glassfish
  1. glassfish
  2. GLASSFISH-9855

security-constraint not enforced correctly

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Incomplete
    • Affects Version/s: V3
    • Fix Version/s: V3
    • Component/s: upgrade_tool
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      9,855

      Description

      Sidebyside upgrade from v3 prelude to v3 nightly build 9/29/09 on winxp using
      securiy test from v3 prelude quicklooks test

      After upgrade, got Error on security-constraint

      runtest-impl-class:
      [echo] =============Starting TestNG test at ../..//classes/test
      ============
      [testng] [Parser] Running:
      [testng] security

      [testng] URL is: http://localhost:8080/hellojspsecure/first.html
      [testng] Connecting to: http://localhost:8080/hellojspsecure/first.html
      [testng] ERROR: Anonymous Client access was Allowed, security-constraint not
      Enforced correctly
      [testng] URL is: http://localhost:8080/hellojspsecure/simpleservlet
      [testng] Connecting to: http://localhost:8080/hellojspsecure/simpleservlet
      [testng] ERROR: Anonymous Client access was Allowed, security-constraint not
      Enforced correctly
      [testng] URL is: http://localhost:8080/hellojspsecure/hello.jsp
      [testng] Connecting to: http://localhost:8080/hellojspsecure/hello.jsp
      [testng] ERROR: Anonymous Client access was Allowed, security-constraint not
      Enforced correctly

      [testng] ===============================================
      [testng] security
      [testng] Total tests run: 3, Failures: 3, Skips: 0
      [testng] ===============================================

      Steps to reproduce:
      1) install v3 prelude, start domain1, start derby
      2) checkout v3 prelude quicklook test as followed:

      need to have subversion svn-win32-1.5.4.zip
      need to set environment variables JAVA_HOME, ANT_HOME, S1AS_HOME (glassfish
      location), PATH to point to ANT_HOME\bin, JAVA_HOME\bin,SVN_HOME\bin

      svn co https://svn.dev.java.net/svn/glassfish-svn/tags/glassfish-3.0-Prelude-
      b28c/tests
      cd <workspace>\tests\quicklook\security\helloworld
      ant -Dglassfish.home=%S1AS_HOME% build deploy runtest

      3) stop domain, stop derby

      4) install v3 build 9/29/09 from location below:
      http://javaweb.sfbay.sun.com/java/re/glassfish/v3/nightly/bundles/

      latest-glassfish.zip 29-Sep-2009 03:03 73M

      5) start asupgrade from <v3 installation>/bin

      6) cd <workspace>\tests\quicklook\security\helloworld
      run "ant -Dglassfish.home=<v3 installation> runtest"

      1. server.log
        12 kB
        1xpert
      2. web.xml
        4 kB
        Bobby Bissett
      3. web.xml.diff
        1 kB
        Bobby Bissett

        Activity

        Hide
        Bobby Bissett added a comment -

        Created an attachment (id=3414)
        Web.xml diff that fixes the test application.

        Show
        Bobby Bissett added a comment - Created an attachment (id=3414) Web.xml diff that fixes the test application.
        Hide
        1xpert added a comment -

        This is not a bug in the test because tests run fine in V3 Prelude, but could
        not run successfully in V3..I notice that you ran this test on v2.1 and saw the
        same problem invalid descriptor in web.xml that also appeared in v3..I ran the
        test on V3 Prelude.

        I tried to use the web.xml.diff and executed the test, however I got some error
        during deployment in v3 that version needs to be added to web-app element. I
        have added but it still complained.

        Thus, I started fresh , went through the steps to reproduce this issue. I
        noticed that there is no error in v3 prelude 's server.log. I only see problem
        exception in v3. I will attach both server.log, v3 prelude's domain1

        Show
        1xpert added a comment - This is not a bug in the test because tests run fine in V3 Prelude, but could not run successfully in V3..I notice that you ran this test on v2.1 and saw the same problem invalid descriptor in web.xml that also appeared in v3..I ran the test on V3 Prelude. I tried to use the web.xml.diff and executed the test, however I got some error during deployment in v3 that version needs to be added to web-app element. I have added but it still complained. Thus, I started fresh , went through the steps to reproduce this issue. I noticed that there is no error in v3 prelude 's server.log. I only see problem exception in v3. I will attach both server.log, v3 prelude's domain1
        Hide
        1xpert added a comment -

        Reassign issue to Upgrade

        Show
        1xpert added a comment - Reassign issue to Upgrade
        Hide
        Bobby Bissett added a comment -

        You're obviously not reading what I'm writing. I'm aware that the test passes in prelude – this is because
        prelude isn't validating the xml against the DTD. The web.xml file is simply not valid whether prelude
        catches it or not. Please check it for yourself in NetBeans (or some other validation tool) if you don't
        believe me.

        I tried to be helpful about this and fix the test case rather than marking it invalid, but that led nowhere.
        Am marking as invalid – if you want, you can file a bug against sqe tests to get this fixed.

        Show
        Bobby Bissett added a comment - You're obviously not reading what I'm writing. I'm aware that the test passes in prelude – this is because prelude isn't validating the xml against the DTD. The web.xml file is simply not valid whether prelude catches it or not. Please check it for yourself in NetBeans (or some other validation tool) if you don't believe me. I tried to be helpful about this and fix the test case rather than marking it invalid, but that led nowhere. Am marking as invalid – if you want, you can file a bug against sqe tests to get this fixed.
        Hide
        1xpert added a comment -

        I make changes to web.xml using web.xml.diff attachment, deploying it to v3
        prelude, upgrade and check in against v3 server. It gives error that version
        needs to be used for <web-app>. This error is bogus because version is already
        present in <web-app>

        The problem was I did not remove the line starting with DTD...I guess it's more
        helpful to post the web.xml itself rather than diff because it's easy to make
        human errors when editing manually

        I tried the upgrade from v3 prelude to v3 and it works like a charm...Thanks for
        the fix.

        Show
        1xpert added a comment - I make changes to web.xml using web.xml.diff attachment, deploying it to v3 prelude, upgrade and check in against v3 server. It gives error that version needs to be used for <web-app>. This error is bogus because version is already present in <web-app> The problem was I did not remove the line starting with DTD...I guess it's more helpful to post the web.xml itself rather than diff because it's easy to make human errors when editing manually I tried the upgrade from v3 prelude to v3 and it works like a charm...Thanks for the fix.

          People

          • Assignee:
            Bobby Bissett
            Reporter:
            1xpert
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: