[ome-devel] Using omero.gateway.Gateway for sudo-connections
Dominik Lindner (Staff)
d.lindner at dundee.ac.uk
Mon Apr 18 13:30:15 BST 2016
That’s interesting. Thanks. I open a ticket in our bug tracking system for that and do so more investigation.
Regards,
Dominik
> On 18 Apr 2016, at 12:58, Christian Carsten Sachs <c.sachs at fz-juelich.de> wrote:
>
> Hello Dominik,
>
> I've tried the same example on another freshly installed OMERO at home (via Docker) and it did not work;
>
> Both users (admin and normal user, then with password) work. And sudo is needed, the getDatasets is just an example, lateron the program should manage some automated imports.
>
> Apropos, when the OMERO cli tool sudo'es, it works fine, i.e. we regularily do sudo'ed imports.
>
> Stepping through the client, the line
>
> Glacier2.RouterPrx router = Glacier2.RouterPrxHelper.checkedCast(prx);
>
> in omero.client::getRouter(Ice.Communicator comm) throws an
> Ice.ConnectTimeoutException ... but only on the third (sudo'd) time, the first guest/guest connection to lookup the admin user works, the connection as admin user works ... only the third conenction as sudo'ed other-user ends in an error ...
>
> UPDATE: I just found the problem / a workaround!
>
> I've noticed that prx (toString()) looks like this on the third time:
>
> OMERO.Glacier2/router -t -e 1.0:ssl -h hostname -p 0
>
> compared to the other times
>
> OMERO.Glacier2/router -t -e 1.0:ssl -h hostname -p 4064...
>
> I've changed my example to add
>
> ADMIN_CREDENTIALS.getServer().setPort(4064);
>
> and now it works, so apparently some code auto-guessing the port which normally is active does not seem to be active during sudo-session initialization...
>
> Thank you,
> best regards,
> Christian Sachs
>
> On 2016-04-18 09:27, Dominik Lindner (Staff) wrote:
>> Hi Christian,
>>
>> your example looks alright. And I also just tried it on one of our test servers, no problem.
>> I have to check if this “sudo” session is a feature which has to be enabled explicitly on the server.
>>
>> Can you actually log in with this user directly? Just to exclude the possibility that the user might
>> be disabled from logging in.
>>
>> In case you only need the user’s datasets, you don’t have to use a “sudo” session by the way,
>> there’s a method "getDatasets(SecurityContext ctx, long ownerId)” which retrieves the datasets
>> the user owns.
>>
>> Regards,
>> Dominik
The University of Dundee is a registered Scottish Charity, No: SC015096
More information about the ome-devel
mailing list