"container has no security assertions"

classic Classic list List threaded Threaded
2 messages Options
Ken Bolton-2 Ken Bolton-2
Reply | Threaded
Open this post in threaded view
|

"container has no security assertions"

Dear Plone-users,

I have been encountering a strange set of symptoms. This may be a Zope
issue, but I thought I should start here. I have a ZEO storage server
with six Zope clients behind apache1.3 that connect to it behind
pydirector. Things ran very well for a few weeks until, one-by-one the
clients started to error out when loading pages. The behavior is
inconsistent on the manage pages, but loading Plone pages always
brings up the authentication dialog, which always fails and gives the
first error below.

What is strange, and why I come here and not the Zope list, is that
not all clients are dying at once, but they seem to go down after a
few days. Also, .pt and dtml files in the root directory render
without problems. New Plone instances do not display.

I am going to rebuild one of the clients from scratch because I am
down to one survivor and the sites need to keep running.

When connecting to the a Plone instance, it appends
login_form?came_from= to the url, brings up the auth dialog, then
errors:
Traceback (innermost last):
  Module ZPublisher.Publish, line 113, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 40, in call_object
  Module Products.CMFFormController.FSControllerPageTemplate, line 98,
in __call__
  Module Products.CMFFormController.BaseControllerPageTemplate, line
42, in _call
  Module Shared.DC.Scripts.Bindings, line 311, in __call__
  Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
  Module Products.CMFCore.FSPageTemplate, line 188, in _exec
  Module Products.CMFCore.FSPageTemplate, line 127, in pt_render
  Module Products.PageTemplates.PageTemplate, line 104, in pt_render
   - <FSControllerPageTemplate at /cloisters/login_form>
  Module TAL.TALInterpreter, line 206, in __call__
  Module TAL.TALInterpreter, line 250, in interpret
  Module TAL.TALInterpreter, line 711, in do_useMacro
  Module TAL.TALInterpreter, line 250, in interpret
  Module TAL.TALInterpreter, line 426, in do_optTag_tal
  Module TAL.TALInterpreter, line 411, in do_optTag
  Module TAL.TALInterpreter, line 406, in no_tag
  Module TAL.TALInterpreter, line 250, in interpret
  Module TAL.TALInterpreter, line 711, in do_useMacro
  Module TAL.TALInterpreter, line 250, in interpret
  Module TAL.TALInterpreter, line 711, in do_useMacro
  Module TAL.TALInterpreter, line 250, in interpret
  Module TAL.TALInterpreter, line 426, in do_optTag_tal
  Module TAL.TALInterpreter, line 411, in do_optTag
  Module TAL.TALInterpreter, line 406, in no_tag
  Module TAL.TALInterpreter, line 250, in interpret
  Module TAL.TALInterpreter, line 426, in do_optTag_tal
  Module TAL.TALInterpreter, line 411, in do_optTag
  Module TAL.TALInterpreter, line 406, in no_tag
  Module TAL.TALInterpreter, line 250, in interpret
  Module TAL.TALInterpreter, line 653, in do_loop_tal
  Module TAL.TALInterpreter, line 250, in interpret
  Module TAL.TALInterpreter, line 426, in do_optTag_tal
  Module TAL.TALInterpreter, line 411, in do_optTag
  Module TAL.TALInterpreter, line 406, in no_tag
  Module TAL.TALInterpreter, line 250, in interpret
  Module TAL.TALInterpreter, line 676, in do_condition
  Module Products.PageTemplates.TALES, line 221, in evaluate
   - URL: file:ResourceRegistries/skins/ResourceRegistries/renderAllTheScripts.pt
   - Line 7, Column 16
   - Expression: not:'script/getInline'
   - Names:
      {'container': <PloneSite at /cloisters>,
       'context': <PloneSite at /cloisters>,
       'default': <Products.PageTemplates.TALES.Default instance at 0x3088c8f0>,
       'here': <PloneSite at /cloisters>,
       'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x348d7f08>,
       'modules':
<Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at
0x30879f30>,
       'nothing': None,
       'options': {'args': (),
                   'state':
<Products.CMFFormController.ControllerState.ControllerState object at
0x34fe7ed0>},
       'repeat': <Products.PageTemplates.TALES.SafeMapping object at
0x348d7f08>,
       'request': <HTTPRequest,
URL=http://143.229.121.1:8080/cloisters/login_form>,
       'root': <Application at >,
       'template': <FSControllerPageTemplate at /cloisters/login_form>,
       'traverse_subpath': [],
       'user': Anonymous User}
  Module Products.PageTemplates.Expressions, line 246, in __call__
  Module Products.PageTemplates.TALES, line 221, in evaluate
   - URL: file:ResourceRegistries/skins/ResourceRegistries/renderAllTheScripts.pt
   - Line 7, Column 16
   - Expression: standard:'script/getInline'
   - Names:
      {'container': <PloneSite at /cloisters>,
       'context': <PloneSite at /cloisters>,
       'default': <Products.PageTemplates.TALES.Default instance at 0x3088c8f0>,
       'here': <PloneSite at /cloisters>,
       'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x348d7f08>,
       'modules':
<Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at
0x30879f30>,
       'nothing': None,
       'options': {'args': (),
                   'state':
<Products.CMFFormController.ControllerState.ControllerState object at
0x34fe7ed0>},
       'repeat': <Products.PageTemplates.TALES.SafeMapping object at
0x348d7f08>,
       'request': <HTTPRequest,
URL=http://143.229.121.1:8080/cloisters/login_form>,
       'root': <Application at >,
       'template': <FSControllerPageTemplate at /cloisters/login_form>,
       'traverse_subpath': [],
       'user': Anonymous User}
  Module Products.PageTemplates.Expressions, line 185, in __call__
  Module Products.PageTemplates.Expressions, line 173, in _eval
  Module Products.PageTemplates.Expressions, line 127, in _eval
   - __traceback_info__: script
  Module Products.PageTemplates.Expressions, line 301, in restrictedTraverse
   - __traceback_info__: {'path': ['getInline'],
'TraversalRequestNameStack': []}
  Module Products.VerboseSecurity.VerboseSecurityPolicy, line 151, in validate
Unauthorized: The container has no security assertions.  Access to
'getInline' of (Products.ResourceRegistries.tools.JSRegistry.JavaScript
object at 0x349e7f30) denied.

I have poked around in JSRegistry, and the JavaScript class looks okay
to me. Ditto for renderAllTheScripts.pt. Not sure what else to look
into.

Error log from /manage (intermittent)
Traceback (innermost last):
  Module ZPublisher.Publish, line 104, in publish
  Module ZPublisher.BaseRequest, line 461, in traverse
  Module ZPublisher.HTTPResponse, line 684, in unauthorized
Unauthorized: <strong>You are not authorized to access this resource.</strong>

Debugging info:
Zope version: (Zope 2.8.2-final, python 2.3.5, linux2)
Python version: 2.3.5 (#2, Sep 5 2005, 15:18:41) [GCC 4.0.2 20050808
(prerelease) (Debian 4.0.1-4ubuntu6)]
System Platform: linux2
SOFTWARE_HOME: /opt/zope/lib/python
INSTANCE_HOME: /var/client1
CLIENT_HOME: /var/client1/var
Process ID: 20521 (846910704)
Running for: 18 hours 50 min 50 sec
sys.path:
  /var/client1/lib/python
  /opt/Zope-2.8.2/lib/python/Zope2/Startup
  /opt/zope/lib/python
  /var/client1/Products/ATContentTypes/thirdparty
  /usr/lib/python23.zip
  /usr/lib/python2.3
  /usr/lib/python2.3/plat-linux2
  /usr/lib/python2.3/lib-tk
  /usr/lib/python2.3/lib-dynload
  /usr/local/lib/python2.3/site-packages
  /usr/lib/python2.3/site-packages
  /usr/lib/python2.3/site-packages/PIL
  /usr/lib/site-python
  /var/client1/Products/PloneCollectorNG
  /var/client1/Products/ATAudio/utils


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
<a href="http://ads.osdn.com/?ad_idv28&alloc_id845&op=click">http://ads.osdn.com/?ad_idv28&alloc_id845&op=click
_______________________________________________
Plone-Users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users
Ken Bolton-2 Ken Bolton-2
Reply | Threaded
Open this post in threaded view
|

Re: "container has no security assertions"

Solved the problem, though I did not find any documentation of it. The
product folders got out of sync on some of the clients. Syncing them
up solved the issue.

On 11/22/05, Ken Bolton <[hidden email]> wrote:

> Dear Plone-users,
>
> I have been encountering a strange set of symptoms. This may be a Zope
> issue, but I thought I should start here. I have a ZEO storage server
> with six Zope clients behind apache1.3 that connect to it behind
> pydirector. Things ran very well for a few weeks until, one-by-one the
> clients started to error out when loading pages. The behavior is
> inconsistent on the manage pages, but loading Plone pages always
> brings up the authentication dialog, which always fails and gives the
> first error below.
>
> What is strange, and why I come here and not the Zope list, is that
> not all clients are dying at once, but they seem to go down after a
> few days. Also, .pt and dtml files in the root directory render
> without problems. New Plone instances do not display.
>
> I am going to rebuild one of the clients from scratch because I am
> down to one survivor and the sites need to keep running.
>
> When connecting to the a Plone instance, it appends
> login_form?came_from= to the url, brings up the auth dialog, then
> errors:
> Traceback (innermost last):
>   Module ZPublisher.Publish, line 113, in publish
>   Module ZPublisher.mapply, line 88, in mapply
>   Module ZPublisher.Publish, line 40, in call_object
>   Module Products.CMFFormController.FSControllerPageTemplate, line 98,
> in __call__
>   Module Products.CMFFormController.BaseControllerPageTemplate, line
> 42, in _call
>   Module Shared.DC.Scripts.Bindings, line 311, in __call__
>   Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
>   Module Products.CMFCore.FSPageTemplate, line 188, in _exec
>   Module Products.CMFCore.FSPageTemplate, line 127, in pt_render
>   Module Products.PageTemplates.PageTemplate, line 104, in pt_render
>    - <FSControllerPageTemplate at /cloisters/login_form>
>   Module TAL.TALInterpreter, line 206, in __call__
>   Module TAL.TALInterpreter, line 250, in interpret
>   Module TAL.TALInterpreter, line 711, in do_useMacro
>   Module TAL.TALInterpreter, line 250, in interpret
>   Module TAL.TALInterpreter, line 426, in do_optTag_tal
>   Module TAL.TALInterpreter, line 411, in do_optTag
>   Module TAL.TALInterpreter, line 406, in no_tag
>   Module TAL.TALInterpreter, line 250, in interpret
>   Module TAL.TALInterpreter, line 711, in do_useMacro
>   Module TAL.TALInterpreter, line 250, in interpret
>   Module TAL.TALInterpreter, line 711, in do_useMacro
>   Module TAL.TALInterpreter, line 250, in interpret
>   Module TAL.TALInterpreter, line 426, in do_optTag_tal
>   Module TAL.TALInterpreter, line 411, in do_optTag
>   Module TAL.TALInterpreter, line 406, in no_tag
>   Module TAL.TALInterpreter, line 250, in interpret
>   Module TAL.TALInterpreter, line 426, in do_optTag_tal
>   Module TAL.TALInterpreter, line 411, in do_optTag
>   Module TAL.TALInterpreter, line 406, in no_tag
>   Module TAL.TALInterpreter, line 250, in interpret
>   Module TAL.TALInterpreter, line 653, in do_loop_tal
>   Module TAL.TALInterpreter, line 250, in interpret
>   Module TAL.TALInterpreter, line 426, in do_optTag_tal
>   Module TAL.TALInterpreter, line 411, in do_optTag
>   Module TAL.TALInterpreter, line 406, in no_tag
>   Module TAL.TALInterpreter, line 250, in interpret
>   Module TAL.TALInterpreter, line 676, in do_condition
>   Module Products.PageTemplates.TALES, line 221, in evaluate
>    - URL: file:ResourceRegistries/skins/ResourceRegistries/renderAllTheScripts.pt
>    - Line 7, Column 16
>    - Expression: not:'script/getInline'
>    - Names:
>       {'container': <PloneSite at /cloisters>,
>        'context': <PloneSite at /cloisters>,
>        'default': <Products.PageTemplates.TALES.Default instance at 0x3088c8f0>,
>        'here': <PloneSite at /cloisters>,
>        'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x348d7f08>,
>        'modules':
> <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at
> 0x30879f30>,
>        'nothing': None,
>        'options': {'args': (),
>                    'state':
> <Products.CMFFormController.ControllerState.ControllerState object at
> 0x34fe7ed0>},
>        'repeat': <Products.PageTemplates.TALES.SafeMapping object at
> 0x348d7f08>,
>        'request': <HTTPRequest,
> URL=http://143.229.121.1:8080/cloisters/login_form>,
>        'root': <Application at >,
>        'template': <FSControllerPageTemplate at /cloisters/login_form>,
>        'traverse_subpath': [],
>        'user': Anonymous User}
>   Module Products.PageTemplates.Expressions, line 246, in __call__
>   Module Products.PageTemplates.TALES, line 221, in evaluate
>    - URL: file:ResourceRegistries/skins/ResourceRegistries/renderAllTheScripts.pt
>    - Line 7, Column 16
>    - Expression: standard:'script/getInline'
>    - Names:
>       {'container': <PloneSite at /cloisters>,
>        'context': <PloneSite at /cloisters>,
>        'default': <Products.PageTemplates.TALES.Default instance at 0x3088c8f0>,
>        'here': <PloneSite at /cloisters>,
>        'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x348d7f08>,
>        'modules':
> <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at
> 0x30879f30>,
>        'nothing': None,
>        'options': {'args': (),
>                    'state':
> <Products.CMFFormController.ControllerState.ControllerState object at
> 0x34fe7ed0>},
>        'repeat': <Products.PageTemplates.TALES.SafeMapping object at
> 0x348d7f08>,
>        'request': <HTTPRequest,
> URL=http://143.229.121.1:8080/cloisters/login_form>,
>        'root': <Application at >,
>        'template': <FSControllerPageTemplate at /cloisters/login_form>,
>        'traverse_subpath': [],
>        'user': Anonymous User}
>   Module Products.PageTemplates.Expressions, line 185, in __call__
>   Module Products.PageTemplates.Expressions, line 173, in _eval
>   Module Products.PageTemplates.Expressions, line 127, in _eval
>    - __traceback_info__: script
>   Module Products.PageTemplates.Expressions, line 301, in restrictedTraverse
>    - __traceback_info__: {'path': ['getInline'],
> 'TraversalRequestNameStack': []}
>   Module Products.VerboseSecurity.VerboseSecurityPolicy, line 151, in validate
> Unauthorized: The container has no security assertions.  Access to
> 'getInline' of (Products.ResourceRegistries.tools.JSRegistry.JavaScript
> object at 0x349e7f30) denied.
>
> I have poked around in JSRegistry, and the JavaScript class looks okay
> to me. Ditto for renderAllTheScripts.pt. Not sure what else to look
> into.
>
> Error log from /manage (intermittent)
> Traceback (innermost last):
>   Module ZPublisher.Publish, line 104, in publish
>   Module ZPublisher.BaseRequest, line 461, in traverse
>   Module ZPublisher.HTTPResponse, line 684, in unauthorized
> Unauthorized: <strong>You are not authorized to access this resource.</strong>
>
> Debugging info:
> Zope version: (Zope 2.8.2-final, python 2.3.5, linux2)
> Python version: 2.3.5 (#2, Sep 5 2005, 15:18:41) [GCC 4.0.2 20050808
> (prerelease) (Debian 4.0.1-4ubuntu6)]
> System Platform: linux2
> SOFTWARE_HOME: /opt/zope/lib/python
> INSTANCE_HOME: /var/client1
> CLIENT_HOME: /var/client1/var
> Process ID: 20521 (846910704)
> Running for: 18 hours 50 min 50 sec
> sys.path:
>   /var/client1/lib/python
>   /opt/Zope-2.8.2/lib/python/Zope2/Startup
>   /opt/zope/lib/python
>   /var/client1/Products/ATContentTypes/thirdparty
>   /usr/lib/python23.zip
>   /usr/lib/python2.3
>   /usr/lib/python2.3/plat-linux2
>   /usr/lib/python2.3/lib-tk
>   /usr/lib/python2.3/lib-dynload
>   /usr/local/lib/python2.3/site-packages
>   /usr/lib/python2.3/site-packages
>   /usr/lib/python2.3/site-packages/PIL
>   /usr/lib/site-python
>   /var/client1/Products/PloneCollectorNG
>   /var/client1/Products/ATAudio/utils
>


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://ads.osdn.com/?ad_idv37&alloc_id865&op=click">http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Plone-Users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users