glassfish
  1. glassfish
  2. GLASSFISH-8991

Many security realm related test cases failed in V2.1.1

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: v2.1.1
    • Fix Version/s: v2.1.1_dev
    • Component/s: security
    • Labels:
      None
    • Environment:

      Operating System: Linux
      Platform: All

    • Issuezilla Id:
      8,991

      Description

      OS: solaris10
      build: v2.1.1 promoted build25
      The assign-groups feature is not working in file and jdbc realms. It used to
      work in AS9.1.1 earlier builds.
      Steps to reproduce the bug:
      1. Install V3. start domain
      2. Checkout SQE workspace
      cvs co -r SJSAS911_FCS_BRANCH appserver-sqe/bootstrap.xml
      (CVSROOT: :pserver:<user>@redcvs.red.iplanet.com:/m/jws)
      cd appserver-sqe
      ant -f bootstrap.xml -Dtag=SJSAS911_FCS_BRANCH co-security
      3.set env variables
      S1AS_HOME <as install dir>
      SPS_HOME <appserver-sqe>
      ANT_HOME <I used V2.1.1 bundled ant>
      JAVA_HOME <I used jdk1.5.0_19 that was bundled with V2.1.1>
      4. cd appserver-sqe/pe/security/assigngroup, run "ant all". The test failed with
      the following errors:
      run-client1:
      [exec] WS HOME appserver-sqe
      [exec] ****************************************************************
      [exec] * <Security> AssignGroup with realm at application level tests *
      [exec] ****************************************************************
      [exec] Looked up home...
      [exec] Narrowed home...
      [exec] Creating EJB...
      [exec] Got Exception!!! All tests marked as failed!
      [exec] java.rmi.AccessException: CORBA NO_PERMISSION 0 No; nested exception
      is:
      [exec] org.omg.CORBA.NO_PERMISSION: ----------BEGIN server-side stack
      trace----------
      [exec] org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No
      [exec] at
      com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:576)
      [exec] at
      com.sun.corba.ee.impl.interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:627)
      [exec] at
      com.sun.corba.ee.impl.interceptors.PIHandlerImpl.invokeServerPIIntermediatePoint(PIHandlerImpl.java:530)
      [exec] at
      com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.getServantWithPI(CorbaServerRequestDispatcherImpl.java:406)
      [exec] at
      com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:224)
      [exec] at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1846)
      [exec] at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1706)
      [exec] at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:1088)
      [exec] at
      com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:223)
      [exec] at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:806)
      [exec] at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:563)
      [exec] at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2567)
      [exec] at
      com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:555)

      ------------There are some exceptions in server.log:
      [#|2009-08-03T11:38:25.851-0700|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=21;_ThreadName=p:
      thread-pool-1; w: 5;|
      SecAuthTestBean::testIsCallerInRole(r) invoked.|#]

      [#|2009-08-03T11:38:25.853-0700|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=21;_ThreadName=p:
      thread-pool-1; w: 5;|
      ...isCallerInRole() returned:false;role=RoleAdministrator|#]

      [#|2009-08-03T11:38:25.881-0700|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=21;_ThreadName=p:
      thread-pool-1; w: 5;|
      SecAuthTestBean::testIsCallerExpected(c) invoked.|#]

      [#|2009-08-03T11:38:25.882-0700|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=21;_ThreadName=p:
      thread-pool-1; w: 5;|
      ...Got Principal :munta|#]

      [#|2009-08-03T11:38:25.911-0700|INFO|sun-appserver2.1|javax.enterprise.system.container.ejb|_ThreadID=21;_ThreadName=p:
      thread-pool-1; w: 5;SecAuthTestBean;|EJB5018: An exception was thrown during an
      ejb invocation on [SecAuthTestBean]|#]

      [#|2009-08-03T11:38:25.912-0700|INFO|sun-appserver2.1|javax.enterprise.system.container.ejb|_ThreadID=21;_ThreadName=p:
      thread-pool-1; w: 5;|
      javax.ejb.AccessLocalException: Client not authorized for this invocation.
      at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1218)
      at
      com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:202)
      at
      com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:120)
      at $Proxy29.methodIsAuthorized(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at
      com.sun.corba.ee.impl.presentation.rmi.ReflectiveTie._invoke(ReflectiveTie.java:154)
      at
      com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatchToServant(CorbaServerRequestDispatcherImpl.java:687)
      at
      com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:227)
      at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1846)
      at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1706)
      at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:1088)
      at
      com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:223)
      at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:806)
      at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:563)
      at
      com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2567)
      at
      com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:555)

      #]

      — full server.log and test execution log (run.log) are attached.

      1. all.log
        83 kB
        sonialiu
      2. server.log
        66 kB
        sonialiu

        Activity

        Hide
        Nithya Ramakrishnan added a comment -

        The issue was in propogating the realm name to the server side interceptor from
        the descriptor. This has now been fixed.

        Show
        Nithya Ramakrishnan added a comment - The issue was in propogating the realm name to the server side interceptor from the descriptor. This has now been fixed.
        Hide
        sonialiu added a comment -

        The test cases started to fail since promoted build b18, the build b17 works fine.

        Show
        sonialiu added a comment - The test cases started to fail since promoted build b18, the build b17 works fine.
        Hide
        sonialiu added a comment -

        I just tried the latest promoted build 27, The bug is reproducible consistently.
        (I ran test case appserver-sqe/pe/security/realmperapp/applevel. The test failed
        and server.log showed that user got rejected.)
        [#|2009-08-06T14:34:21.624-0700|INFO|sun-appserver2.1|javax.enterprise.system.tools.admin|_ThreadID=18;_ThreadName=httpSSLWorkerThread-4848-0;/export1/sonia/as911test/domains/domain1/generated/xml/j2ee-apps/sec-realmperapp-applevelApp/sec-realmperapp-applevelAppClient.jar;|ADM1040:Client-jar
        location:[/export1/sonia/as911test/domains/domain1/generated/xml/j2ee-apps/sec-realmperapp-applevelApp/sec-realmperapp-applevelAppClient.jar]|#]

        [#|2009-08-06T14:34:28.822-0700|INFO|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=p:
        thread-pool-1; w: 6;munta;|SEC5046: Audit: Authentication refused for [munta].|#]

        [#|2009-08-06T14:34:28.825-0700|SEVERE|sun-appserver2.1|javax.enterprise.resource.corba|_ThreadID=21;_ThreadName=p:
        thread-pool-1; w: 6;com.sun.enterprise.security.LoginException: Login failed:
        javax.security.auth.login.LoginException: Failed file login for
        munta.;_RequestID=c3041391-1504-47e6-ac3d-d7048deb7a88;|IOP5049: Login
        exception: [com.sun.enterprise.security.LoginException: Login failed:
        javax.security.auth.login.LoginException: Failed file login for munta.]|#]

        [#|2009-08-06T14:34:34.801-0700|INFO|sun-appserver2.1|javax.enterprise.system.tools.deployment|_ThreadID=18;_ThreadName=httpSSLWorkerThread-4848-0;|Java
        Web Start services ended for application:
        com.sun.enterprise.appclient.jws.ApplicationContentOrigin@10e1829 registration
        name=sec-realmperapp-applevelApp
        com.sun.enterprise.appclient.jws.NestedAppclientContentOrigin@545658
        registration name=sec-realmperapp-applevelApp, context
        root=/sec-realmperapp-applevelApp/sec-realmperapp-applevel-client, module name=
        , parent=sec-realmperapp-applevelApp|#]

        Show
        sonialiu added a comment - I just tried the latest promoted build 27, The bug is reproducible consistently. (I ran test case appserver-sqe/pe/security/realmperapp/applevel. The test failed and server.log showed that user got rejected.) [#|2009-08-06T14:34:21.624-0700|INFO|sun-appserver2.1|javax.enterprise.system.tools.admin|_ThreadID=18;_ThreadName=httpSSLWorkerThread-4848-0;/export1/sonia/as911test/domains/domain1/generated/xml/j2ee-apps/sec-realmperapp-applevelApp/sec-realmperapp-applevelAppClient.jar;|ADM1040:Client-jar location: [/export1/sonia/as911test/domains/domain1/generated/xml/j2ee-apps/sec-realmperapp-applevelApp/sec-realmperapp-applevelAppClient.jar] |#] [#|2009-08-06T14:34:28.822-0700|INFO|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=p: thread-pool-1; w: 6;munta;|SEC5046: Audit: Authentication refused for [munta] .|#] [#|2009-08-06T14:34:28.825-0700|SEVERE|sun-appserver2.1|javax.enterprise.resource.corba|_ThreadID=21;_ThreadName=p: thread-pool-1; w: 6;com.sun.enterprise.security.LoginException: Login failed: javax.security.auth.login.LoginException: Failed file login for munta.;_RequestID=c3041391-1504-47e6-ac3d-d7048deb7a88;|IOP5049: Login exception: [com.sun.enterprise.security.LoginException: Login failed: javax.security.auth.login.LoginException: Failed file login for munta.]|#] [#|2009-08-06T14:34:34.801-0700|INFO|sun-appserver2.1|javax.enterprise.system.tools.deployment|_ThreadID=18;_ThreadName=httpSSLWorkerThread-4848-0;|Java Web Start services ended for application: com.sun.enterprise.appclient.jws.ApplicationContentOrigin@10e1829 registration name=sec-realmperapp-applevelApp com.sun.enterprise.appclient.jws.NestedAppclientContentOrigin@545658 registration name=sec-realmperapp-applevelApp, context root=/sec-realmperapp-applevelApp/sec-realmperapp-applevel-client, module name= , parent=sec-realmperapp-applevelApp|#]
        Hide
        jagadesh added a comment -

        Updated the target milestone.

        Show
        jagadesh added a comment - Updated the target milestone.
        Hide
        sonialiu added a comment -

        Missed one step.
        After step 3, need to do :
        4. cd appserver-sqe/pe, open file config.properties, modify admin user/password,
        ports...values based on your Glassfish installation. For example:
        admin.port=4848
        admin.user=admin
        admin.password=adminadmin

        Show
        sonialiu added a comment - Missed one step. After step 3, need to do : 4. cd appserver-sqe/pe, open file config.properties, modify admin user/password, ports...values based on your Glassfish installation. For example: admin.port=4848 admin.user=admin admin.password=adminadmin
        Hide
        sonialiu added a comment -

        changed the summary title since many security realm related test cases failed in
        the b25. Here is the list of the test cases failed:
        appserver-sqe/pe/security/jdbcrealm – 4 failiures
        appserver-sqe/pe/security/customrealm – 9 failures
        appserver-sqe/pe/security/realmperapp – 13 failures
        appserver-sqe/pe/security/customprincipal – 3 failures
        upgrade the bug to p2

        Show
        sonialiu added a comment - changed the summary title since many security realm related test cases failed in the b25. Here is the list of the test cases failed: appserver-sqe/pe/security/jdbcrealm – 4 failiures appserver-sqe/pe/security/customrealm – 9 failures appserver-sqe/pe/security/realmperapp – 13 failures appserver-sqe/pe/security/customprincipal – 3 failures upgrade the bug to p2
        Hide
        sonialiu added a comment -

        Created an attachment (id=3049)
        run.log

        Show
        sonialiu added a comment - Created an attachment (id=3049) run.log
        Hide
        sonialiu added a comment -

        Created an attachment (id=3048)
        server.log

        Show
        sonialiu added a comment - Created an attachment (id=3048) server.log

          People

          • Assignee:
            kumarjayanti
            Reporter:
            sonialiu
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: