glassfish
  1. glassfish
  2. GLASSFISH-6390

Validation Check: All CLIs that require classname should verify if the class can be loaded

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: V3
    • Fix Version/s: None
    • Component/s: command_line_interface
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: Sun

    • Issuezilla Id:
      6,390

      Description

      I tried this command:
      glassfish@~/WS/gf/v3.trunk.new$ asadmin create-auth-realm --classname=foo bar

      and it succeeded even when there is no class called foo.

        Activity

        Hide
        kumarjayanti added a comment -

        please see server log after the command you gave, it will show

        [#|2008-10-02T18:08:50.610+0530|SEVERE|GlassFish10.0|global|_ThreadID=15;_ThreadName=Thread-3;|Exception
        while processing config bean changes :
        java.lang.RuntimeException:
        com.sun.enterprise.security.auth.realm.BadRealmException:
        java.lang.ClassNotFoundException: foo
        at
        com.sun.enterprise.security.SecurityConfigListener.authRealmCreated(SecurityConfigListener.java:241)
        at
        com.sun.enterprise.security.SecurityConfigListener$1.handleAddEvent(SecurityConfigListener.java:143)
        at
        com.sun.enterprise.security.SecurityConfigListener$1.changed(SecurityConfigListener.java:126)
        at org.jvnet.hk2.config.ConfigSupport.sortAndDispatch(ConfigSupport.java:277)
        at
        com.sun.enterprise.security.SecurityConfigListener.changed(SecurityConfigListener.java:112)
        at
        org.jvnet.hk2.config.Transactions$ConfigListenerJob.process(Transactions.java:245)
        at org.jvnet.hk2.config.Transactions$ListenerInfo$1.run(Transactions.java:117)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417)
        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269)
        at java.util.concurrent.FutureTask.run(FutureTask.java:123)
        at
        java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
        at java.lang.Thread.run(Thread.java:595)
        Caused by: com.sun.enterprise.security.auth.realm.BadRealmException:
        java.lang.ClassNotFoundException: foo
        at com.sun.enterprise.security.auth.realm.Realm.doInstantiate(Realm.java:270)
        at com.sun.enterprise.security.auth.realm.Realm.instantiate(Realm.java:165)
        at
        com.sun.enterprise.security.SecurityConfigListener.createRealm(SecurityConfigListener.java:298)
        at
        com.sun.enterprise.security.SecurityConfigListener.authRealmCreated(SecurityConfigListener.java:239)
        ... 12 more
        Caused by: java.lang.ClassNotFoundException: foo
        at
        org.apache.felix.framework.searchpolicy.R4SearchPolicyCore.findClass(R4SearchPolicyCore.java:198)
        at
        org.apache.felix.framework.searchpolicy.R4SearchPolicy.findClass(R4SearchPolicy.java:45)
        at
        org.apache.felix.framework.searchpolicy.ContentClassLoader.loadClass(ContentClassLoader.java:109)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:164)
        at com.sun.enterprise.security.auth.realm.Realm.doInstantiate(Realm.java:246)
        ... 15 more
        Caused by: java.lang.ClassNotFoundException: foo
        at
        org.apache.felix.framework.searchpolicy.R4SearchPolicyCore.findClassOrResource(R4SearchPolicyCore.java:486)
        at
        org.apache.felix.framework.searchpolicy.R4SearchPolicyCore.findClass(R4SearchPolicyCore.java:185)
        ... 22 more

        #]

        so please assign this bug to admin since security module does throw an exception
        but asadmin command still reports success

        Show
        kumarjayanti added a comment - please see server log after the command you gave, it will show [#|2008-10-02T18:08:50.610+0530|SEVERE|GlassFish10.0|global|_ThreadID=15;_ThreadName=Thread-3;|Exception while processing config bean changes : java.lang.RuntimeException: com.sun.enterprise.security.auth.realm.BadRealmException: java.lang.ClassNotFoundException: foo at com.sun.enterprise.security.SecurityConfigListener.authRealmCreated(SecurityConfigListener.java:241) at com.sun.enterprise.security.SecurityConfigListener$1.handleAddEvent(SecurityConfigListener.java:143) at com.sun.enterprise.security.SecurityConfigListener$1.changed(SecurityConfigListener.java:126) at org.jvnet.hk2.config.ConfigSupport.sortAndDispatch(ConfigSupport.java:277) at com.sun.enterprise.security.SecurityConfigListener.changed(SecurityConfigListener.java:112) at org.jvnet.hk2.config.Transactions$ConfigListenerJob.process(Transactions.java:245) at org.jvnet.hk2.config.Transactions$ListenerInfo$1.run(Transactions.java:117) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269) at java.util.concurrent.FutureTask.run(FutureTask.java:123) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675) at java.lang.Thread.run(Thread.java:595) Caused by: com.sun.enterprise.security.auth.realm.BadRealmException: java.lang.ClassNotFoundException: foo at com.sun.enterprise.security.auth.realm.Realm.doInstantiate(Realm.java:270) at com.sun.enterprise.security.auth.realm.Realm.instantiate(Realm.java:165) at com.sun.enterprise.security.SecurityConfigListener.createRealm(SecurityConfigListener.java:298) at com.sun.enterprise.security.SecurityConfigListener.authRealmCreated(SecurityConfigListener.java:239) ... 12 more Caused by: java.lang.ClassNotFoundException: foo at org.apache.felix.framework.searchpolicy.R4SearchPolicyCore.findClass(R4SearchPolicyCore.java:198) at org.apache.felix.framework.searchpolicy.R4SearchPolicy.findClass(R4SearchPolicy.java:45) at org.apache.felix.framework.searchpolicy.ContentClassLoader.loadClass(ContentClassLoader.java:109) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:164) at com.sun.enterprise.security.auth.realm.Realm.doInstantiate(Realm.java:246) ... 15 more Caused by: java.lang.ClassNotFoundException: foo at org.apache.felix.framework.searchpolicy.R4SearchPolicyCore.findClassOrResource(R4SearchPolicyCore.java:486) at org.apache.felix.framework.searchpolicy.R4SearchPolicyCore.findClass(R4SearchPolicyCore.java:185) ... 22 more #] so please assign this bug to admin since security module does throw an exception but asadmin command still reports success
        Hide
        kumarjayanti added a comment -

        Reassigning to Admin. However this is probably more difficult to fix since
        Admin/AMX is submitting the Job as a Worker to be run by a ThreadPool, and hence
        does not have the ability to get the result of the excecution of the worker ?.
        See the stack trace i pasted above.

        Show
        kumarjayanti added a comment - Reassigning to Admin. However this is probably more difficult to fix since Admin/AMX is submitting the Job as a Worker to be run by a ThreadPool, and hence does not have the ability to get the result of the excecution of the worker ?. See the stack trace i pasted above.
        Hide
        kumarjayanti added a comment -

        reassign to admin owner

        Show
        kumarjayanti added a comment - reassign to admin owner
        Hide
        ne110415 added a comment -

        reassigning to myself.

        Show
        ne110415 added a comment - reassigning to myself.
        Hide
        Sanjeeb Sahoo added a comment -

        I actually don't see any exception in the server.log.

        Show
        Sanjeeb Sahoo added a comment - I actually don't see any exception in the server.log.
        Hide
        ne110415 added a comment -

        create-auth-realm is a config insertion operation. The CLI scope is limited to
        creating the config and as in earlier GF versions, there is no validation to
        check if class with the provided classname can be located and loaded.
        (This generic approach is reflected in various other CLIs such as create-jdbc-
        connection-pool, create-audit-module etc)

        At a design level, it can considered as a trade-off between using a more
        dynamic and flexible configuration approach Vs. statically and conservatively
        managing config operations.

        Also, there is no exception in the server log as the reporter has noted.

        The present implementation is backward compatible and covers its original
        scope. Accordingly, marking this bug as invalid.

        (In case this change is desired, an RFE would be better description although
        this change in approach has to be carried over to all related CLIs too for the
        sake of consistency in CLI user experience.)

        Show
        ne110415 added a comment - create-auth-realm is a config insertion operation. The CLI scope is limited to creating the config and as in earlier GF versions, there is no validation to check if class with the provided classname can be located and loaded. (This generic approach is reflected in various other CLIs such as create-jdbc- connection-pool, create-audit-module etc) At a design level, it can considered as a trade-off between using a more dynamic and flexible configuration approach Vs. statically and conservatively managing config operations. Also, there is no exception in the server log as the reporter has noted. The present implementation is backward compatible and covers its original scope. Accordingly, marking this bug as invalid. (In case this change is desired, an RFE would be better description although this change in approach has to be carried over to all related CLIs too for the sake of consistency in CLI user experience.)
        Hide
        Sanjeeb Sahoo added a comment -

        I am very surprised that we don't do basic verification. I am reopening this bug
        as an RFE to do more verification at command execution time. Feel free to change
        the subject to reflect the scope of this issue.

        Show
        Sanjeeb Sahoo added a comment - I am very surprised that we don't do basic verification. I am reopening this bug as an RFE to do more verification at command execution time. Feel free to change the subject to reflect the scope of this issue.
        Hide
        ne110415 added a comment -

        Changing the issue per earlier discussions.

        Show
        ne110415 added a comment - Changing the issue per earlier discussions.
        Hide
        ne110415 added a comment -

        forgot to change component

        Show
        ne110415 added a comment - forgot to change component
        Hide
        janey added a comment -

        Reassign to Bill.

        Show
        janey added a comment - Reassign to Bill.
        Hide
        Tom Mueller added a comment -

        Cleared the Fix version field since this issue isn't going to be fixed in V3.

        Show
        Tom Mueller added a comment - Cleared the Fix version field since this issue isn't going to be fixed in V3.

          People

          • Assignee:
            Bill Shannon
            Reporter:
            Sanjeeb Sahoo
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: