glassfish
  1. glassfish
  2. GLASSFISH-20613

Need to improve fix to URISyntaxException getting monitoring data (GLASSFISH-20510)

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.1
    • Fix Version/s: 4.1
    • Component/s: admin
    • Labels:
      None

      Description

      The earlier fix for GLASSFISH-20510 can cause problems in the way resource names are actually constructed which can appear if the resource URI is used and analyzed.

      The underlying problem really was in the way the monitoring name was constructed. It yielded part of a URI path that contained illegal characters: it contained a left bracket without a matching right bracket. Because matched brackets are valid in a URI but unmatched are not, this caused an error in building the URI for the resource name.

      The correct fix is to adopt Byron's suggested change to the monitoring code and remove the URL encoding logic I added before.

        Issue Links

          Activity

          Hide
          Tim Quinn added a comment -

          Linking to the original issue

          Show
          Tim Quinn added a comment - Linking to the original issue
          Hide
          Tim Quinn added a comment -

          Fix checked in. (There is a related parallel check-in 11827 as well.)

          Project: glassfish
          Repository: svn
          Revision: 62176
          Author: tjquinn
          Date: 2013-06-07 18:03:10 UTC
          Link:

          Log Message:
          ------------
          Fix for GLASSFISH-20613

          The problem was not that the resource names needed to be encoded before creating the URI (which is what the earlier fix for 20510 did) but that the resource name from the EJB monitoring code needed to provide a URI-friendly item name.

          In a comment on 20510 Byron provided the fix for the monitoring code. This check-in includes that change and a change in CommandSecurityChecker to remove the encoding logic that was inserted earlier.

          Passed QL, the ejb dev test which failed in 20510

          Revisions:
          ----------
          62176

          Modified Paths:
          ---------------
          trunk/main/nucleus/admin/util/src/main/java/com/sun/enterprise/admin/util/CommandSecurityChecker.java
          trunk/main/appserver/ejb/ejb-container/src/main/java/com/sun/ejb/monitoring/stats/EjbMonitoringUtils.java

          Show
          Tim Quinn added a comment - Fix checked in. (There is a related parallel check-in 11827 as well.) Project: glassfish Repository: svn Revision: 62176 Author: tjquinn Date: 2013-06-07 18:03:10 UTC Link: Log Message: ------------ Fix for GLASSFISH-20613 The problem was not that the resource names needed to be encoded before creating the URI (which is what the earlier fix for 20510 did) but that the resource name from the EJB monitoring code needed to provide a URI-friendly item name. In a comment on 20510 Byron provided the fix for the monitoring code. This check-in includes that change and a change in CommandSecurityChecker to remove the encoding logic that was inserted earlier. Passed QL, the ejb dev test which failed in 20510 Revisions: ---------- 62176 Modified Paths: --------------- trunk/main/nucleus/admin/util/src/main/java/com/sun/enterprise/admin/util/CommandSecurityChecker.java trunk/main/appserver/ejb/ejb-container/src/main/java/com/sun/ejb/monitoring/stats/EjbMonitoringUtils.java
          Hide
          Tim Quinn added a comment -

          Marina correctly pointed out that changing the exposed string for the monitored elements that contain a left bracket might break existing user procedures that expect that format.

          I'm reopening this issue so that we'll leave the externally-visible monitoring name string as before but change the resource name used internally for authorization checks.

          Show
          Tim Quinn added a comment - Marina correctly pointed out that changing the exposed string for the monitored elements that contain a left bracket might break existing user procedures that expect that format. I'm reopening this issue so that we'll leave the externally-visible monitoring name string as before but change the resource name used internally for authorization checks.
          Hide
          Tim Quinn added a comment -

          Enhanced fix checked in.

          Project: glassfish
          Repository: svn
          Revision: 62180
          Author: tjquinn
          Date: 2013-06-09 15:04:58 UTC
          Link:

          Log Message:
          ------------
          Enhanced fix for GLASSFISH-20613

          The earlier fix for this changed the externally-visible string by which the monitored element was exposed (replacing the left bracket with 'ARRAY') so as to prevent a URI-unfriendly resource name (including the left bracket with no matching right one) from being used for authorization.

          These changes restore the externally-visible string, substituting ARRAY for the left bracket only internally in the resource name.

          Passed QL, the ejb dev test which failed in 20510

          Revisions:
          ----------
          62180

          Modified Paths:
          ---------------
          trunk/main/nucleus/core/kernel/src/main/java/com/sun/enterprise/v3/admin/MonitoringReporter.java
          trunk/main/appserver/ejb/ejb-container/src/main/java/com/sun/ejb/monitoring/stats/EjbMonitoringUtils.java

          Show
          Tim Quinn added a comment - Enhanced fix checked in. Project: glassfish Repository: svn Revision: 62180 Author: tjquinn Date: 2013-06-09 15:04:58 UTC Link: Log Message: ------------ Enhanced fix for GLASSFISH-20613 The earlier fix for this changed the externally-visible string by which the monitored element was exposed (replacing the left bracket with ' ARRAY ') so as to prevent a URI-unfriendly resource name (including the left bracket with no matching right one) from being used for authorization. These changes restore the externally-visible string, substituting ARRAY for the left bracket only internally in the resource name. Passed QL, the ejb dev test which failed in 20510 Revisions: ---------- 62180 Modified Paths: --------------- trunk/main/nucleus/core/kernel/src/main/java/com/sun/enterprise/v3/admin/MonitoringReporter.java trunk/main/appserver/ejb/ejb-container/src/main/java/com/sun/ejb/monitoring/stats/EjbMonitoringUtils.java

            People

            • Assignee:
              Tim Quinn
              Reporter:
              Tim Quinn
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: