glassfish
  1. glassfish
  2. GLASSFISH-19943

Audit module (webInvocation callback) tests failed in GF4.0

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0_b85
    • Component/s: security
    • Labels:
      None
    • Environment:

      build 80
      OEL5.8

      Description

      There are 4 tests failed in Audit module. Steps to reproduce the bug:

      1. Install GF4.0, start domain
      2. Checkout SQE workspace:
      cvs co appserver-sqe/bootstrap.xml
      (CVSROOT: :pserver:<your cvs user>@sunsw.us.oracle.com:/m/jws
      cd appserver-sqe
      ant -f bootstrap.xml co-security
      3.set following env. variables
      S1AS_HOME <GF install dir>, for example: /export/sonia/v4/glassfish4/glassfish
      SPS_HOME <appserver-sqe>, for example: /export/sonia/appserver-sqe
      ANT_HOME <ant location>, for example: /export/sonia/ant-1.7.1
      JAVA_HOME <java location>, for example: /export/sonia/jdk1.7.0_04
      4. cd <workspace dir>/appserver-sqe/, run "ant startDerby" to start derby database
      5. cd <workspace dir>/appserver-sqe/pe/security/auditmodule/, run "ant v3". The following tests failed
      update-j2ee-status-searchstrings:
      [java] WS HOME appserver-sqe
      [java] ====>isPositive property is true
      [java] *** Check for expected string in actual file ***
      [java] Expected String:SQEPluggableAuditModule::authentication(testuser3,file,true) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::authentication(j2ee,file,false) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::webInvocation(null,null,null,hasUserDataPermission,true) NOT found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::webInvocation(testuser3,BASIC,testuser3,hasResourcePermission,true) NOT found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::webInvocation(null,null,null,hasUserDataPermission,true) NOT found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::webInvocation(j2ee,BASIC,j2ee,hasResourcePermission,false) NOT found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::ejbInvocation(j2ee,MethodPermissionsBean,public abstract com.sun.s1peqe.security.authoriz.methodperms.MethodPermRemote com.sun.s1peqe.security.authoriz.methodperms.MethodPermRemoteHome.create(java.lang.String) throws java.rmi.RemoteException,javax.ejb.CreateException,true) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::ejbInvocation(j2ee,MethodPermissionsBean,public abstract java.lang.String com.sun.s1peqe.security.authoriz.methodperms.MethodPermRemote.authorizedMethod(java.lang.String,int) throws java.rmi.RemoteException,true) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::ejbInvocation(j2ee,MethodPermissionsBean,public abstract java.lang.String com.sun.s1peqe.security.authoriz.methodperms.MethodPermRemote.sayGoodbye() throws java.rmi.RemoteException,false) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::ejbAsWebServiceInvocation(StateTaxIFPort,true) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::webServiceInvocation(/TaxCalWSServlet/statetaxservlet,StateTaxIFPort,true) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::serverStarted()...invoked after server started found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Expected String:SQEPluggableAuditModule::serverShutdown()...invoked after server shutdown found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
      [java] Generating report at /export/sonia/appserver-sqe/test_results.xml
      [java]
      [java]
      [java] -----------------------------------------
      [java] - Audit ejbAsWebServiceInvocation callback-ejbws: PASS -
      [java] - Audit ejbInvocation callback-authuser-2: PASS -
      [java] - Audit authentication callback-validuser: PASS -
      [java] - Audit webInvocation callback-authuser-res: FAIL -
      [java] - Audit webInvocation callback-unauthuser-data: FAIL -
      [java] - Audit webServiceInvocation callback-servletws: PASS -
      [java] - Audit webInvocation callback-authuser-data: FAIL -
      [java] - Audit webInvocation callback-unauthuser-res: FAIL -
      [java] - Audit serverStarted callback-Started: PASS -
      [java] - Audit ejbInvocation callback-authuser: PASS -
      [java] - Audit authentication callback-invaliduser: PASS -
      [java] - Audit serverShutdown callback-Shutdown: PASS -
      [java] - Audit ejbInvocation callback-unauthuser: PASS -
      [java] -----------------------------------------
      [java] Total PASS: 9
      [java] Total FAIL: 4
      [java] Total DNR: 0


      It seems to me that the audit module is not properly loaded by container, otherwise the audit module will write to the file and messages should be displayed in server.log. These tests were passing in V3.x and failed for GF4.0 only.
      The test expect to see following messages:
      PluggableAuditModule Audit webInvocation callback-authuser-data|SQEPluggableAuditModule::webInvocation(null,null,null,hasUserDataPermission,true)|
      PluggableAuditModule Audit webInvocation callback-authuser-res|SQEPluggableAuditModule::webInvocation(testuser3,BASIC,testuser3,hasResourcePermission,true)|
      PluggableAuditModule Audit webInvocation callback-unauthuser-data|SQEPluggableAuditModule::webInvocation(null,null,null,hasUserDataPermission,true)|
      PluggableAuditModule Audit webInvocation callback-unauthuser-res|SQEPluggableAuditModule::webInvocation(j2ee,BASIC,j2ee,hasResourcePermission,false)|

        Issue Links

          Activity

          Hide
          Shing Wai Chan added a comment -

          In v3 and possibly earlier, com.sun.appserv.security.AuditModule is a public interface. See for instance, http://docs.oracle.com/cd/E19355-01/820-4282/beabw/index.html .
          Users create their own audit class by extending AuditModule.
          With the new interface change, it will introduce a backward incompatibility here for user.

          Show
          Shing Wai Chan added a comment - In v3 and possibly earlier, com.sun.appserv.security.AuditModule is a public interface. See for instance, http://docs.oracle.com/cd/E19355-01/820-4282/beabw/index.html . Users create their own audit class by extending AuditModule. With the new interface change, it will introduce a backward incompatibility here for user.
          Hide
          Tim Quinn added a comment -

          Looks like this one's coming back to me.

          Show
          Tim Quinn added a comment - Looks like this one's coming back to me.
          Hide
          Tim Quinn added a comment -
          • What is the impact on the customer of the bug?
            Regression. A published API has changed, breaking compatibility. At least one SQE test fails that tests the public API fails.
          • What is the cost/risk of fixing the bug?
            The fix is conceptually simple but moderate in practice. We have had to move the publicly documented classes from nucleus into an appserver module (to restore the broken API which depends on the servlet-api module). But some of the behavior had to remain in nucleus, and this required new base classes in nucleus which the moved classes could extend, changes in nucleus so references to the moved classes became references to the new base classes, a new service in the app server that extends a nucleus service, and changing some injection sites in the app server to inject this new app server service instead of the nucleus service.
          • Is there an impact on documentation or message strings?
            The current documentation does not identify which module a user needs to build against when extending one of the published classes, but it should so there probably should be a doc change – not because of the fix but because the earlier doc was incomplete anyway.
          • Which tests should QA (re)run to verify the fix did not destabilize GlassFish?
            SQE tests.
          • Which is the targeted build of 4.0 for this fix?
            b85
          • If this an integration of a new version of a component from another project,
            what are the changes that are being brought in?
            n/a
          Show
          Tim Quinn added a comment - What is the impact on the customer of the bug? Regression. A published API has changed, breaking compatibility. At least one SQE test fails that tests the public API fails. What is the cost/risk of fixing the bug? The fix is conceptually simple but moderate in practice. We have had to move the publicly documented classes from nucleus into an appserver module (to restore the broken API which depends on the servlet-api module). But some of the behavior had to remain in nucleus, and this required new base classes in nucleus which the moved classes could extend, changes in nucleus so references to the moved classes became references to the new base classes, a new service in the app server that extends a nucleus service, and changing some injection sites in the app server to inject this new app server service instead of the nucleus service. Is there an impact on documentation or message strings? The current documentation does not identify which module a user needs to build against when extending one of the published classes, but it should so there probably should be a doc change – not because of the fix but because the earlier doc was incomplete anyway. Which tests should QA (re)run to verify the fix did not destabilize GlassFish? SQE tests. Which is the targeted build of 4.0 for this fix? b85 If this an integration of a new version of a component from another project, what are the changes that are being brought in? n/a
          Hide
          Tim Quinn added a comment -

          I would have attached this as a separate document if I could, so I'm just including it as a long comment instead. This is a description of the underlying problem and the solution approach I sent to the reviewers.

          General problem:

          In 2011, in the early days of GlassFish 4.0, a lot of work went into separating nucleus-only code from app server code.

          One class affected was the abstract class com.sun.appserv.security.AuditModule. In GF 3.x this class's webInvocation method accepted an argument of type HttpServletRequest. Because no nucleus module should depend on the servlet API module (which defines HttpServletRequest) that argument was changed to be of type Object as part of the nucleus/appserver separation.

          This allowed the nucleus module to compile without depending on the servlet API module, but it also changed the public interface and therefore broke backward compatibility. These changes correct that.

          How Auditing Works (basically) Today

          Nucleus contains the AuditManager class (a @Service) which records what AuditModules are configured. Both nucleus and EE components @Inject AuditManager and then invoke its methods to report audited events. AuditManager then broadcasts the events to the registered AuditModules.

          General idea of the solution

          Restoring the AuditModule API to its published form requires moving it to an appserver module that depends on the servlet-api module, and that means that AuditManager (in nucleus) would not see it. So we need to do more.

          Basically we need to:

          1. Move the package com.sun.appserv.security and all its classes (they are all publicly documented) from nucleus/security/core to appserver/common/glassfish-api-ee.

          2. Nucleus still needs to refer to at least some methods on each of those classes, so create new base classes for each in nucleus/security/core (which the com.sun.appserv.security classes extend) and have nucleus refer to the base classes.

          Conceptually, that's all. The details are quite a bit more involved. Here are the details:

          1. Move the publicly-documented classes.

          a. Move the com.sun.appserv.security package (and its classes) from nucleus/security/core to appserver/common/glassfish-api-ee, adjusting both osgi.properties files accordingly. The other classes in that package (AppservCertificateLoginModule, AppservPasswordLoginModule, AppservRealm, and ProgrammaticLoginPermission) are not EE-specific but they are also publicly documented as being in that package so they move too to avoid split packages.
          b. For each class AppservX in com.sun.appserv.security create a nucleus counterpart BaseX in nucleus/security/core in package com.sun.enterprise.security and have AppservX extend BaseX. (The base class for ProgrammaticLoginPermission is BaseProgrammaticLoginPermission.) In each case move any non-EE methods to the base class.
          c. Change all nucleus code that refers to any moved class so it refers to the base class instead. This preserves the effective public API of each of the com.sun.appserv.security classes.

          2. Deal with the AuditManager class. Nucleus and app server code used to @Inject the AuditManager class.

          a. Convert AuditManager to a @Contract interface that specifies only nucleus-related methods.
          b. Put the nucleus-related code from the old AuditManager class into the nucleus @Service BaseAuditManager which implements the new AuditManager interface.
          c. Put the EE-specific code from the old AuditManager class into the new app server @Service AppServerAuditManager which extends BaseAuditManager (and therefore also implements AuditManager) and has a higher @Rank than BaseAuditManager. At runtime hk2 will prefer the app server AuditManager implementation and inject it at "@Inject AuditManager" sites as well as at "@Inject AppServerAuditManager" sites in app server modules.
          d. Nucleus code that currently uses AuditManager uses BaseAuditManager instead.
          e. Change app server code that used to inject AuditModule to inject @AppServerAuditManager so it can invoke the EE-specific methods.

          Modules affected:

          appserver/common/glassfish-ee-api
          This module now hosts the com.sun.appserv.security package which used to reside in main/nucleus/security/core. The classes simply extend their new nucleus superclasses which are now in nucleus/security/core but in package com.sun.enterprise.security. Updated osgi.bundle accordingly.

          appserver/ejb/ejb-container
          Change old references to AuditManager to AppServerAuditManager instead.

          appserver/security/core-ee
          Added the com.sun.enterprise.security.ee.audit package to host AppServerAuditManager. Updated osgi.bundle accordingly.

          appserver/security/webservices.security
          Change old references to AuditManager to AppServerAuditManager.

          nuclues/security/core
          The com.sun.appserv.security package is gone, moved to appserver/common/glassfish-ee-api. New classes in the com.sun.enterprise.security package are the base superclasses for those moved classes. Change previous references to the moved classes to their new base class counterparts.

          Here is the list of svn changes that make up this change:

          A main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security
          A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservRealm.java
          A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservPasswordLoginModule.java
          A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservCertificateLoginModule.java
          A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/ProgrammaticLoginPermission.java
          A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AuditModule.java
          M main/appserver/common/glassfish-ee-api/osgi.bundle
          M main/appserver/common/glassfish-ee-api/pom.xml
          M main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java
          M main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/factory/EJBSecurityManagerFactory.java
          A main/appserver/security/core-ee/src/main/java/com/sun/appserv
          A main/appserver/security/core-ee/src/main/java/com/sun/appserv/security
          A main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit
          A + main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/LocalStrings.properties
          A + main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/AppServerAuditManager.java
          M main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/web/integration/WebSecurityManager.java
          M main/appserver/security/core-ee/osgi.bundle
          M main/appserver/security/core-ee/pom.xml
          M main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/WebServiceSecurity.java
          M main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/SecurityServiceImpl.java
          M main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/jmac/provider/config/PipeHelper.java
          D main/nucleus/security/core/src/main/java/com/sun/appserv/security
          D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AppservRealm.java
          D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AppservCertificateLoginModule.java
          D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AppservPasswordLoginModule.java
          D main/nucleus/security/core/src/main/java/com/sun/appserv/security/ProgrammaticLoginPermission.java
          D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AuditModule.java
          A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseAuditModule.java
          A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseCertificateLoginModule.java
          M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/realm/IASRealm.java
          M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/PasswordLoginModule.java
          M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/LoginContextDriver.java
          A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseProgrammaticLoginPermission.java
          M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/LocalStrings.properties
          M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/AuditManager.java
          A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/BaseAuditManager.java
          M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityLifecycle.java
          A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseRealm.java
          A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BasePasswordLoginModule.java
          M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityConfigListener.java
          M main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/realm/IASRealm.java
          M main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/login/PasswordLoginModule.java
          A main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit
          A + main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit/LocalStrings.properties
          M main/nucleus/security/core/osgi.bundle

          Show
          Tim Quinn added a comment - I would have attached this as a separate document if I could, so I'm just including it as a long comment instead. This is a description of the underlying problem and the solution approach I sent to the reviewers. General problem: In 2011, in the early days of GlassFish 4.0, a lot of work went into separating nucleus-only code from app server code. One class affected was the abstract class com.sun.appserv.security.AuditModule. In GF 3.x this class's webInvocation method accepted an argument of type HttpServletRequest. Because no nucleus module should depend on the servlet API module (which defines HttpServletRequest) that argument was changed to be of type Object as part of the nucleus/appserver separation. This allowed the nucleus module to compile without depending on the servlet API module, but it also changed the public interface and therefore broke backward compatibility. These changes correct that. How Auditing Works (basically) Today Nucleus contains the AuditManager class (a @Service) which records what AuditModules are configured. Both nucleus and EE components @Inject AuditManager and then invoke its methods to report audited events. AuditManager then broadcasts the events to the registered AuditModules. General idea of the solution Restoring the AuditModule API to its published form requires moving it to an appserver module that depends on the servlet-api module, and that means that AuditManager (in nucleus) would not see it. So we need to do more. Basically we need to: 1. Move the package com.sun.appserv.security and all its classes (they are all publicly documented) from nucleus/security/core to appserver/common/glassfish-api-ee. 2. Nucleus still needs to refer to at least some methods on each of those classes, so create new base classes for each in nucleus/security/core (which the com.sun.appserv.security classes extend) and have nucleus refer to the base classes. Conceptually, that's all. The details are quite a bit more involved. Here are the details: 1. Move the publicly-documented classes. a. Move the com.sun.appserv.security package (and its classes) from nucleus/security/core to appserver/common/glassfish-api-ee, adjusting both osgi.properties files accordingly. The other classes in that package (AppservCertificateLoginModule, AppservPasswordLoginModule, AppservRealm, and ProgrammaticLoginPermission) are not EE-specific but they are also publicly documented as being in that package so they move too to avoid split packages. b. For each class AppservX in com.sun.appserv.security create a nucleus counterpart BaseX in nucleus/security/core in package com.sun.enterprise.security and have AppservX extend BaseX. (The base class for ProgrammaticLoginPermission is BaseProgrammaticLoginPermission.) In each case move any non-EE methods to the base class. c. Change all nucleus code that refers to any moved class so it refers to the base class instead. This preserves the effective public API of each of the com.sun.appserv.security classes. 2. Deal with the AuditManager class. Nucleus and app server code used to @Inject the AuditManager class. a. Convert AuditManager to a @Contract interface that specifies only nucleus-related methods. b. Put the nucleus-related code from the old AuditManager class into the nucleus @Service BaseAuditManager which implements the new AuditManager interface. c. Put the EE-specific code from the old AuditManager class into the new app server @Service AppServerAuditManager which extends BaseAuditManager (and therefore also implements AuditManager) and has a higher @Rank than BaseAuditManager. At runtime hk2 will prefer the app server AuditManager implementation and inject it at "@Inject AuditManager" sites as well as at "@Inject AppServerAuditManager" sites in app server modules. d. Nucleus code that currently uses AuditManager uses BaseAuditManager instead. e. Change app server code that used to inject AuditModule to inject @AppServerAuditManager so it can invoke the EE-specific methods. Modules affected: appserver/common/glassfish-ee-api This module now hosts the com.sun.appserv.security package which used to reside in main/nucleus/security/core. The classes simply extend their new nucleus superclasses which are now in nucleus/security/core but in package com.sun.enterprise.security. Updated osgi.bundle accordingly. appserver/ejb/ejb-container Change old references to AuditManager to AppServerAuditManager instead. appserver/security/core-ee Added the com.sun.enterprise.security.ee.audit package to host AppServerAuditManager. Updated osgi.bundle accordingly. appserver/security/webservices.security Change old references to AuditManager to AppServerAuditManager. nuclues/security/core The com.sun.appserv.security package is gone, moved to appserver/common/glassfish-ee-api. New classes in the com.sun.enterprise.security package are the base superclasses for those moved classes. Change previous references to the moved classes to their new base class counterparts. Here is the list of svn changes that make up this change: A main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservRealm.java A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservPasswordLoginModule.java A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservCertificateLoginModule.java A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/ProgrammaticLoginPermission.java A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AuditModule.java M main/appserver/common/glassfish-ee-api/osgi.bundle M main/appserver/common/glassfish-ee-api/pom.xml M main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java M main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/factory/EJBSecurityManagerFactory.java A main/appserver/security/core-ee/src/main/java/com/sun/appserv A main/appserver/security/core-ee/src/main/java/com/sun/appserv/security A main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit A + main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/LocalStrings.properties A + main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/AppServerAuditManager.java M main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/web/integration/WebSecurityManager.java M main/appserver/security/core-ee/osgi.bundle M main/appserver/security/core-ee/pom.xml M main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/WebServiceSecurity.java M main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/SecurityServiceImpl.java M main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/jmac/provider/config/PipeHelper.java D main/nucleus/security/core/src/main/java/com/sun/appserv/security D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AppservRealm.java D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AppservCertificateLoginModule.java D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AppservPasswordLoginModule.java D main/nucleus/security/core/src/main/java/com/sun/appserv/security/ProgrammaticLoginPermission.java D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AuditModule.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseAuditModule.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseCertificateLoginModule.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/realm/IASRealm.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/PasswordLoginModule.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/LoginContextDriver.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseProgrammaticLoginPermission.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/LocalStrings.properties M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/AuditManager.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/BaseAuditManager.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityLifecycle.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseRealm.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BasePasswordLoginModule.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityConfigListener.java M main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/realm/IASRealm.java M main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/login/PasswordLoginModule.java A main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit A + main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit/LocalStrings.properties M main/nucleus/security/core/osgi.bundle
          Hide
          Tim Quinn added a comment -

          Fix checked in:

          Project: glassfish
          Repository: svn
          Revision: 61370
          Author: tjquinn
          Date: 2013-04-11 18:42:02 UTC
          Link:

          Log Message:
          ------------
          Fix for GLASSFISH-19943

          In 2011, in the early days of GlassFish 4.0, a lot of work went into separating nucleus-only code from app server code.

          One class affected was the abstract class com.sun.appserv.security.AuditModule. In GF 3.x this class's webInvocation method accepted an argument of type HttpServletRequest. Because no nucleus module should depend on the servlet API module (which defines HttpServletRequest) that argument was changed to be of type Object as part of the nucleus/appserver separation.

          This allowed the nucleus module to compile without depending on the servlet API module, but it also changed the public interface and therefore broke backward compatibility. These changes correct that by, basically, moving the com.sun.appserv.security package from the nucleus/security/core module into appserver/common/glassfish-api-ee, but there is much more to it than that. Please see the issue where I've described in detail everything that's going on with this checkin.

          Approved: Michael Chen
          Reviewed: Jeff T (security changes), Marina (ejb changes), Romain (pom.xml and osgi.bundle changes)
          Passed QL, the SQE test which failed before these changes, GlassFish admin dev tests, ejb dev tests, deploymenet dev tests

          Revisions:
          ----------
          61370

          Modified Paths:
          ---------------
          trunk/main/nucleus/security/core/osgi.bundle
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/realm/IASRealm.java
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/LoginContextDriver.java
          trunk/main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/WebServiceSecurity.java
          trunk/main/appserver/security/core-ee/osgi.bundle
          trunk/main/appserver/common/glassfish-ee-api/pom.xml
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/PasswordLoginModule.java
          trunk/main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java
          trunk/main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/factory/EJBSecurityManagerFactory.java
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/AuditManager.java
          trunk/main/appserver/security/core-ee/pom.xml
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityConfigListener.java
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityLifecycle.java
          trunk/main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/login/PasswordLoginModule.java
          trunk/main/appserver/common/glassfish-ee-api/osgi.bundle
          trunk/main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/jmac/provider/config/PipeHelper.java
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/LocalStrings.properties
          trunk/main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/SecurityServiceImpl.java
          trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/web/integration/WebSecurityManager.java
          trunk/main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/realm/IASRealm.java

          Added Paths:
          ------------
          trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseRealm.java
          trunk/main/appserver/security/core-ee/src/main/java/com/sun/appserv
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseProgrammaticLoginPermission.java
          trunk/main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit
          trunk/main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit/LocalStrings.properties
          trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/LocalStrings.properties
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BasePasswordLoginModule.java
          trunk/main/appserver/security/core-ee/src/main/java/com/sun/appserv/security
          trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservPasswordLoginModule.java
          trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security
          trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservCertificateLoginModule.java
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseAuditModule.java
          trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/AppServerAuditManager.java
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseCertificateLoginModule.java
          trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/BaseAuditManager.java
          trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservRealm.java
          trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AuditModule.java
          trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/ProgrammaticLoginPermission.java

          Show
          Tim Quinn added a comment - Fix checked in: Project: glassfish Repository: svn Revision: 61370 Author: tjquinn Date: 2013-04-11 18:42:02 UTC Link: Log Message: ------------ Fix for GLASSFISH-19943 In 2011, in the early days of GlassFish 4.0, a lot of work went into separating nucleus-only code from app server code. One class affected was the abstract class com.sun.appserv.security.AuditModule. In GF 3.x this class's webInvocation method accepted an argument of type HttpServletRequest. Because no nucleus module should depend on the servlet API module (which defines HttpServletRequest) that argument was changed to be of type Object as part of the nucleus/appserver separation. This allowed the nucleus module to compile without depending on the servlet API module, but it also changed the public interface and therefore broke backward compatibility. These changes correct that by, basically, moving the com.sun.appserv.security package from the nucleus/security/core module into appserver/common/glassfish-api-ee, but there is much more to it than that. Please see the issue where I've described in detail everything that's going on with this checkin. Approved: Michael Chen Reviewed: Jeff T (security changes), Marina (ejb changes), Romain (pom.xml and osgi.bundle changes) Passed QL, the SQE test which failed before these changes, GlassFish admin dev tests, ejb dev tests, deploymenet dev tests Revisions: ---------- 61370 Modified Paths: --------------- trunk/main/nucleus/security/core/osgi.bundle trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/realm/IASRealm.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/LoginContextDriver.java trunk/main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/WebServiceSecurity.java trunk/main/appserver/security/core-ee/osgi.bundle trunk/main/appserver/common/glassfish-ee-api/pom.xml trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/PasswordLoginModule.java trunk/main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java trunk/main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/factory/EJBSecurityManagerFactory.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/AuditManager.java trunk/main/appserver/security/core-ee/pom.xml trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityConfigListener.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityLifecycle.java trunk/main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/login/PasswordLoginModule.java trunk/main/appserver/common/glassfish-ee-api/osgi.bundle trunk/main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/jmac/provider/config/PipeHelper.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/LocalStrings.properties trunk/main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/SecurityServiceImpl.java trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/web/integration/WebSecurityManager.java trunk/main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/realm/IASRealm.java Added Paths: ------------ trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseRealm.java trunk/main/appserver/security/core-ee/src/main/java/com/sun/appserv trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseProgrammaticLoginPermission.java trunk/main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit trunk/main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit/LocalStrings.properties trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/LocalStrings.properties trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BasePasswordLoginModule.java trunk/main/appserver/security/core-ee/src/main/java/com/sun/appserv/security trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservPasswordLoginModule.java trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservCertificateLoginModule.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseAuditModule.java trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/AppServerAuditManager.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseCertificateLoginModule.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/BaseAuditManager.java trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservRealm.java trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AuditModule.java trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/ProgrammaticLoginPermission.java

            People

            • Assignee:
              Tim Quinn
              Reporter:
              sonialiu
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: