AccessDeniedException: SCREEN

Hi guys,

I get the following error on the production environment. I have never seen it before in none of the environments and the restore-password-screen has not been touched for a year now… any clue??

2018-08-27 17:32:13.138 ERROR [http-nio-8080-exec-15/scope-fb/anonymous] com.haulmont.cuba.web.log.AppLog - Exception in com.haulmont.cuba.web.toolkit.ui.CubaButton: SCREEN restore-password-screen



Recently, we have added denying role for anonymous user. It means that this user cannot see or update any data through clients including REST API, and you have to explicitly grant permissions to the anonymous user. This change does not affect existing databases.

So, you have to grant permissions on registration and restore password screens to Anonymous role.

Hmm. Ok, it makes sense because demo env is a clean one, with an empty db.
I noticed the anonymous role and i deleted it because i was trying to find&remove any difference with the other environments i have.
Now I recreated it, set to denying globally and put allow on the two screens i need.
I also tried to set the role to Standard instead of Denying… but it doesn’t work either way.


Please help sir :slight_smile:

Fixed. You have to restart the application after you configure Anonymous role to allow stuff.

1 Like

Yes, anonymous user is logged in once on application start, that’s why changes are not applied immediately.

Thanks a lot @artamonov for clarification.