Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

SetUserSecurityProfile throws error in Pega 7.1.7

SA-13174

Summary



While toggling from one language to another in a portal, on clicking translate button, an exception occurs.


Error Messages



Authentication modification permitted if top-most activity is a PRExternal handler - invalid root activity: RULE-OBJ-ACTIVITY CODE-SECURITY TOGGLELANGUAGEENFR #20150622T071201.335 GMT


Steps to Reproduce
  1. In the portal, click Language toggle button, which has an activity that makes a call to SetUserSecurityProfile method.
  2. Have the prconfig setting <env name="authentication/trojanhorseprotection" value="1" />  in prconfig.xml. 


Root Cause



Re-authentication is not performed. Operator page is modified based on the new language and then saved, followed by a call to setUserSecurityProfile where desktop is redisplayed with the new language.  
 
Note: Method, SetUserSecurityProfile, is deprecated in latest versions of PRPC as they are insecure – they do not validate passwords or identity, they  merely configure the session using the specified operator profile or access group.
The same configuration would work by turning off trojanhorseprotection which is not the recommended approach.
 

Resolution



Below is the code to be substituted in place of setUserSecurityProfile in step10 of your activity This activity has to change the locale of the operator ID.
 
PRThread thread = tools.getThread();
ClipboardPage pxReqTemp = tools.getStepPage();
 
String strDateLocale = tools.getParamValue("dateLocale");
String strNumberLocale = tools.getParamValue("numberLocale");
String strDefaultLocale = tools.getParamValue("useLocale");
 
try {
                thread.setLocaleName(PRThread.LOCALE_FOR_DATES, strDateLocale);
} catch (InvalidLocaleException ilEx) {
                pxReqTemp.addMessage("Invalid Date Locale: " + ilEx.getMessage());
                thread.getStepStatus().set(ProcessingStatus.SEVERITY_FAIL, "Invalid-Locale", ilEx.getMessage());
}
 
try {
                thread.setLocaleName(PRThread.LOCALE_FOR_NUMBERS, strNumberLocale);
} catch (InvalidLocaleException ilEx) {
                pxReqTemp.addMessage("Invalid Number Locale: " + ilEx.getMessage());
                thread.getStepStatus().set(ProcessingStatus.SEVERITY_FAIL, "Invalid-Locale", ilEx.getMessage());
}
 
try {
                thread.setLocaleName(PRThread.LOCALE_DEFAULT, strDefaultLocale);
} catch (InvalidLocaleException ilEx) {
                pxReqTemp.addMessage("Invalid Default Locale: " + ilEx.getMessage());
                thread.getStepStatus().set(ProcessingStatus.SEVERITY_FAIL, "Invalid-Locale", ilEx.getMessage());
}
 

Tags:

Pega Platform Pega Platform 7.1.7 Security

Published October 5, 2015 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve?
Suggest an edit
Report a Pega Community bug

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice