glassfish
  1. glassfish
  2. GLASSFISH-19064

Glassfish unreasonably denies access to JSF page with HTTP 403, restarting the domain fixes the problem

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 3.1.2
    • Fix Version/s: future release
    • Component/s: security
    • Labels:
      None
    • Environment:

      Tested on Ubuntu 12.04 x86 and Debian 6 x64.

      Description

      I've got an @Startup EJB (named EJB1) which connects to an HBase database using a library in its @PostConstruct method. The library itself takes advantage of HBase's Java API. This EJB is injected into another EJB (named EJB2) of which its local interface (EJB2Local) is injected into web-module beans, including an EJB which creates a web service and a managed bean which is tied to the index.xhtml JSF page.

      This is how I reproduce and fix the problem:
      1. Create and start a clean Glassfish domain.
      2. Deploy the ear archive.
      3. Glassfish denies access to index.xhtml with an HTTP 403 error. Other parts of the application, including the web services inside the web module, work flawlessly. The following lines get inserted into server.log upon each request for index.xhtml. Starting the domain in --verbose mode does not produce more messages at this point.

      INFO: JACC Policy Provider:Failed Permission Check: context (" App/App-war_war ") , permission (" ("javax.security.jacc.WebUserDataPermission" "" "GET") ")
      INFO: JACC Policy Provider:Failed Permission Check: context (" App/App-war_war ") , permission (" ("javax.security.jacc.WebUserDataPermission" "" "GET:CONFIDENTIAL") ")
      INFO: JACC Policy Provider:Failed Permission Check: context (" App/App-war_war ") , permission (" ("javax.security.jacc.WebUserDataPermission" "/favicon.ico" "GET") ")
      INFO: JACC Policy Provider:Failed Permission Check: context (" App/App-war_war ") , permission (" ("javax.security.jacc.WebUserDataPermission" "/favicon.ico" "GET:CONFIDENTIAL") ")

      4. Without undeploying the application, restart the domain and let the pre-deployed application start automatically.
      5. index.xhtml loads without problems.
      6. Undeploying/deploying the ear file does not reproduce the problem. To see the 403 error again, one has to create a new domain.

        Activity

        arash1988 created issue -
        shreedhar_ganapathy made changes -
        Field Original Value New Value
        Assignee shreedhar_ganapathy [ shreedhar_ganapathy ] Hong Zhang [ hzhang_jn ]
        Component/s deployment [ 10594 ]
        Hong Zhang made changes -
        Assignee Hong Zhang [ hzhang_jn ] Shing Wai Chan [ swchan2 ]
        Component/s web_container [ 10622 ]
        Component/s deployment [ 10594 ]
        Shing Wai Chan made changes -
        Assignee Shing Wai Chan [ swchan2 ] JeffTancill [ jefftancill ]
        Component/s security [ 10618 ]
        Component/s web_container [ 10622 ]
        JeffTancill made changes -
        Fix Version/s 4.0.1 [ 16061 ]
        JeffTancill made changes -
        Fix Version/s future release [ 11148 ]
        Fix Version/s 4.0.1 [ 16061 ]

          People

          • Assignee:
            JeffTancill
            Reporter:
            arash1988
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated: