Error forbidden(403) on LeafNode.deleteAllItems()

Paul42 · November 1, 2013, 5:35pm

I’m getting an error forbidden on this call. I’m not sure why, since the access model is open, but I’d guessit’s because a different user is trying to clear the node than the creator of the node. The server in use is openfire.

The output of smack debug is below.

11-01 13:23:46.615: D/SMACK(2213): 01:23:46 PM SENT (-1278593608):

11-01 13:23:46.625: D/SMACK(2213): 01:23:46 PM RCV (-1278593608):

The mysql database row for this node is:

serviceid=pubsub,nodeID=target_shots_00198844D58F,leaf=1,creationDate=0013818726 25544,modificationDate=001381872625544,parent=,deliverPayloads=1,

maxPayloadSize=5120,persistItems=1,maxItems=-1,notifyConfigChanges=1,notifyDelet e=0,notifyRetract=0,presenceBased=0,sendItemSubscribe=0,

publisherModel=open,subscriptionEnabled=1,configSubscription=0,accessModel=open, and so on.

Any idea how to fix this error?

Robin_Collier · November 5, 2013, 2:11pm

You are correct, if someone other than a node owner tries to purge, this is the expected response.

An open access model simply allows anyone to subscribe and retrieve items without any approval required.

Paul42 · November 5, 2013, 2:13pm

Ah, is it possible to change the owner and have more than one owner?

Robin_Collier · November 6, 2013, 11:23pm

You can add as many node owners as you like. In fact, a coworker of mine created a plugin (for Openfire) that would automatically make a user a node owner when they tried to delete a node so it would always work, which worked great for our particular use case.

Paul42 · November 6, 2013, 11:26pm

Ah, I don’t suppose by any chance that plugin is available?

If not, is it possible to add owners from smack, and can it be done by non owners?

Robin_Collier · November 12, 2013, 5:38pm

Unfortunately, I don’t have the plugin code to give you, but it was pretty trivial, you just have to write a plugin that also implements PacketInterceptor. Check the incoming packets for a the purge request and then add the requestor as a node owner via node.addOwner(bareJid), if they aren’t already.

Smack does not have support for the affiliation management part of the spec. You can fairly easily write the packets manually and send them, but this still cannot be done unless you have the appropriate priviliges, which typically means a node owner or admin. To effectively bypass this authorization, I am pretty sure you will have to do that from the server side.