Issue Details (XML | Word | Printable)

Key: GLASSFISH-8991
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Critical Critical
Assignee: kumarjayanti
Reporter: sonialiu
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
glassfish

Many security realm related test cases failed in V2.1.1

Created: 03/Aug/09 12:30 PM   Updated: 01/Dec/10 09:23 AM   Resolved: 25/Aug/09 08:45 AM
Component/s: security
Affects Version/s: v2.1.1
Fix Version/s: v2.1.1_dev

Time Tracking:
Not Specified

File Attachments: 1. Text File all.log (83 kB) 03/Aug/09 12:31 PM - sonialiu
2. Text File server.log (66 kB) 03/Aug/09 12:31 PM - sonialiu

Environment:

Operating System: Linux
Platform: All


Issuezilla Id: 8,991
Tags:
Participants: jagadesh, kumarjayanti, Nithya Ramakrishnan and sonialiu


 Description  « Hide

OS: solaris10
build: v2.1.1 promoted build25
The assign-groups feature is not working in file and jdbc realms. It used to
work in AS9.1.1 earlier builds.
Steps to reproduce the bug:
1. Install V3. start domain
2. Checkout SQE workspace
cvs co -r SJSAS911_FCS_BRANCH appserver-sqe/bootstrap.xml
(CVSROOT: :pserver:<user>@redcvs.red.iplanet.com:/m/jws)
cd appserver-sqe
ant -f bootstrap.xml -Dtag=SJSAS911_FCS_BRANCH co-security
3.set env variables
S1AS_HOME <as install dir>
SPS_HOME <appserver-sqe>
ANT_HOME <I used V2.1.1 bundled ant>
JAVA_HOME <I used jdk1.5.0_19 that was bundled with V2.1.1>
4. cd appserver-sqe/pe/security/assigngroup, run "ant all". The test failed with
the following errors:
run-client1:
[exec] WS HOME appserver-sqe
[exec] ****************************************************************
[exec] * <Security> AssignGroup with realm at application level tests *
[exec] ****************************************************************
[exec] Looked up home...
[exec] Narrowed home...
[exec] Creating EJB...
[exec] Got Exception!!! All tests marked as failed!
[exec] java.rmi.AccessException: CORBA NO_PERMISSION 0 No; nested exception
is:
[exec] org.omg.CORBA.NO_PERMISSION: ----------BEGIN server-side stack
trace----------
[exec] org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No
[exec] at
com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:576)
[exec] at
com.sun.corba.ee.impl.interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:627)
[exec] at
com.sun.corba.ee.impl.interceptors.PIHandlerImpl.invokeServerPIIntermediatePoint(PIHandlerImpl.java:530)
[exec] at
com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.getServantWithPI(CorbaServerRequestDispatcherImpl.java:406)
[exec] at
com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:224)
[exec] at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1846)
[exec] at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1706)
[exec] at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:1088)
[exec] at
com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:223)
[exec] at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:806)
[exec] at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:563)
[exec] at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2567)
[exec] at
com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:555)

------------There are some exceptions in server.log:
[#|2009-08-03T11:38:25.851-0700|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=21;_ThreadName=p:
thread-pool-1; w: 5;|
SecAuthTestBean::testIsCallerInRole(r) invoked.|#]

[#|2009-08-03T11:38:25.853-0700|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=21;_ThreadName=p:
thread-pool-1; w: 5;|
...isCallerInRole() returned:false;role=RoleAdministrator|#]

[#|2009-08-03T11:38:25.881-0700|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=21;_ThreadName=p:
thread-pool-1; w: 5;|
SecAuthTestBean::testIsCallerExpected(c) invoked.|#]

[#|2009-08-03T11:38:25.882-0700|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=21;_ThreadName=p:
thread-pool-1; w: 5;|
...Got Principal :munta|#]

[#|2009-08-03T11:38:25.911-0700|INFO|sun-appserver2.1|javax.enterprise.system.container.ejb|_ThreadID=21;_ThreadName=p:
thread-pool-1; w: 5;SecAuthTestBean;|EJB5018: An exception was thrown during an
ejb invocation on [SecAuthTestBean]|#]

[#|2009-08-03T11:38:25.912-0700|INFO|sun-appserver2.1|javax.enterprise.system.container.ejb|_ThreadID=21;_ThreadName=p:
thread-pool-1; w: 5;|
javax.ejb.AccessLocalException: Client not authorized for this invocation.
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1218)
at
com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:202)
at
com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:120)
at $Proxy29.methodIsAuthorized(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
com.sun.corba.ee.impl.presentation.rmi.ReflectiveTie._invoke(ReflectiveTie.java:154)
at
com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatchToServant(CorbaServerRequestDispatcherImpl.java:687)
at
com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:227)
at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1846)
at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1706)
at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:1088)
at
com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:223)
at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:806)
at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:563)
at
com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2567)
at
com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:555)

#]

— full server.log and test execution log (run.log) are attached.



sonialiu added a comment - 03/Aug/09 12:31 PM

Created an attachment (id=3048)
server.log


sonialiu added a comment - 03/Aug/09 12:31 PM

Created an attachment (id=3049)
run.log


sonialiu added a comment - 03/Aug/09 12:52 PM

changed the summary title since many security realm related test cases failed in
the b25. Here is the list of the test cases failed:
appserver-sqe/pe/security/jdbcrealm – 4 failiures
appserver-sqe/pe/security/customrealm – 9 failures
appserver-sqe/pe/security/realmperapp – 13 failures
appserver-sqe/pe/security/customprincipal – 3 failures
upgrade the bug to p2


sonialiu added a comment - 03/Aug/09 04:36 PM

Missed one step.
After step 3, need to do :
4. cd appserver-sqe/pe, open file config.properties, modify admin user/password,
ports...values based on your Glassfish installation. For example:
admin.port=4848
admin.user=admin
admin.password=adminadmin


jagadesh added a comment - 06/Aug/09 02:03 PM

Updated the target milestone.


sonialiu added a comment - 06/Aug/09 03:17 PM

I just tried the latest promoted build 27, The bug is reproducible consistently.
(I ran test case appserver-sqe/pe/security/realmperapp/applevel. The test failed
and server.log showed that user got rejected.)
[#|2009-08-06T14:34:21.624-0700|INFO|sun-appserver2.1|javax.enterprise.system.tools.admin|_ThreadID=18;_ThreadName=httpSSLWorkerThread-4848-0;/export1/sonia/as911test/domains/domain1/generated/xml/j2ee-apps/sec-realmperapp-applevelApp/sec-realmperapp-applevelAppClient.jar;|ADM1040:Client-jar
location:[/export1/sonia/as911test/domains/domain1/generated/xml/j2ee-apps/sec-realmperapp-applevelApp/sec-realmperapp-applevelAppClient.jar]|#]

[#|2009-08-06T14:34:28.822-0700|INFO|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=p:
thread-pool-1; w: 6;munta;|SEC5046: Audit: Authentication refused for [munta].|#]

[#|2009-08-06T14:34:28.825-0700|SEVERE|sun-appserver2.1|javax.enterprise.resource.corba|_ThreadID=21;_ThreadName=p:
thread-pool-1; w: 6;com.sun.enterprise.security.LoginException: Login failed:
javax.security.auth.login.LoginException: Failed file login for
munta.;_RequestID=c3041391-1504-47e6-ac3d-d7048deb7a88;|IOP5049: Login
exception: [com.sun.enterprise.security.LoginException: Login failed:
javax.security.auth.login.LoginException: Failed file login for munta.]|#]

[#|2009-08-06T14:34:34.801-0700|INFO|sun-appserver2.1|javax.enterprise.system.tools.deployment|_ThreadID=18;_ThreadName=httpSSLWorkerThread-4848-0;|Java
Web Start services ended for application:
com.sun.enterprise.appclient.jws.ApplicationContentOrigin@10e1829 registration
name=sec-realmperapp-applevelApp
com.sun.enterprise.appclient.jws.NestedAppclientContentOrigin@545658
registration name=sec-realmperapp-applevelApp, context
root=/sec-realmperapp-applevelApp/sec-realmperapp-applevel-client, module name=
, parent=sec-realmperapp-applevelApp|#]


sonialiu added a comment - 07/Aug/09 12:24 PM

The test cases started to fail since promoted build b18, the build b17 works fine.


Nithya Ramakrishnan added a comment - 25/Aug/09 08:45 AM

The issue was in propogating the realm name to the server side interceptor from
the descriptor. This has now been fixed.