I have the understanding that's its a Search page in the Guest site, and at least can check it and perform the required actions (check and update content, verify permissions, re-publish, etc.).

If that does not help - let's proceed with ResourcePermission checking and updates.

First, we can check if Owner role has the VIEW permission on resource (which, normally, should be the case):



This confirms the exception from logs about the missing ResourcePermission.

Well, as it's missing - let's create it using scripting console as well:


com.liferay.portal.kernel.service.ResourceLocalServiceUtil.addResources(companyId, 0, 224450, 'com.liferay.portal.kernel.model.Layout', 9730, false, false, false);


This will add the default resources for a given layout. The arguments here are:

1) companyId - the ID of Virtual Instance / Company;

2) groupId - the site's ID, can be set to 0;

3) userId - use admin's user ID here;

4) name - ResourcePermission name, usually a fully-qualified model class name;

5) primKey - the ID of the resource's entity;

6) portletActions - whether to associate portlet actions with the resource, can be false;

7) addGroupPermissions - whether to add group permissions, can be false;

8) addGuestPermissions - whether to add guest permissions, can be false.


You can run the previous script to verify ResourcePermissions had bee saved properly:



Finally, the issue should be fixed, at least for the particular model resource - the errors like NoSuchResourcePermissionException or Someone may be trying to circumvent the permission checker should not appear anymore.


Enjoy 😏






Comments

Post a Comment

Popular posts from this blog

Liferay Search Container Example

Or how to implement a custom search container in Liferay Overview   Search Containers are used in Liferay to display the table data. This article shows a simple example of how to implement a custom search container.  Example < liferay-portlet :renderURL varImpl ="iteratorURL" /> < liferay-ui :search-container total =" <%= ProjectLocalServiceUtil. getProjectsCount (scopeGroupId) %> "                              delta ="10"                              emptyResultsMessage ="no-projects-found"                              iteratorURL =" <%= iteratorURL %> " >     < liferay-ui :search-container-results             results =" <%= ProjectLocalServiceUtil. getProjects (scopeGroupId, searchContainer.getStart(), searchContainer.getEnd()) %> " />     < liferay-ui :search-container-row className ="com.sample.sb.model.Project" modelVar ="project" keyP
Read more

Liferay DXP - max upload file size

Image
Liferay DXP - increase Maximum Upload Request Size By default, Liferay has limit to 100 MB for file upload. Sometimes you need to upload larger files, and this restriction can be changed in configuration. Go to Control Panel -> Configuration -> System Settings -> Infrastructure. Click on "Upload Servlet Request". Modify " Overall Maximum Upload Request Size"  value and set which you need: Save the configuration. Now you should be able to upload large files to your Liferay DXP instance.
Read more

Liferay Keycloak integration

Image
Liferay Keycloak integration using OpenID Overview This tutorial explains how to configure OpenID SSO between Liferay 7.2 and Keycloak 7.0.1 Installation instructions KeyCloak Configuration 1. Install and startup Keycloak server Download latest Keycloak server:  https://www.keycloak.org/downloads.html Unzip keycloak-7.0.1.zip folder. Run  keycloak-7.0.1/bin/standalone.sh  (or  keycloak-7.0.1/bin/standalone.bat ) file. Keycloak should be started on 8080 port:  http://localhost:8080 2. Create default admin user: and sign in to Admin Console. 3. Check OpenID configuration Click on "OpenID Endpoint Configuration": JSON configuration should appear, like this: { "issuer": "http://localhost:8080/auth/realms/master", "authorization_endpoint": "http://localhost:8080/auth/realms/master/protocol/openid-connect/auth", "token_endpoint": "http://localhost:8080/auth/realms/master/protocol/openid-con
Read more