Eclipse Scout 中的 CSP 错误(一日教程)?
[英]CSP Error in Eclipse Scout (One Day Tutorial)?
问题描述
I'm currently on the one day tutorial of the Eclipse Scout Framework, and I'm stuck at exactly this part.
我目前正在学习 Eclipse Scout Framework 的一日教程,而我正被困在这一部分。 I don't think that my question is Tutorial-specific, which is why I'm asking my question here: Suddenly, when I try to open a menu in my scout localhost environment;我不认为我的问题是特定于教程的,这就是为什么我在这里问我的问题:突然,当我尝试在我的 scout localhost 环境中打开一个菜单时; I get an "access denied" message in my browser, and the java console gives back the following log:我在浏览器中收到“拒绝访问”消息,java 控制台返回以下日志:
2022-04-06 22:27:06,597 WARN [qtp1600667055-41] org.eclipse.scout.rt.server.commons.authentication.DevelopmentAccessController.handle(DevelopmentAccessController.java:66) -
+++ Development access control with user xxx.yyy - MDC[]
2022-04-06 22:27:06,875 INFO [qtp1600667055-33] org.eclipse.scout.rt.ui.html.csp.ContentSecurityPolicyReportHandler.log(ContentSecurityPolicyReportHandler.java:80) - CSP-REPORT: {
"csp-report": {
"blocked-uri": "inline",
"column-number": 797897,
"document-uri": "http:\/\/localhost:8082\/",
"line-number": 71,
"original-policy": "img-src 'self'; style-src 'self' 'unsafe-inline'; child-src *; default-src 'self'; report-uri http:\/\/localhost:8082\/csp-report; script-src 'self'",
"referrer": "",
"source-file": "moz-extension",
"violated-directive": "script-src"
}
} - MDC[principal=xxx.yyy,
httpUri=/csp-report,
cid=d3e5c2b5-19b8-4f62-b512-56bbd82eb685]
2022-04-06 22:27:07,
575 INFO [scout-model-thread-4 Starting ClientSession [sessionId=v6r80rs8kch0k2pohlnc4u4n2917m8ohb0smftl2jbf4a62i7ah]] org.eclipse.scout.rt.client.AbstractClientSession.start(AbstractClientSession.java:294) - Client session started [session=org.eclipse.scout.contacts.client.ClientSession@49956588[id = v6r80rs8kch0k2pohlnc4u4n2917m8ohb0smftl2jbf4a62i7ah], user=xxx.yyy] - MDC[principal=xxx.yyy, httpUri=/json, jobName=Starting ClientSession [sessionId=v6r80rs8kch0k2pohlnc4u4n2917m8ohb0smftl2jbf4a62i7ah], cid=Sq8Jw6Nn9Gq/1]
2022-04-06 22:27:07,575 INFO [qtp1600667055-45] org.eclipse.scout.rt.ui.html.UiSession.getOrCreateClientSession(UiSession.java:303) - Created new client session [clientSessionId=v6r80rs8kch0k2pohlnc4u4n2917m8ohb0smftl2jbf4a62i7ah, userAgent=HTML|DESKTOP|FIREFOX|WINDOWS|Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0] - MDC[principal=xxx.yyy, httpUri=/json, cid=Sq8Jw6Nn9Gq/1]
2022-04-06 22:27:07,575 INFO [qtp1600667055-45] org.eclipse.scout.rt.ui.html.UiThemeHelper.getConfiguredTheme(UiThemeHelper.java:59) - UI theme configured in config.properties: default - MDC[principal=xxx.yyy, httpUri=/json, cid=Sq8Jw6Nn9Gq/1]
2022-04-06 22:27:07,591 INFO [scout-model-thread-10 Starting JsonClientSession] org.eclipse.scout.rt.ui.html.json.MainJsonObjectFactory.getFactories(MainJsonObjectFactory.java:36) - Using following object factories: [org.eclipse.scout.rt.ui.html.JsonObjectFactory@7646906d] - MDC[principal=xxx.yyy, httpUri=/json, scoutSession=v6r80rs8kch0k2pohlnc4u4n2917m8ohb0smftl2jbf4a62i7ah, jobName=Starting JsonClientSession, cid=Sq8Jw6Nn9Gq/1]
2022-04-06 22:27:07,701 INFO [qtp1600667055-45] org.eclipse.scout.rt.ui.html.UiSession.init(UiSession.java:264) - UiSession with ID 1:gsk4adjmlv49n219mb0v7ono8bfv2g3bo4kdiimvse5duppfdl4 initialized - MDC[principal=xxx.yyy, httpUri=/json, cid=Sq8Jw6Nn9Gq/1]
2022-04-06 22:27:07,717 INFO [qtp1600667055-45] org.eclipse.scout.rt.ui.html.json.JsonMessageRequestHandler.createUiSession(JsonMessageRequestHandler.java:362) - Created new UI session with ID 1:gsk4adjmlv49n219mb0v7ono8bfv2g3bo4kdiimvse5duppfdl4 in 558.412900 ms [maxIdleTime=14400s, httpSession.maxInactiveInterval=3600s] - MDC[principal=xxx.yyy, httpUri=/json, cid=Sq8Jw6Nn9Gq/1]
2022-04-06 22:27:11,793 INFO [scout-model-thread-18 Processing JSON request] org.eclipse.scout.rt.platform.exception.ExceptionHandler.handlePlatformException(ExceptionHandler.java:125) - VetoException: Zugriff verweigert [severity=ERROR, user=xxx.yyy, remote-service.name=org.eclipse.scout.contacts.shared.person.IPersonService, remote-service.operation=prepareCreate, form=org.eclipse.scout.contacts.client.person.PersonForm, ui.event=action, ui.adapter=Menu[id=5, modelClass=org.eclipse.scout.contacts.client.Desktop$QuickAccessMenu$NewPersonMenu, parentId=4]] - MDC[principal=xxx.yyy, httpUri=/json, uiSession=1:gsk4adjmlv49n219mb0v7ono8bfv2g3bo4kdiimvse5duppfdl4, scoutSession=v6r80rs8kch0k2pohlnc4u4n2917m8ohb0smftl2jbf4a62i7ah, jobName=Processing JSON request, cid=Bp3cD7ar8Gp/4]
To me it seems that there's a Content Security Policy issue somewhere, but no clue if that's the case, and if so how to fix that, even after researching the issue for quite some time now.对我来说,似乎某处存在内容安全策略问题,但不知道是否是这种情况,如果是这样,如何解决这个问题,即使现在已经研究了很长时间。
Help?帮助?
2 个解决方案
解决方案1
0 2022-06-22 09:35:46
Are you running some kind of ad-blocker or privacy plugin in your browser?您是否在浏览器中运行某种广告拦截器或隐私插件? This would explain the reported CSP error.这将解释报告的 CSP 错误。 By default, the CSP rules block inline JavaScript code (eg <script>...</script> ).默认情况下,CSP 规则会阻止内联 JavaScript 代码(例如<script>...</script> )。 Scout itself does not use inline code. Scout 本身不使用内联代码。 It is therefore likely that a browser plugin has injected code into the page.因此,浏览器插件很可能已将代码注入页面。 The reported "source-file" ("moz-extension") also hints to that.报告的“源文件”(“moz-extension”)也暗示了这一点。
The access denied error is probably not caused by the CSP rules.拒绝访问错误可能不是由 CSP 规则引起的。 According to the log file, the click was successfully dispatched to the corresponding Menu instance on the UI server.根据日志文件,点击成功调度到UI服务器上对应的Menu实例。 That code calls a backend service ( IPersonService ) over the service tunnel, which fails with an exception.该代码通过服务隧道调用后端服务 ( IPersonService ),但失败并出现异常。 There are a lot of things that could have gone wrong here:这里有很多可能出错的地方:
- Backend not running.后端未运行。
- Backend running, but not in a valid state.后端正在运行,但未处于有效状态。
- Auth keys of UI server and backend server don't match, so the service tunnel cannot be established securely. UI server 和 backend server 的Auth Key不匹配,无法安全建立服务隧道。 Check the values of the config properties
scout.auth.privateKeyandscout.auth.publicKey.检查配置属性scout.auth.privateKey和scout.auth.publicKey的值。 If necessary, use the SecurityUtility to create a new pair.如有必要,请使用 SecurityUtility 创建一个新对。 - User does not have the necessary permissions.用户没有必要的权限。 For every call to the backend over the service tunnel,
RemoteServiceAccessPermissionis required.对于通过服务隧道对后端的每次调用,都需要RemoteServiceAccessPermission。 And for most services, a specific permission is required, egReadPersonPermission.对于大多数服务,需要特定的权限,例如ReadPersonPermission。 - User doesn't exist.用户不存在。
To analyze these kinds of errors, first check the logs of both the UI server and the backend server.要分析这些错误,首先检查 UI 服务器和后端服务器的日志。 If this does not help, set some breakpoints and step through the code.如果这没有帮助,请设置一些断点并单步执行代码。 Here are some classes that make a good starting point: ServerServletFilter , ServiceTunnelServlet , AccessControlService .这里有一些类可以作为一个很好的起点: ServerServletFilter 、 ServiceTunnelServlet 、 AccessControlService 。
解决方案2
0 2022-07-26 07:35:10
If your are running Java 17 version, then you need to update the private & public keys which can be found on config.properties file.如果您正在运行 Java 17 版本,那么您需要更新可以在 config.properties 文件中找到的私钥和公钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.