glassfish
  1. glassfish
  2. GLASSFISH-20055

[Batch RI] Batch Job servlets/ejb applications able to stop/restart/abandon other batch job executions

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.0_b81
    • Fix Version/s: 4.0_b82_EE7MS7
    • Component/s: batch
    • Labels:
      None

      Description

      Tested with latest nightly build 82

      asadmin list-batch-jobs -l list all the batch jobs available

      Try to stop/restart/abandon a batch execution by providing execution id from other servlet/ejb apps

      Issue --> list batch jobs from an servlet/ejb displays only the current application batch jobs, the same thing should be applied to stop/restart/abandon batch jobs

        Activity

        Hide
        Mahesh Kannan added a comment -

        The jobOperator.getJobNames() uses BatchSecurityHelper to find out if the caller is an Admin. If not it calls BatchSecurityHelper.getCurrentTag() to determine the current app.

        I guess these other APIs in JobOperator (stop/restart/abandon) must also make use of BatchSecurityHelper to prevent this use case.

        Show
        Mahesh Kannan added a comment - The jobOperator.getJobNames() uses BatchSecurityHelper to find out if the caller is an Admin. If not it calls BatchSecurityHelper.getCurrentTag() to determine the current app. I guess these other APIs in JobOperator (stop/restart/abandon) must also make use of BatchSecurityHelper to prevent this use case.
        Hide
        ScottKurz added a comment -

        Yes, it looks like we have some gaps here. Not sure if we'll fix tomorrow, but by end of week.

        Show
        ScottKurz added a comment - Yes, it looks like we have some gaps here. Not sure if we'll fix tomorrow, but by end of week.
        Hide
        ScottKurz added a comment -

        This should be fixed in the 1.0-b22 drop.

        Show
        ScottKurz added a comment - This should be fixed in the 1.0-b22 drop.

          People

          • Assignee:
            arunkumar_s
            Reporter:
            arunkumar_s
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: