glassfish
  1. glassfish
  2. GLASSFISH-3722

WARNING: No Principals mapped to Role [noaccess]

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 9.1peur1
    • Fix Version/s: 9.1.1
    • Component/s: admin_gui
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      3,722
    • Status Whiteboard:
      Hide

      as91ur1-na, 911Approved

      Show
      as91ur1-na, 911Approved

      Description

      glassfish v2 FCS has this warning in server.log upon startup:

      [#|2007-10-03T09:11:13.252-0400|WARNING|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=10;_ThreadName=main;_RequestID=a5883951-4190-4de4-8557-a350008c4ef8;|No
      Principals mapped to Role [noaccess].|#]

      A search shows glassfish/lib/install/applications/admingui/adminGUI_war/WEB-INF,
      where noaccess role is used in web.xml, but not declared with <security-role> in
      web.xml, nor was it mapped in sun-web.xml with <security-role-mapping>

      It looks like a false alarm. An FCS product should not show any WARNING
      messages when running normally. Can we eliminate this WARNING from server.log
      by doing an explicit declaration and mapping?

        Activity

        Hide
        Anissa Lam added a comment -

        Please evaluate and after we have the fix, we will ask for approval to checkin
        to UR1 branch.

        Show
        Anissa Lam added a comment - Please evaluate and after we have the fix, we will ask for approval to checkin to UR1 branch.
        Hide
        gfbugbridge added a comment -

        <BT6612798>

        Show
        gfbugbridge added a comment - <BT6612798>
        Hide
        Anissa Lam added a comment -

        Senthil has worked out the fix, but sorry we didn't get the permission to fix
        this in 9.1 UR1 release. If you strongly believe this needs to be fixed in UR1
        instead of waiting for the next release, please update this issue with your request.

        For now, i update this issue with the fix so that we can check in to the next
        release branch when it is available.

        Index: sun-web.xml
        ===================================================================
        RCS file: /cvs/glassfish/admin-gui/src/docroot/WEB-INF/sun-web.xml,v
        retrieving revision 1.4.8.1
        diff -c -r1.4.8.1 sun-web.xml

            • sun-web.xml 2 Oct 2007 03:45:55 -0000 1.4.8.1
            • sun-web.xml 3 Oct 2007 22:24:30 -0000
              ***************
            • 45,50 ****
            • 45,54 ----
              <principal-name>admin</principal-name>
              <group-name>asadmin</group-name>
              </security-role-mapping>
              + <security-role-mapping>
              + <role-name>noaccess</role-name>
              + <principal-name>noaccess</principal-name>
              + </security-role-mapping>

        <session-config>
        <session-manager>

        Show
        Anissa Lam added a comment - Senthil has worked out the fix, but sorry we didn't get the permission to fix this in 9.1 UR1 release. If you strongly believe this needs to be fixed in UR1 instead of waiting for the next release, please update this issue with your request. For now, i update this issue with the fix so that we can check in to the next release branch when it is available. Index: sun-web.xml =================================================================== RCS file: /cvs/glassfish/admin-gui/src/docroot/WEB-INF/sun-web.xml,v retrieving revision 1.4.8.1 diff -c -r1.4.8.1 sun-web.xml sun-web.xml 2 Oct 2007 03:45:55 -0000 1.4.8.1 sun-web.xml 3 Oct 2007 22:24:30 -0000 *************** 45,50 **** 45,54 ---- <principal-name>admin</principal-name> <group-name>asadmin</group-name> </security-role-mapping> + <security-role-mapping> + <role-name>noaccess</role-name> + <principal-name>noaccess</principal-name> + </security-role-mapping> <session-config> <session-manager>
        Hide
        Cheng Fang added a comment -

        First thanks for the prompt resolution. Why I think this needs to be fix in ur1?

        1. this is a very low risk fix;

        2. an FCS-quality product should not have false alarm warming messages. It
        casts doubt on the overall quality of glassfish. Admittedly, no real problem is
        caused by having this warning message. But I think we should give users,
        especially new users a perfect impression.

        3. How do people (app developers and sysadmin) tell if this is a false alarm or
        genuine warning? How do they know if it's something related to their deployed
        apps? Why should they waste time checking their apps for "noaccess"? They have
        every reason to expect a clean run of glassfish.

        BTW, in the suggested fix, do we also need to declare the security-role in
        web.xml? I see noaccess is used as a role name but not declared with
        <security-role>. If noaccess (the principal) does not actually exist in
        appserver, will that also generate a warning? Just a thought.

        Show
        Cheng Fang added a comment - First thanks for the prompt resolution. Why I think this needs to be fix in ur1? 1. this is a very low risk fix; 2. an FCS-quality product should not have false alarm warming messages. It casts doubt on the overall quality of glassfish. Admittedly, no real problem is caused by having this warning message. But I think we should give users, especially new users a perfect impression. 3. How do people (app developers and sysadmin) tell if this is a false alarm or genuine warning? How do they know if it's something related to their deployed apps? Why should they waste time checking their apps for "noaccess"? They have every reason to expect a clean run of glassfish. BTW, in the suggested fix, do we also need to declare the security-role in web.xml? I see noaccess is used as a role name but not declared with <security-role>. If noaccess (the principal) does not actually exist in appserver, will that also generate a warning? Just a thought.
        Hide
        cchidamb added a comment -

        I appreciate your passion to deliver a high quality product. If you're a sun
        employee could you pls email me at cchidamb@sun.com. I can tell you who you can
        talk to, to get this fixed. Obvious reasons we can't convince him , but you can.

        About your other concern regarding principal-name not defined in appserver, it's
        not generating any WARNING, I've tested it.

        Show
        cchidamb added a comment - I appreciate your passion to deliver a high quality product. If you're a sun employee could you pls email me at cchidamb@sun.com. I can tell you who you can talk to, to get this fixed. Obvious reasons we can't convince him , but you can. About your other concern regarding principal-name not defined in appserver, it's not generating any WARNING, I've tested it.
        Hide
        Anissa Lam added a comment -

        We cannot get approval to fix this in UR1.
        Mark target milestone to 9.1.1

        Show
        Anissa Lam added a comment - We cannot get approval to fix this in UR1. Mark target milestone to 9.1.1
        Hide
        Anissa Lam added a comment -

        Add as91ur1-na in the whiteboard.
        Fix is available, but denied to checkin to UR1.

        Show
        Anissa Lam added a comment - Add as91ur1-na in the whiteboard. Fix is available, but denied to checkin to UR1.
        Hide
        harpreet added a comment -

        Approving for 9.1.1 as this is a confusing message and customers might spend significant resources
        investigating the warning

        Show
        harpreet added a comment - Approving for 9.1.1 as this is a confusing message and customers might spend significant resources investigating the warning
        Hide
        cchidamb added a comment -

        Fix checked into FCS Branch.

        Show
        cchidamb added a comment - Fix checked into FCS Branch.

          People

          • Assignee:
            cchidamb
            Reporter:
            Cheng Fang
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: