[GLASSFISH-15078] jpa cdi AccessControlException when security manager Created: 09/Dec/10  Updated: 12/Dec/11  Resolved: 05/Jan/11

Status: Resolved
Project: glassfish
Component/s: cdi
Affects Version/s: 3.1
Fix Version/s: 3.1_b36

Type: Bug Priority: Major
Reporter: sherryshen Assignee: Sivakumar Thyagarajan
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Solaris 10 Sparc


Attachments: File cdi-servlet-annotation-web.war     Text File server.log     File server.log.in1    
Issue Links:
Duplicate
duplicates GLASSFISH-17748 Weld / JSF Is Not Working Without jav... Resolved
Status Whiteboard:

weld-int-required

Tags: 3_1-approved, 3_1-verified, weld-int-required

 Description   

jpa cdi AccessControlException when security manager

glassfish-3.1-b33-12_09_2010.zip

When security manager on, jpa cdi app failed to deploy with
java.lang.RuntimeException: java.security.AccessControlException:
access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
When security manager off, the same tests passed.

To reproduce the issue:
refer the instruction to set env and get test source with co-ejb
http://agni-1.us.oracle.com/JSPWiki/Wiki.jsp?page=V31CoreInstruction
do "ant all" in
appserver-sqe/pe/ejb/jpa20/ear/bvcallbackcdi



 Comments   
Comment by sherryshen [ 09/Dec/10 ]

deploy-common-pe:
[exec] asadmin --host localhost --port 4848 --user admin --passwordfile /space/test1/src/c31/appserver-sqe/build-config/adminpassword.txt --interactive=false --echo=true --terse=false deploy --name jpa20-bvcallbackcdiApp --force=false --precompilejsp=false --verify=false --retrieve /space/test1/src/c31/appserver-sqe/build/pe/sparc_syhill_SunOS/jpa20-bvcallbackcdi/archive --generatermistubs=false --availabilityenabled=false --asyncreplication=true --keepreposdir=false --keepfailedstubs=false --isredeploy=false --logreportederrors=true /space/test1/src/c31/appserver-sqe/build/pe/sparc_syhill_SunOS/jpa20-bvcallbackcdi/archive/jpa20-bvcallbackcdiApp.ear
[exec] Command deploy failed.
[exec] org.glassfish.api.admin.CommandException: remote failure: Error occurred during deployment: Exception while loading the app : Exception List with 1 exceptions:
[exec] Exception 0 :
[exec] java.lang.RuntimeException: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
[exec] at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:71)
[exec] at org.jboss.weld.util.reflection.SecureReflections.ensureAccessible(SecureReflections.java:324)
[exec] at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:47)
[exec] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:102)
[exec] at com.sun.jersey.server.impl.cdi.org$jboss$weld$bean-com$sun$jersey$server$impl$cdi$CDIExtension-Built-in-Extension-com$sun$jersey$server$impl$cdi$CDIExtension_$$WeldClientProxy.beforeBeanDiscovery(org$jboss$weld$bean-com$sun$jersey$server$impl$cdi$CDIExtension-Built-in-Extension-com$sun$jersey$server$impl$cdi$CDIExtension$$_WeldClientProxy.java)
[exec] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[exec] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[exec] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[exec] at java.lang.reflect.Method.invoke(Method.java:597)
[exec] at org.jboss.weld.util.reflection.SecureReflections$13.work(SecureReflections.java:305)
[exec] at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:54)
[exec] at org.jboss.weld.util.reflection.SecureReflectionAccess.runAsInvocation(SecureReflectionAccess.java:163)
[exec] at org.jboss.weld.util.reflection.SecureReflections.invoke(SecureReflections.java:299)
[exec] at org.jboss.weld.introspector.jlr.WeldMethodImpl.invokeOnInstance(WeldMethodImpl.java:198)
[exec] at org.jboss.weld.introspector.ForwardingWeldMethod.invokeOnInstance(ForwardingWeldMethod.java:59)
[exec] at org.jboss.weld.injection.MethodInjectionPoint.invokeOnInstanceWithSpecialValue(MethodInjectionPoint.java:200)
[exec] at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:270)
[exec] at org.jboss.weld.event.ObserverMethodImpl.sendEvent(ObserverMethodImpl.java:253)
[exec] at org.jboss.weld.event.ObserverMethodImpl.notify(ObserverMethodImpl.java:222)
[exec] at org.jboss.weld.bootstrap.events.AbstractContainerEvent.fire(AbstractContainerEvent.java:88)
[exec] at org.jboss.weld.bootstrap.events.AbstractDefinitionContainerEvent.fire(AbstractDefinitionContainerEvent.java:52)
[exec] at org.jboss.weld.bootstrap.events.BeforeBeanDiscoveryImpl.fire(BeforeBeanDiscoveryImpl.java:46)
[exec] at org.jboss.weld.bootstrap.WeldBootstrap.startInitialization(WeldBootstrap.java:340)
[exec] at org.glassfish.weld.WeldDeployer.event(WeldDeployer.java:162)
[exec] at org.glassfish.kernel.event.EventsImpl.send(EventsImpl.java:128)
[exec] at org.glassfish.internal.data.ApplicationInfo.load(ApplicationInfo.java:266)
[exec] at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:460)
[exec] at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:240)
[exec] at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:369)
[exec] at com.sun.enterprise.v3.admin.CommandRunnerImpl$1.execute(CommandRunnerImpl.java:354)
[exec] at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:369)
[exec] at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1079)
[exec] at com.sun.enterprise.v3.admin.CommandRunnerImpl.access$1200(CommandRunnerImpl.java:95)
[exec] at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1257)
[exec] at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1246)
[exec] at com.sun.enterprise.v3.admin.AdminAdapter.doCommand(AdminAdapter.java:453)
[exec] at com.sun.enterprise.v3.admin.AdminAdapter.service(AdminAdapter.java:220)
[exec] at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:168)
[exec] at com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117)
[exec] at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:234)
[exec] at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:817)
[exec] at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:718)
[exec] at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1007)
[exec] at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
[exec] at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
[exec] at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
[exec] at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
[exec] at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
[exec] at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
[exec] at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
[exec] at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
[exec] at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
[exec] at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
[exec] at java.lang.Thread.run(Thread.java:619)
[exec] Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
[exec] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
[exec] at java.security.AccessController.checkPermission(AccessController.java:546)
[exec] at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
[exec] at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
[exec] at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:332)
[exec] at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:325)
[exec] at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:54)
[exec] at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:67)
[exec] ... 53 more
[exec] . Please see server.log for more details.
[exec] Result: 1

Comment by sherryshen [ 09/Dec/10 ]

releated sever.log

Comment by Sivakumar Thyagarajan [ 13/Dec/10 ]

This appears to be a WELD issue. A related issue https://issues.jboss.org/browse/WELD-32 has been filed earlier in the WELD JIRA to resolve this. I am working with the weld team to find out if we can get this fixed in the 3.1 timeframe.

Comment by Sivakumar Thyagarajan [ 13/Dec/10 ]

A simpler way to reproduce this issue is to:

  • enable security manager in GF and restart domain
  • deploy the attached war
  • deployment would fail with the following error in server.log
    Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
    at java.security.AccessController.checkPermission(AccessController.java:546)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
    at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:332)
    at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:325)
    at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:54)
    at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:67)
Comment by Sivakumar Thyagarajan [ 13/Dec/10 ]

Simple war to reproduce the issue. The sources for this is at https://svn.java.net/svn/glassfish~svn/trunk/v2/appserv-tests/devtests/cdi/smoke-tests/cdi-servlet-3.0-annotation/

Comment by Sivakumar Thyagarajan [ 22/Dec/10 ]

Weld is not planning to fix this issue in their 1.1.0 release and I am investigating GF specific workarounds that a user could do.

Adding the java.lang.reflect.ReflectPermission "suppressAccessChecks" Permission to the default grant block in server.policy does work. However I am trying to figure out a way to localize providing this permission only to the CDI application involved and I am working with the GF security team about this.

Comment by Sivakumar Thyagarajan [ 28/Dec/10 ]

It was found that the Weld-generated proxies uses the default ProtectionDomain, as the proxies are generated using ClassLoader.defineClass(String name, byte[] b, int off, int len). This prevents a user to specify an application specific permission grant or a grant to a known codesource to get Weld working in a SecurityManager, and having to provide the suppressAccessChecks Permission for all classes. We are working with the Weld team to find out if all generated proxies could use a well-defined ProtectionDomain/CodeSource.

Comment by sherryshen [ 28/Dec/10 ]

The log of instance 1 from cluster tests.

Comment by sherryshen [ 28/Dec/10 ]

A. For das tests on b33:
asadmin create-jvm-options -Djava.security.manager
restart domain, do "ant all" in
appserver-sqe/pe/ejb/jpa20/ear/bvcallbackcdi
Tests failed with server.log in the previous
attachment at 09/Dec/10 03:34 PM.

Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:332)

B. For cluster tests on b34:
asadmin create-jvm-options --target sqe-cluster -Djava.security.manager
restart domain and cluster, do "ant ee all" in
appserver-sqe/pe/ejb/jpa20/ear/bvcallbackcdi
Tests failed with server.log.in1 in the attachment today,
28/Dec/10 11:31 AM.

Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:332)

Comment by Sivakumar Thyagarajan [ 29/Dec/10 ]

Created a new Weld issue https://issues.jboss.org/browse/WELD-813 to track this.

Comment by Sivakumar Thyagarajan [ 29/Dec/10 ]

@sherry: Tests in A. and B. below fail because of this known issue. CDI applications currently don't work with an enabled Security Manager, and we are working with the Weld team to support that usecase. About C. enable-secure-admin enables secure communication between admin clients and DAS and between DAS and instances as detailed here http://wikis.sun.com/display/GlassFish/3.1SecureAdminTraffic#3.1SecureAdminTraffic-enablesecureadmin
This is unrelated to security manager issue outlined in A. and B and this issue.

Comment by Sivakumar Thyagarajan [ 04/Jan/11 ]

The Weld team doesn't want to support SM as part of this release, and through a fix for WELD-813, a standard well-known ProtectionDomain for the Bean proxies generated by Weld is added, and this can be used to provide a simple workaround that could be used by the user.

Workaround:
In 3.1, for a CDI-enabled application if a user wants to set the SecurityManager on, they have to grant the following permission to the application as a workaround.
> grant codeBase "file:$

{com.sun.aas.instanceRoot}

/applications/[ApplicationName]"

{ > permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; > }

;

I have integrated the latest Weld 1.1.0.CR4 into GF3.1 as part of commit 44200. With this build, a user who wants to use CDI applications in the context of a SecurityManager could add the permission above. I have tested this behavior with all our developer tests with an enabled SecurityManager

Resolving this for now. We will release-note this behavior or make this addition of permission easier.

Comment by sherryshen [ 05/Jan/11 ]

The tests still failed on b36 promoted and b37 nightly.
The previous failure on b33 is at deploy.
For b37n, deploy is OK, the failure is at runtime.

glassfish-3.1-b37-01_05_2011.zip

Modify server.policy with
//jpa cdi test with security permissions
grant codeBase "file:$

{com.sun.aas.installRoot}

/applications/jpa20-bvcallbackcdiApp/-"

{ permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }

;

[#|2011-01-05T11:51:42.168-0800|INFO|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=115;_ThreadName=Thread-1;|**********1. TestServlet: add User1 with short Name**********|#]

[#|2011-01-05T11:51:42.211-0800|INFO|glassfish3.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=Thread-1;|JACC Policy Provider: Failed Permission Check, context(jpa20-bvcallbackcdiApp/jpa20-bvcallbackcdi_war)- permission((java.lang.reflect.ReflectPermission suppressAccessChecks))|#]

[#|2011-01-05T11:51:42.214-0800|SEVERE|glassfish3.1|javax.enterprise.system.container.ejb.com.sun.ejb.containers|_ThreadID=115;_ThreadName=Thread-1;|EJB5070: Exception creating stateless session bean : [UserEJB]|#]

[#|2011-01-05T11:51:42.217-0800|WARNING|glassfish3.1|javax.enterprise.system.container.ejb.com.sun.ejb.containers|_ThreadID=115;_ThreadName=Thread-1;|A system exception occurred during an invocation on EJB UserEJB method public boolean jpa20.ear.bvcallbackcdi.service.UserEJB.addUser(java.lang.String,java.lang.String,int)
javax.ejb.EJBException: javax.ejb.EJBException: javax.ejb.CreateException: Could not create stateless EJB
at com.sun.ejb.containers.StatelessSessionContainer._getContext(StatelessSessionContainer.java:454)
at com.sun.ejb.containers.BaseContainer.getContext(BaseContainer.java:2528)
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1895)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88)
at $Proxy132.addUser(Unknown Source)
at jpa20.ear.bvcallbackcdi.service._EJB31_GeneratedUserEJBIntf__Bean_.addUser(Unknown Source)
at jpa20.ear.bvcallbackcdi.web.TestServlet.processRequest(TestServlet.java:34)
at jpa20.ear.bvcallbackcdi.web.TestServlet.doGet(TestServlet.java:75)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:322)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:355)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:212)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1527)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:326)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:227)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:170)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:818)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:719)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1008)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.ejb.EJBException: javax.ejb.CreateException: Could not create stateless EJB
at com.sun.ejb.containers.StatelessSessionContainer$SessionContextFactory.create(StatelessSessionContainer.java:726)
at com.sun.ejb.containers.util.pool.NonBlockingPool.getObject(NonBlockingPool.java:247)
at com.sun.ejb.containers.StatelessSessionContainer._getContext(StatelessSessionContainer.java:449)
... 44 more
Caused by: javax.ejb.CreateException: Could not create stateless EJB
at com.sun.ejb.containers.StatelessSessionContainer.createStatelessEJB(StatelessSessionContainer.java:534)
at com.sun.ejb.containers.StatelessSessionContainer.access$000(StatelessSessionContainer.java:95)
at com.sun.ejb.containers.StatelessSessionContainer$SessionContextFactory.create(StatelessSessionContainer.java:724)
... 46 more
Caused by: java.lang.RuntimeException: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:71)
at org.jboss.weld.util.reflection.SecureReflections.ensureAccessible(SecureReflections.java:324)
at org.jboss.weld.introspector.jlr.WeldConstructorImpl.newInstance(WeldConstructorImpl.java:239)
at org.jboss.weld.injection.ConstructorInjectionPoint.newInstance(ConstructorInjectionPoint.java:134)
at org.jboss.weld.bean.ManagedBean.createInstance(ManagedBean.java:385)
at org.jboss.weld.bean.ManagedBean$ManagedBeanInjectionTarget.produce(ManagedBean.java:234)
at org.jboss.weld.bean.ManagedBean.create(ManagedBean.java:338)
at org.jboss.weld.context.unbound.DependentContextImpl.get(DependentContextImpl.java:67)
at org.jboss.weld.manager.BeanManagerImpl.getReference(BeanManagerImpl.java:669)
at org.jboss.weld.manager.BeanManagerImpl.getReference(BeanManagerImpl.java:751)
at org.jboss.weld.injection.FieldInjectionPoint.inject(FieldInjectionPoint.java:138)
at org.jboss.weld.util.Beans.injectBoundFields(Beans.java:872)
at org.jboss.weld.util.Beans.injectFieldsAndInitializers(Beans.java:884)
at org.jboss.weld.bean.SessionBean$1$1.proceed(SessionBean.java:195)
at org.glassfish.weld.services.InjectionServicesImpl.aroundInject(InjectionServicesImpl.java:134)
at org.jboss.weld.injection.InjectionContextImpl.run(InjectionContextImpl.java:50)
at org.jboss.weld.bean.SessionBean$1.inject(SessionBean.java:190)
at org.glassfish.weld.services.JCDIServiceImpl.injectEJBInstance(JCDIServiceImpl.java:170)
at com.sun.ejb.containers.BaseContainer.injectEjbInstance(BaseContainer.java:1675)
at com.sun.ejb.containers.StatelessSessionContainer.createStatelessEJB(StatelessSessionContainer.java:494)
... 48 more
Caused by: java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:107)
at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:332)
at org.jboss.weld.util.reflection.SecureReflections$14.work(SecureReflections.java:325)
at org.jboss.weld.util.reflection.SecureReflectionAccess.run(SecureReflectionAccess.java:54)
at org.jboss.weld.util.reflection.SecureReflectionAccess.runAndWrap(SecureReflectionAccess.java:67)
... 67 more

#]

[#|2011-01-05T11:51:42.226-0800|INFO|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=115;_ThreadName=Thread-1;|Failure in TestServlet|#]

Comment by kumara [ 05/Jan/11 ]

There seems to be an error with the grant block. Can you please try after replacing installRoot by instanceRoot (as below)?

//jpa cdi test with security permissions
grant codeBase "file:$

{com.sun.aas.instanceRoot}

/applications/jpa20-bvcallbackcdiApp/-"

{ permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }

;

Comment by sherryshen [ 05/Jan/11 ]

Thanks for pointing out my problem.
I revised $S1AS_HOME/domains/domain1/config/server.policy
as suggested by kumara. The tests passed on das as well as
on cluster with security manager on.

For das and cluster case, tests passed with another error
in server.log
JACC Policy Provider: Failed Permission Check, context(jpa20-bvcallbackcdiApp/jpa20-bvcallbackcdi-ejb_jar)- permission((javax.management.MBeanServerPermission findMBeanServer))|#]

Do I need to add other permission to server.policy to get rid of this error?

[#|2011-01-05T16:29:19.047-0800|CONFIG|glassfish3.1|org.eclipse.persistence.session.file:/space/test1/v3/glassfish/domains/domain1/applications/jpa20-bvcallbackcdiApp/jpa20-bvcallbackcdi-ejb_jar/_pu1.connection|_ThreadID=19;_ThreadName=Thread-1;|Connected: jdbc:derby://localhost:1527/testdb
User: dbuser
Database: Apache Derby Version: 10.6.2.1 - (999685)
Driver: Apache Derby Network Client JDBC Driver Version: 10.6.2.1 - (999685)|#]

[#|2011-01-05T16:29:19.234-0800|INFO|glassfish3.1|org.eclipse.persistence.session.file:/space/test1/v3/glassfish/domains/domain1/applications/jpa20-bvcallbackcdiApp/jpa20-bvcallbackcdi-ejb_jar/_pu1|_ThreadID=19;_ThreadName=Thread-1;|file:/space/test1/v3/glassfish/domains/domain1/applications/jpa20-bvcallbackcdiApp/jpa20-bvcallbackcdi-ejb_jar/_pu1 login successful|#]

[#|2011-01-05T16:29:19.237-0800|INFO|glassfish3.1|javax.enterprise.system.core.security|_ThreadID=19;_ThreadName=Thread-1;|JACC Policy Provider: Failed Permission Check, context(jpa20-bvcallbackcdiApp/jpa20-bvcallbackcdi-ejb_jar)- permission((javax.management.MBeanServerPermission findMBeanServer))|#]

[#|2011-01-05T16:29:19.246-0800|SEVERE|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=86;_ThreadName=Thread-1;|java.security.AccessControlException: access denied (javax.management.MBeanServerPermission findMBeanServer)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at javax.management.MBeanServerFactory.checkPermission(MBeanServerFactory.java:393)
at javax.management.MBeanServerFactory.findMBeanServer(MBeanServerFactory.java:343)
at org.eclipse.persistence.platform.server.JMXServerPlatformBase.getMBeanServer(JMXServerPlatformBase.java:165)
at org.eclipse.persistence.platform.server.JMXServerPlatformBase.serverSpecificRegisterMBean(JMXServerPlatformBase.java:235)
at org.eclipse.persistence.platform.server.sunas.SunAS9ServerPlatform.serverSpecificRegisterMBean(SunAS9ServerPlatform.java:180)
at org.eclipse.persistence.platform.server.ServerPlatformBase.registerMBean(ServerPlatformBase.java:510)
at org.eclipse.persistence.internal.sessions.DatabaseSessionImpl.postConnectDatasource(DatabaseSessionImpl.java:687)
at org.eclipse.persistence.internal.sessions.DatabaseSessionImpl.loginAndDetectDatasource(DatabaseSessionImpl.java:620)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryProvider.login(EntityManagerFactoryProvider.java:240)
at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.deploy(EntityManagerSetupImpl.java:394)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.getServerSession(EntityManagerFactoryImpl.java:185)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.createEntityManagerImpl(EntityManagerFactoryImpl.java:242)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:237)
at com.sun.enterprise.container.common.impl.EntityManagerWrapper._getDelegate(EntityManagerWrapper.java:208)
at com.sun.enterprise.container.common.impl.EntityManagerWrapper.persist(EntityManagerWrapper.java:269)
at jpa20.ear.bvcallbackcdi.persistence.impl.UserDaoImpl.persist(UserDaoImpl.java:28)
at jpa20.ear.bvcallbackcdi.service.UserEJB.addUser(UserEJB.java:21)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1052)
at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:1124)
at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:5367)
at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:619)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:801)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:571)
at org.jboss.weld.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:57)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor$2.run(InterceptorManager.java:857)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:854)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:801)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:571)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doAround(SystemInterceptorProxy.java:162)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:144)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor$2.run(InterceptorManager.java:857)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:854)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:801)
at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:371)
at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:5339)
at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:5327)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:214)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88)
at $Proxy120.addUser(Unknown Source)
at jpa20.ear.bvcallbackcdi.service._EJB31_GeneratedUserEJBIntf__Bean_.addUser(Unknown Source)
at jpa20.ear.bvcallbackcdi.web.TestServlet.processRequest(TestServlet.java:34)
at jpa20.ear.bvcallbackcdi.web.TestServlet.doGet(TestServlet.java:75)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:322)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:355)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:212)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1527)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:326)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:227)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:170)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:818)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:719)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1008)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
a|#]

[#|2011-01-05T16:29:19.248-0800|SEVERE|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=86;_ThreadName=Thread-1;|t java.lang.Thread.run(Thread.java:619)

#]

[#|2011-01-05T16:29:19.498-0800|FINE|glassfish3.1|org.eclipse.persistence.session.file:/space/test1/v3/glassfish/domains/domain1/applications/jpa20-bvcallbackcdiApp/jpa20-bvcallbackcdi-ejb_jar/_pu1.sql|_ThreadID=19;_ThreadName=Thread-1;ClassName=null;MethodName=null;|INSERT INTO CDI_USER (USER_ID, USER_EXT, USER_NAME) VALUES (?, ?, ?)
bind => [3 parameters bound]|#]

[#|2011-01-05T16:29:19.619-0800|INFO|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=86;_ThreadName=Thread-1;|UserDaoImpl: persisted|#]

Comment by kumara [ 05/Jan/11 ]

The exception above "java.security.AccessControlException: access denied (javax.management.MBeanServerPermission findMBeanServer" is already tracked in issue 15337. IMO, this issue can now be closed. Let us know.

Comment by sherryshen [ 05/Jan/11 ]

Yes, Mitesh confirmed that the remaining error
is tracked in
http://java.net/jira/browse/GLASSFISH-15337

Comment by sherryshen [ 06/Jan/11 ]

Two related bugs are filed for docs
http://java.net/jira/browse/GLASSFISH-15456
http://java.net/jira/browse/GLASSFISH-15459





[GLASSFISH-15387] restart required status is not shown correctly for clustered instances Created: 29/Dec/10  Updated: 03/Feb/11  Resolved: 30/Dec/10

Status: Closed
Project: glassfish
Component/s: admin_gui
Affects Version/s: 3.1_b35
Fix Version/s: 3.1_b36

Type: Bug Priority: Major
Reporter: Harshad Vilekar Assignee: Anissa Lam
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: JPEG File cluster-general-status.jpg    
Tags: 3_1-approved

 Description   

Steps to duplicate:

  • Create and start two instance cluster

/asadmin list-instances --long
NAME HOST PORT PID CLUSTER STATE
in2 localhost 8363 27098 c1 running
in1 localhost 8107 27096 c1 running

  • Make configuration changes that need server restart

Configurations - c1-config - Transaction Service - On Restart - check Enabled - Save.

  • Check the status reported by CLI:
    asadmin list-instances --long
    NAME HOST PORT PID CLUSTER STATE
    in2 localhost 8363 27098 c1 running; requires restart
    in1 localhost 8107 27096 c1 running; requires restart
  • Check the Status reported by Admin Console. It shows "not running" status for the two instances.

Clusters - c1 - General - status: 2 instances "not running" (see cluster-general-status.jpg)



 Comments   
Comment by Anissa Lam [ 30/Dec/10 ]

We considered anything that is not in the state of "RUNNING" being stopped. For the restart-required case, the state is "REQUIRE-RESTART", thus, it was considered not running. Thats a bug.
I am fixing it such that there will be 3 category, like whatever we got back from backend. These being running, not-running and require-restart.

How bad is its impact? (Severity)
Provide the misleading info to user about cluster instance status on the cluster page. Although the status for each instance is listed correctly in the instances table.

How often does it happen? Will many users see this problem? (Frequency)
When the cluster instance is at restart-required state, it will be shown as not-running.

How much effort is required to fix it? (Cost)
low. Fix is ready. svn diff provided below.

What is the risk of fixing it and how will the risk be mitigated? (Risk)
Fix is small. change only that 1 method that look at the state and count up the # of instance of each state.

~/Awork/V3/v3/admingui 607) svn diff cluster common
Index: cluster/src/main/resources/cluster/clusterGeneral.jsf
===================================================================
— cluster/src/main/resources/cluster/clusterGeneral.jsf (revision 44118)
+++ cluster/src/main/resources/cluster/clusterGeneral.jsf (working copy)
@@ -63,7 +63,7 @@
gf.getChildrenNamesList(endpoint="#

{pageSession.resourceUrl}

/server-ref" id="ref" result="#

{pageSession.instanceList}

" );
gf.listInstances(optionKeys=

{"id"}

optionValues={"$pageSession

{clusterName}

"}, statusMap="#

{requestScope.statusMap}");
gf.getClusterStatusSummary(statusMap ="#{requestScope.statusMap}

" ,

  • numRunning="# {pageSession.numRunning}" numNotRunning="#{pageSession.numNotRunning}"
    + numRunning="#{pageSession.numRunning}

    " numNotRunning="#

    {pageSession.numNotRunning}" numRequireRestart="#{pageSession.numRequireRestart}"
    disableStart="#{pageSession.disableStart}" disableStop="#{pageSession.disableStop}" disableEjb="#{pageSession.disableEjb}");
    setPageSessionAttribute(key="convertToFalseList" value={ "gmsEnabled"} );
    //set the following for including buttons.inc
    @@ -176,9 +176,16 @@
    </sun:property>

    <sun:property id="instanceStatusProp" labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18n.common.status}" >
    + <if condition="#{pageSession.numNotRunning}

    ">
    + <sun:staticText id="instanceStatusStopped" text=" #

    {pageSession.numNotRunning}" />
    + "<br />
    + </if>
    + <if condition="#{pageSession.numRequireRestart}">
    + <sun:staticText id="instanceStatusRequireRestart" text="#{pageSession.numRequireRestart}" />
    + "<br />
    + </if>
    <sun:staticText id="instanceStatusRunning" text="#{pageSession.numRunning}" />
    "<br />
    - <sun:staticText id="instanceStatusStopped" text="#{pageSession.numNotRunning}

    " />
    </sun:property>
    </sun:propertySheetSection>

Index: cluster/src/main/resources/org/glassfish/cluster/admingui/Strings.properties
===================================================================
— cluster/src/main/resources/org/glassfish/cluster/admingui/Strings.properties (revision 44118)
+++ cluster/src/main/resources/org/glassfish/cluster/admingui/Strings.properties (working copy)
@@ -113,8 +113,9 @@
cluster.gmsMulticastAddressHelp=Address at which GMS listens for group events. Must be unique for each cluster.
cluster.gmsBindInterfaceAddress=Bind Interface Address:
cluster.gmsBindInterfaceAddressHelp=Network interface on the DAS to which GMS binds. Token must be defined in the gms-bind-interface-address property in the DAS configuration.
-cluster.number.instance.running=

{0} instances running
-cluster.number.instance.notRunning={0}

instances not running
+cluster.number.instance.running=

{0} instance(s) {1} running
+cluster.number.instance.notRunning={0}

instance(s)

{1} stopped
+cluster.number.instance.requireRestart={0} instance(s) {1}

restart required

cluster.ApplicationsTitleHelp=All instances in a cluster have the same set of deployed applications, for example, a Java EE application EAR file, a Web module WAR file, or an EJB JAR file.<br/>

Index: common/src/main/java/org/glassfish/admingui/common/handlers/ClusterHandler.java
===================================================================
— common/src/main/java/org/glassfish/admingui/common/handlers/ClusterHandler.java (revision 44118)
+++ common/src/main/java/org/glassfish/admingui/common/handlers/ClusterHandler.java (working copy)
@@ -66,6 +66,7 @@
import java.util.List;
import org.glassfish.admingui.common.util.GuiUtil;
import org.glassfish.admingui.common.util.RestUtil;
+import org.glassfish.api.admin.InstanceState;

public class ClusterHandler {

@@ -85,6 +86,7 @@
output = {
@HandlerOutput(name = "numRunning", type = String.class),
@HandlerOutput(name = "numNotRunning", type = String.class),
+ @HandlerOutput(name = "numRequireRestart", type = String.class),
@HandlerOutput(name = "disableStart", type = Boolean.class),
@HandlerOutput(name = "disableStop", type = Boolean.class),
@HandlerOutput(name = "disableEjb", type = Boolean.class)
@@ -93,22 +95,36 @@
Map statusMap = (Map) handlerCtx.getInputValue("statusMap");
int running=0;
int notRunning=0;
+ int requireRestart=0;
+ int unknown = 0;
try{
-
for (Iterator it=statusMap.values().iterator(); it.hasNext(); ) {
Object value = it.next();

  • if (value.toString().equals(RUNNING))
    Unknown macro: {+ if (value.toString().equals(InstanceState.StateType.RUNNING.getDescription())){ running++; - }else{ + }else+ if (value.toString().equals(InstanceState.StateType.NOT_RUNNING.getDescription())){ notRunning++; + }else+ if (value.toString().equals(InstanceState.StateType.RESTART_REQUIRED.getDescription())){ + requireRestart++; + }else { + unknown++; + GuiUtil.getLogger().severe("Unknown Status"); } }

handlerCtx.setOutputValue("disableEjb", (notRunning > 0) ? false :true); //refer to bug#6342445
handlerCtx.setOutputValue("disableStart", (notRunning > 0) ? false :true);

  • handlerCtx.setOutputValue("disableStop", (running > 0) ? false :true);
  • handlerCtx.setOutputValue( "numRunning" , GuiUtil.getMessage(CLUSTER_RESOURCE_NAME, "cluster.number.instance.running", new String[] {""+running}

    ));

  • handlerCtx.setOutputValue( "numNotRunning" , GuiUtil.getMessage(CLUSTER_RESOURCE_NAME, "cluster.number.instance.notRunning", new String[] {""+notRunning}

    ));
    + handlerCtx.setOutputValue("disableStop", ( (running+requireRestart) > 0) ? false :true);
    + handlerCtx.setOutputValue( "numRunning" , (running > 0) ?
    + GuiUtil.getMessage(CLUSTER_RESOURCE_NAME, "cluster.number.instance.running", new String[]

    {""+running, GuiUtil.getCommonMessage("status.image.RUNNING")}

    ) : "");
    +
    + handlerCtx.setOutputValue( "numNotRunning" , (notRunning > 0) ?
    + GuiUtil.getMessage(CLUSTER_RESOURCE_NAME, "cluster.number.instance.notRunning", new String[]

    {""+notRunning , GuiUtil.getCommonMessage("status.image.NOT_RUNNING")}

    ) : "");
    +
    + handlerCtx.setOutputValue( "numRequireRestart" , (requireRestart > 0) ?
    + GuiUtil.getMessage(CLUSTER_RESOURCE_NAME, "cluster.number.instance.requireRestart", new String[]

    {""+requireRestart, GuiUtil.getCommonMessage("status.image.REQUIRES_RESTART")}

    ) : "");
    }catch(Exception ex){
    handlerCtx.setOutputValue("numRunning", GuiUtil.getMessage(CLUSTER_RESOURCE_NAME, "cluster.status.unknown"));
    GuiUtil.getLogger().info(GuiUtil.getCommonMessage("log.error.getClusterStatusSummary") + ex.getLocalizedMessage());

Comment by sirajg [ 30/Dec/10 ]

Changes look good

Comment by Anissa Lam [ 30/Dec/10 ]

Fix checked in on 12/30/2010.

Project: glassfish
Repository: svn
Revision: 44163
Author: anilam
Date: 2010-12-30 18:22:31 UTC
Link:

Log Message:
------------
GLASSFISH-15387. Fix the status summary in the Cluster General page.
Approver: Anissa
Reviewer: Siraj. Paul reviewed the status phrase.

Revisions:
----------
44163

Modified Paths:
---------------
trunk/v3/admingui/cluster/src/main/resources/org/glassfish/cluster/admingui/Strings.properties
trunk/v3/admingui/common/src/main/java/org/glassfish/admingui/common/handlers/ClusterHandler.java
trunk/v3/admingui/cluster/src/main/resources/cluster/clusterGeneral.jsf

Comment by Harshad Vilekar [ 03/Feb/11 ]

Verified: 3.1 build 40 promoted.





[GLASSFISH-15345] security realm gets deleted if invalid property value is specified Created: 23/Dec/10  Updated: 03/Feb/11  Resolved: 29/Dec/10

Status: Closed
Project: glassfish
Component/s: admin_gui
Affects Version/s: 3.1_b34
Fix Version/s: 3.1_b36

Type: Bug Priority: Major
Reporter: Harshad Vilekar Assignee: Anissa Lam
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Tags: 3_1-approved

 Description   

Negative test scenario - uses invalid property value.

Steps:

Create New Security Realm:

Configurations - server-config - Securiy - Realms - New
Name: pamRealm
Class Name: com.sun.enterprise.security.auth.realm.pam.PamRealm
JASS Context: pamRealm

OK

Edit Realm: pamRealm
Add Property:
Name: Assign Groups
Value: employee=manager

Result:
Message is displayed:
An error has occurred
Invalid property syntax, "=" in value: Assign Groups=employee=manager

pamRealm - that we were trying to edit - gets deleted.

Expected Behavior: Fail to update the realm.



 Comments   
Comment by Anissa Lam [ 27/Dec/10 ]

The reason that the realm gets deleted due to invalid property is because for editing, realm is deleted first, and then re-create with the attribute/property specified.

We can either
-disallow editing of realm class due to editing

  • allow user to edit the class, and for the case where the classname is the same, do not delete it first. However, user may still run into the same issue of original realm disappeared if the property in the 'new' realm is invalid and the new realm cannot be created.
Comment by Anissa Lam [ 28/Dec/10 ]

1) How bad is its impact? (Severity)
The original realm get deleted unexpectedly if there is any error involved when editing this realm. It may not be easy to recreate the realm with all the required fields if there are many, eg. JDBC realm

2) How often does it happen? (Frequency)
Whenever there is any error in saving the new properties.

3) How much effort is required to fix it? (Cost)
Worked on this for 2 days, svn diff follows.

4) What is the risk of fixing it? (Risk)
There is a couple file change, but it is very local. The risk of affecting any other functionality is extremely low.

Here is more info and svn diff.

We decided to disallow the editing of realm classname.
This is based on the fact that if there is need for changing the classname, a completely different set of property will be required and needs to be changed anyway, user may as well create a new realm.

Index: admingui/common/src/main/java/org/glassfish/admingui/common/handlers/SecurityHandler.java
===================================================================
— admingui/common/src/main/java/org/glassfish/admingui/common/handlers/SecurityHandler.java (revision 44118)
+++ admingui/common/src/main/java/org/glassfish/admingui/common/handlers/SecurityHandler.java (working copy)
@@ -222,9 +222,12 @@
@HandlerInput(name="endpoint", type=String.class),
@HandlerInput(name="classnameOption", type=String.class),
@HandlerInput(name="attrMap", type=Map.class),

  • @HandlerInput(name="edit", type=Boolean.class),
    + @HandlerInput(name="edit", type=Boolean.class, required=true),
    @HandlerInput(name="contentType", type=String.class, required=false),
    @HandlerInput(name="propList", type=List.class)
    + },
    + output= { + @HandlerOutput(name="newPropList", type=List.class) }

    )
    public static void saveRealm(HandlerContext handlerCtx) {
    String option = (String) handlerCtx.getInputValue("classnameOption");
    @@ -284,11 +287,11 @@

Boolean edit = (Boolean) handlerCtx.getInputValue("edit");
String endpoint = (String) handlerCtx.getInputValue("endpoint");

  • if (edit.booleanValue()) {
  • HashMap attrs = new HashMap<String, Object>();
  • attrs.put("target", attrMap.get("target"));
  • RestUtil.delete(endpoint, attrs);
  • endpoint = endpoint.substring(0, endpoint.indexOf("/auth-realm"));
    + //for edit case, only properties will be changed since we don't allow classname change.
    + //return the prop list so it can continue processing in the .jsf
    + if (edit) { + handlerCtx.setOutputValue("newPropList", propList); + return; }

    Map<String, Object> cMap = new HashMap();
    cMap.put("name", attrMap.get("Name"));

Index: admingui/common/src/main/resources/security/realms/realmAttrs.inc
===================================================================
— admingui/common/src/main/resources/security/realms/realmAttrs.inc (revision 44118)
+++ admingui/common/src/main/resources/security/realms/realmAttrs.inc (working copy)
@@ -47,14 +47,16 @@
<sun:propertySheetSection id="propertySectionTextField">
<sun:property id="NameProp" rendered="#

{edit}" labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18nc.realm.realmName}" >
<sun:staticText id="NameStatic" text="#{pageSession.Name}"/>
- </sun:property>
-
+ </sun:property>
+ <sun:property id="classname" rendered="#{edit}

" labelAlign="left" noWrap="#

{true}" overlapLabel="#{false}" label="$resource{i18nc.realm.Classname}" >
+ <sun:staticText id="classname" text="#{attrMap.classname}"/>
+ </sun:property>
<sun:property id="NameTextProp" rendered="#{!edit}" labelAlign="left" noWrap="#{true}

" overlapLabel="#

{false}" label="$resource{i18n.common.Name}">
<sun:textField id="NameText" styleClass="required" text="#{attrMap.Name}" columns="$int{55}" maxLength="#{sessionScope.fieldLengths['maxLength.common.Name']}" required="#{true}" />
</sun:property>

- <sun:property id="cp" labelAlign="left" noWrap="#{true}" overlapLabel="#{false}

" label="$resource

{i18nc.realm.Classname}" helpText="$resource{i18nc.realm.ClassnameHelp}<br /><br />">
- <sun:radioButton id="optA" name="classnameOption" selected="#{classnameOption}" selectedValue="predefine"
+ <sun:property id="cp" visible="#{!edit}" labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18nc.realm.Classname}

" helpText="$resource

{i18nc.realm.ClassnameHelp}

<br /><br />">
+ <sun:radioButton id="optA" name="classnameOption" selected="#

{classnameOption}

" selectedValue="predefine"
onClick="enableClassnameFields('predefine'); "
/>
<sun:dropDown id="Classname" labels="$pageSession

{realmClasses}

" selected="#

{attrMap.classname}

"
@@ -80,7 +82,7 @@
</sun:property>
</sun:propertySheetSection>
</sun:propertySheet>
-
+"<br><br>
<sun:propertySheetSection id="fileSection" visible="#

{false}

" label="$resource

{i18nc.realm.specificProps}

" >
<!afterCreate
getClientId(component="$this

{component}

" clientId=>$page

{fileSectionId}

);

Index: admingui/common/src/main/resources/security/realms/realmButtons.inc
===================================================================
— admingui/common/src/main/resources/security/realms/realmButtons.inc (revision 44118)
+++ admingui/common/src/main/resources/security/realms/realmButtons.inc (working copy)
@@ -53,7 +53,10 @@
attrMap="#

{attrMap}

",
propList="$

{newList}

"
edit="#

{true}

"
+ newPropList="#

{requestScope.newPropList}"
);
+ javaToJSON(obj="#{requestScope.newPropList}

" json="#

{requestScope.tmpJSON}");
+ gf.restRequest(endpoint="#{pageSession.parentUrl}/property", method="POST", data="#{requestScope.tmpJSON}

", result="#

{requestScope.restResponse}

");
gf.redirect(page="#

{selfPage}

&alertType=$

{alertType}

&alertSummary=$

{alertSummary}

&alertDetail=$

{alertDetail}

");
/>
</sun:button>

Comment by sirajg [ 29/Dec/10 ]

looks good

Comment by Anissa Lam [ 29/Dec/10 ]

Project: glassfish
Repository: svn
Revision: 44142
Author: anilam
Date: 2010-12-29 16:46:32 UTC
Link:

Log Message:
------------
GLASSFISH-15345. Disallow classname change during realm edit. Just update the properties instead of delete and recreate the realm again.
Approver: Anissa
Reviewer: Siraj.

Revisions:
----------
44142

Modified Paths:
---------------
trunk/v3/admingui/common/src/main/java/org/glassfish/admingui/common/handlers/SecurityHandler.java
trunk/v3/admingui/common/src/main/resources/security/realms/realmAttrs.inc
trunk/v3/admingui/common/src/main/resources/security/realms/realmButtons.inc

Comment by Harshad Vilekar [ 03/Feb/11 ]

Verified: 3.1 build 41 nightly.





[GLASSFISH-10281] automagic redirect if the admin listener is secured Created: 14/Oct/09  Updated: 19/Jan/11  Resolved: 19/Jan/11

Status: Closed
Project: glassfish
Component/s: admin
Affects Version/s: V3
Fix Version/s: 3.1_b36

Type: Improvement Priority: Major
Reporter: vince kraemer Assignee: Tim Quinn
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: Mac OS X
Platform: Macintosh


Issuezilla Id: 10,281

 Description   

see https://glassfish.dev.java.net/servlets/BrowseList?list=users&by=thread&from=2112130

This may overlap with Grizzly, too.



 Comments   
Comment by vince kraemer [ 14/Oct/09 ]

while it could be considered a regression... I guess I will think of it as an enhancement.

Comment by Anissa Lam [ 14/Oct/09 ]

This enhancement is beyond GUI
Lets start with web container.

Comment by jluehe [ 15/Oct/09 ]

...

Comment by oleksiys [ 15/Oct/09 ]

I think I've replied on the thread.
Do we need anything additional from Grizzly side?

Comment by vince kraemer [ 15/Oct/09 ]

this is what oleksiys 'put in the thread'

it is probably easier to find it here for folks working on this issue...

actually we have this feature (port-unification) supported, but we don't have corresponding CLI
commands for it, so it's not public.
Here how you can configure admin protocol to support automatic http->https redirection.

<protocol name="admin-listener">
<port-unification>
<protocol-finder protocol="admin-listener-http"
classname="com.sun.grizzly.config.HttpProtocolFinder" name="http-finder" />
<protocol-finder protocol="http-redirect"
classname="com.sun.grizzly.config.HttpProtocolFinder" name="http-redirect" />
</port-unification>
</protocol>

<protocol security-enabled="true" name="admin-listener-http">
<http max-connections="250" default-virtual-server="__asadmin" server-name="">
<file-cache enabled="false" />
</http>
<ssl ssl3-enabled="false" cert-nickname="s1as" />
</protocol>

<protocol name="http-redirect">
<protocol-chain-instance-handler>
<protocol-chain>
<protocol-filter classname="com.sun.grizzly.config.HttpRedirectFilter" name="redirect-filter"
/>
</protocol-chain>
</protocol-chain-instance-handler>
</protocol>
.....

Comment by oleksiys [ 11/Nov/10 ]

I think Tim is implementing this on the admin side.

Comment by Tim Quinn [ 19/Jan/11 ]

I am almost positive that the request mentioned in the linked forum post has been satisfied by secure admin in 3.1, so I am closing this issue.

The link is to a post in the old forum. I have searched for a corresponding post in the new forum without success, just to be sure, so I have separately asked Vince to help me find the post in the new forum or to restate the request so we can be sure we've met it. If we have not met the request we can re-open this issue.

Comment by Tim Quinn [ 19/Jan/11 ]

Thanks to Vince for this link to the forum post:

http://java.net/projects/glassfish/lists/users/archive/2009-10/message/373

This is indeed handled now by secure admin in 3.1.





[GLASSFISH-15374] Cannot change CONFIG node to SSH if it has instances Created: 28/Dec/10  Updated: 18/Jan/11  Resolved: 29/Dec/10

Status: Closed
Project: glassfish
Component/s: admin_gui
Affects Version/s: None
Fix Version/s: 3.1_b36

Type: Bug Priority: Major
Reporter: lidiam Assignee: Anissa Lam
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

build: b35 promoted


Tags: 3_1-approved

 Description   

I created a CONFIG node on a remote system, leaving all fields blank, other than node name and node host name. On the remote machine I created a cluster with 2 instances, using create-local-instance commands. I started the instances from CLI - so far so good. In Admin Console I stopped cluster (worked fine) and went on to change the CONFIG node to SSH. I got the following error:

An error has occurred
Cannot update node vmbconf. It is in use by a server instance and therefore attribute installdir cannot be changed.

The user did nothing wrong, yet node cannot be converted to SSH. The reason is that when changing CONFIG node to SSH, installation directory is replaced with the default $

{com.sun.aas.productRoot} in Admin Console, even though the field was already populated. It is populated during the remote instance creation for config nodes. Thus the field had: /export/home/j2eetest/v31/glassfish3, but it was replaced with the default ${com.sun.aas.productRoot}

when changing to SSH. The value of this field should not be overwritten if a custom entry is already present.



 Comments   
Comment by Anissa Lam [ 28/Dec/10 ]

This means for the edit case, from CONFIG change to SSH node type, the following will be filled in for the Installation Directory field.
If the installation Directory fields is empty, it will show "$

{com.sun.aas.productRoot}" when changing the type from CONFIG to SSH.
If the installation Directory is NOT empty to begin with, this fields will NOT change. It will always show you the value that was there before the edit.


1) How bad is its impact? (Severity)
Prevents a smooth transaction from converting a CONFIG node to SSH node.

2) How often does it happen? (Frequency)
When the CONFIG node has the Installation Directory field before the conversion.

3) How much effort is required to fix it? (Cost)
Min. an hour of work + testing.

4) What is the risk of fixing it? (Risk)
Very low. Change is local. svn diff follows.



Index: cluster/src/main/resources/node/nodeEdit.jsf
===================================================================
— cluster/src/main/resources/node/nodeEdit.jsf (revision 44118)
+++ cluster/src/main/resources/node/nodeEdit.jsf (working copy)
@@ -72,7 +72,11 @@
setPageSessionAttribute(key="showInstalldirConfig" value="#{false}");
}
if ("#{pageSession.attrMap['type']}=CONFIG"){
+ //for CONFIG Node convert to SSH node case, if there is already installdir specified, keep the value specified instead of changing that to default.
mapPut(map="#{pageSession.valueMap}" key="installdir", value="
${com.sun.aas.productRoot}

");
+ if("#

{pageSession.attrMap['installDir']}"){
+ mapPut(map="#{pageSession.valueMap}" key="installdir", value="#{pageSession.attrMap['installDir']}

");
+ }
mapPut(map="#

{pageSession.valueMap}

" key="installdirConfig", value="#

{pageSession.attrMap['installDir']}

");
setPageSessionAttribute(key="showInstalldirSSH" value="#

{false}

");
setPageSessionAttribute(key="showInstalldirConfig" value="#

{true}

");

Comment by Anissa Lam [ 29/Dec/10 ]

Fix checked in on 12/29.

Project: glassfish
Repository: svn
Revision: 44140
Author: anilam
Date: 2010-12-29 16:37:53 UTC
Link:

Log Message:
------------
GLASSFISH-15374. Do not fill in default for installdir when converting CONFIG node to SSH node if that value is not empty.
Approver: Anissa
Reviewer: Siraj.

Revisions:
----------
44140

Modified Paths:
---------------
trunk/v3/admingui/cluster/src/main/resources/node/nodeEdit.jsf

Comment by lidiam [ 18/Jan/11 ]

Verified on promoted build b38.





[GLASSFISH-15299] Running with Sec Mgr Enabled: need property support handled by glassfish Created: 21/Dec/10  Updated: 07/Jan/11  Resolved: 04/Jan/11

Status: Resolved
Project: glassfish
Component/s: security
Affects Version/s: 3.1_b33
Fix Version/s: 3.1_b36

Type: Bug Priority: Major
Reporter: phendley Assignee: Shing Wai Chan
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Solaris 10, Ultra 45, Glassfish 3.1 b33, JDK1.6_022


Attachments: File server.log.EJBMethodPermission     File server.log.err3     File server.log.err4     File server.log.stacktraces    
Tags: 3_1-approved

 Description   

DESCRIPTION:
Using Glassfish with security manager enabled, if we run some CTS tests, we are seeing errors that shuld probably be handled on the glassfish server side. The following permissions have been encountered and are needed in the server.policy file - without these permissions, GF will not allow some common behavior to work.

The permissions in question are:
permission javax.management.MBeanServerPermission "findMBeanServer";
permission java.lang.RuntimePermission "createSecurityManager";

If we add these to server.policy then our tests work but without them our tests fail. It has been suggested that the tests are doing common tasks that average users should be able to do and that is why its believed some level of support needs to be done on the GF server side.

See attached for stacktrace details.

WORK AROUND:
------------
The work around is to manually add these properties to the server.policy file.

ADDITIONAL PERMS:
-----------------
The following properties are also needed in server.policy and it is not clear if these ought to be configured (ie. added to server.policy) in the CTS config step or if these perms should be handled in Glassfish side.
These additional properties are:

permission javax.security.jacc.EJBMethodPermission SecEjbHelloBasic
sayHelloBasic,ServiceEndpoint,java.lang.String)
(see details for this perm in attached file: server.log.EJBMethodPermission )

-phendley



 Comments   
Comment by mzh777 [ 21/Dec/10 ]

Hi Dhiru, The issue is affecting CTS tests. Can you assign this to someone in CTS team?

Comment by phendley [ 21/Dec/10 ]

More permission failures uncovered. See the stack trace in the 3rd and 4th attachments of the server.log file. See server.log.err3 and server.log.err4 in which the following permission seems to be missing:
permission((javax.security.jacc.EJBMethodPermission
WSSecEjbHelloBasicSSL
sayHelloBasic,ServiceEndpoint,java.lang.String))

permission((javax.security.jacc.EJBMethodPermission
WSSecEjbHelloBasicSSL
sayHelloBasic,ServiceEndpoint,java.lang.String)

It's not clear if these perms need to be handled by CTS config or if it should be handled by Glassfish. See attached files for stacktrace details on these perms.

-phendley

Comment by Nithya Ramakrishnan [ 22/Dec/10 ]

The EJBMethodPermission are app-specific and cannot be granted by the Glassfish server.policy. The failures imply that the client does not have enough permissions for invoking the method.

The java.lang.RuntimePermission "createSecurityManager"; cannot be granted in Glassfish server.policy and has to be handled by the CTS config. For the javax.management.MBeanServerPermission "findMBeanServer"; , can you please raise an issue with the admin/jmx team to investigate if this permission can be added to server.policy.

We are closing this issue. If you think that EJBMethodPermission cannot occur because the client uses the right credentials, please raise another issue with the steps to reproduce.

Comment by Nithya Ramakrishnan [ 22/Dec/10 ]

Please see the comments above.

Comment by Nithya Ramakrishnan [ 23/Dec/10 ]

Paul,

Can you please provide us the stack trace corressponding to the permission java.lang.RuntimePermission "createSecurityManager"; failure? We shall try to locate the source of the error in this case.

As mentioned previously, for the permission javax.management.MBeanServerPermission "findMBeanServer"; , please raise an issue with the admin/JMX team for investigation wrt that.

Comment by Nithya Ramakrishnan [ 26/Dec/10 ]

Since the RuntimePermission for createSecurityManager seems to originate from the Webcontainer code, reopening this issue and assigning to the webcontainer team to investigate :

[#|2010-12-23T09:01:48.284-0500|WARNING|glassfish3.1|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=15;_ThreadName=Thread-1;|java.security.AccessControlException: access denied (java.lang.RuntimePermission createSecurityManager)
java.security.AccessControlException: access denied (java.lang.RuntimePermission createSecurityManager)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.<init>(SecurityManager.java:282)
at org.apache.catalina.core.StandardContext$MySecurityManager.<init>(StandardContext.java:7362)
at org.apache.catalina.core.StandardContext$MySecurityManager.<init>(StandardContext.java:7362)
at org.apache.catalina.core.StandardContext.<init>(StandardContext.java:167)
at com.sun.enterprise.web.pwc.PwcWebModule.<init>(PwcWebModule.java:54)
at com.sun.enterprise.web.WebModule.<init>(WebModule.java:186)
at com.sun.enterprise.web.EmbeddedWebContainer.createContext(EmbeddedWebContainer.java:190)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1794)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1629)
at com.sun.enterprise.web.WebApplication.start(WebApplication.java:100)
at org.glassfish.internal.data.EngineRef.start(EngineRef.java:130)
at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:269)
at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:290)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:461)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:240)
at com.sun.ejb.containers.EjbContainerUtilImpl.deployEJBTimerService(EjbContainerUtilImpl.java:547)
at com.sun.ejb.containers.EjbContainerUtilImpl.getEJBTimerService(EjbContainerUtilImpl.java:289)
at com.sun.ejb.containers.EjbContainerUtilImpl.getEJBTimerService(EjbContainerUtilImpl.java:284)
at com.sun.ejb.containers.EjbContainerUtilImpl.getEJBTimerService(EjbContainerUtilImpl.java:269)
at com.sun.ejb.EjbNamingReferenceManagerImpl.getEJBContextObject(EjbNamingReferenceManagerImpl.java:230)
at com.sun.enterprise.container.common.impl.ComponentEnvManagerImpl$EjbContextProxy.create(ComponentEnvManagerImpl.java:911)
at com.sun.enterprise.naming.impl.GlassfishNamingManagerImpl.lookup(GlassfishNamingManagerImpl.java:771)
at com.sun.enterprise.naming.impl.GlassfishNamingManagerImpl.lookup(GlassfishNamingManagerImpl.java:740)
at com.sun.enterprise.naming.impl.JavaURLContext.lookup(JavaURLContext.java:166)
at com.sun.enterprise.naming.impl.SerialContext.lookup(SerialContext.java:538)
at com.sun.enterprise.naming.impl.SerialContext.lookup(SerialContext.java:491)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl._inject(InjectionManagerImpl.java:597)
at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl.inject(InjectionManagerImpl.java:468)
at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl.injectInstance(InjectionManagerImpl.java:173)
at com.sun.ejb.containers.BaseContainer.injectEjbInstance(BaseContainer.java:1691)
at com.sun.ejb.containers.AbstractSingletonContainer.createSingletonEJB(AbstractSingletonContainer.java:504)
at com.sun.ejb.containers.AbstractSingletonContainer.access$100(AbstractSingletonContainer.java:79)
at com.sun.ejb.containers.AbstractSingletonContainer$SingletonContextFactory.create(AbstractSingletonContainer.java:717)
at com.sun.ejb.containers.AbstractSingletonContainer.instantiateSingletonInstance(AbstractSingletonContainer.java:449)
at org.glassfish.ejb.startup.SingletonLifeCycleManager.initializeSingleton(SingletonLifeCycleManager.java:216)
at org.glassfish.ejb.startup.SingletonLifeCycleManager.initializeSingleton(SingletonLifeCycleManager.java:177)
at com.sun.ejb.containers.AbstractSingletonContainer.checkInit(AbstractSingletonContainer.java:421)
at com.sun.ejb.containers.CMCSingletonContainer._getContext(CMCSingletonContainer.java:117)
at com.sun.ejb.containers.BaseContainer.getContext(BaseContainer.java:2528)
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1895)
at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:205)
at com.sun.ejb.containers.EJBObjectInvocationHandlerDelegate.invoke(EJBObjectInvocationHandlerDelegate.java:79)
at $Proxy188.add(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.corba.ee.impl.presentation.rmi.ReflectiveTie.dispatchToMethod(ReflectiveTie.java:144)
at com.sun.corba.ee.impl.presentation.rmi.ReflectiveTie._invoke(ReflectiveTie.java:174)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatchToServant(CorbaServerRequestDispatcherImpl.java:528)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:199)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1624)
at com.sun.corba.ee.impl.protocol.SharedCDRClientRequestDispatcherImpl.marshalingComplete(SharedCDRClientRequestDispatcherImpl.java:126)
at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.invoke(CorbaClientDelegateImpl.java:243)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:200)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.invoke(StubInvocationHandlerImpl.java:152)
at com.sun.corba.ee.impl.presentation.rmi.codegen.CodegenStubBase.invoke(CodegenStubBase.java:227)
at com.sun.ts.tests.ejb30.common.helloejbjar._HelloRemoteIF_Remote_DynamicStub.add(com/sun/ts/tests/ejb30/common/helloejbjar/_HelloRemoteIF_Remote_DynamicStub.java)
at com.sun.ts.tests.ejb30.common.helloejbjar._HelloRemoteIF_Wrapper.add(com/sun/ts/tests/ejb30/common/helloejbjar/_HelloRemoteIF_Wrapper.java)
at com.sun.ts.tests.ejb30.assembly.appres.common.AppResTest.beanPostConstruct(AppResTest.java:114)
at com.sun.ts.tests.ejb30.assembly.appres.common.TestServletBase2.postConstruct(TestServletBase2.java:42)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl$3.run(InjectionManagerImpl.java:728)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl.invokeLifecycleMethod(InjectionManagerImpl.java:722)
at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl.inject(InjectionManagerImpl.java:492)
at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl.injectInstance(InjectionManagerImpl.java:146)
at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl.injectInstance(InjectionManagerImpl.java:132)
at com.sun.enterprise.container.common.impl.util.InjectionManagerImpl.createManagedObject(InjectionManagerImpl.java:311)
at com.sun.enterprise.web.WebContainer.createServletInstance(WebContainer.java:701)
at com.sun.enterprise.web.WebModule.createServletInstance(WebModule.java:1943)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1263)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1240)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5025)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:5317)
at com.sun.enterprise.web.WebModule.start(WebModule.java:497)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:917)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:148)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:170)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:899)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:753)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1981)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1629)
at com.sun.enterprise.web.WebApplication.start(WebApplication.java:100)
at org.glassfish.internal.data.EngineRef.start(EngineRef.java:130)
at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:269)
at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:290)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:461)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:240)
at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:370)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$1.execute(CommandRunnerImpl.java:359)
at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:369)
at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1080)
at com.sun.enterprise.v3.admin.CommandRunnerImpl.access$1200(CommandRunnerImpl.java:95)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1260)
at org.glassfish.deployment.autodeploy.AutoOperation.run(AutoOperation.java:145)
at org.glassfish.deployment.autodeploy.AutoDeployer.deploy(AutoDeployer.java:577)
at org.glassfish.deployment.autodeploy.AutoDeployer.deployAll(AutoDeployer.java:463)
at org.glassfish.deployment.autodeploy.AutoDeployer.run(AutoDeployer.java:395)
at org.glassfish.deployment.autodeploy.AutoDeployer.run(AutoDeployer.java:380)
at org.glassfish.deployment.autodeploy.AutoDeployService$1.run(AutoDeployService.java:213)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)

Comment by Shing Wai Chan [ 27/Dec/10 ]

Web container code does have doPrivileged there as shown in the stack trace.

The actual security check failure is as follows:
[#|2011-01-03T13:48:50.015-0800|FINE|glassfish3.1|javax.enterprise.system.core.security|_ThreadID=20;_ThreadName=Thread-1;ClassName=com.sun.enterprise.security.provider.BasePolicyWrapper$2;MethodName=run;|Domain that failed(ProtectionDomain (file:/export/gfv3/src/v3/install/glassfish3/glassfish/domains/domain1/applications/ejb3_assembly_appres_warejb/lib/shared.jar <no signer certificates>)
EarLibClassLoader :
urlSet = [URLEntry : file:/export/gfv3/src/v3/install/glassfish3/glassfish/domains/domain1/applications/ejb3_assembly_appres_warejb/lib/shared.jar]
doneCalled = false
Parent -> org.glassfish.internal.api.DelegatingClassLoader@4bd11776

<no principals>
java.security.Permissions@8db2498 (
(javax.management.MBeanPermission * *)
(javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *)
(java.io.FilePermission <<ALL FILES>> read,write,delete)
(java.io.FilePermission /var/folders/NU/NUJy9eWeH5OxZNNQ8FRakE+++TI/Tmp//- delete)
(java.io.FilePermission /export/gfv3/src/v3/install/glassfish3/glassfish/domains/domain1/lib/databases/- delete)
(java.io.FilePermission <<ALL FILES>> read,write)
(unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access null)
(unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
(unresolved org.osgi.framework.AdminPermission * *)
(unresolved org.osgi.framework.AdminPermission * *)
(java.lang.RuntimePermission getClassLoader)
(java.lang.RuntimePermission loadLibrary.*)
(java.lang.RuntimePermission createClassLoader)
(java.lang.RuntimePermission accessDeclaredMembers)
(java.lang.RuntimePermission setFactory)
(java.lang.RuntimePermission getProtectionDomain)
(java.lang.RuntimePermission modifyThreadGroup)
(java.lang.RuntimePermission stopThread)
(java.lang.RuntimePermission setContextClassLoader)
(java.lang.RuntimePermission queuePrintJob)
(java.net.SocketPermission localhost:1024- listen,resolve)
(java.net.SocketPermission * connect,resolve)
(java.security.SecurityPermission setProperty.policy.url.1)
(java.security.SecurityPermission setProperty.policy.url.3)
(java.security.SecurityPermission setProperty.policy.url.2)
(java.security.SecurityPermission getPolicy)
(java.security.SecurityPermission setPolicy)
(java.security.SecurityPermission getProperty.policy.url.2)
(java.security.SecurityPermission getProperty.policy.url.3)
(java.security.SecurityPermission getProperty.policy.url.1)
(java.lang.reflect.ReflectPermission suppressAccessChecks)
(javax.management.MBeanTrustPermission register)
(javax.xml.ws.WebServicePermission publishEndpoint)
(javax.security.auth.AuthPermission doAsPrivileged)
(javax.security.auth.AuthPermission modifyPrincipals)
(javax.security.auth.AuthPermission modifyPrivateCredentials)
(javax.security.auth.AuthPermission modifyPublicCredentials)
(javax.security.auth.AuthPermission createLoginContext.fileRealm)
(javax.security.auth.PrivateCredentialPermission javax.resource.spi.security.PasswordCredential * "*" read)
(javax.security.auth.PrivateCredentialPermission com.sun.enterprise.security.auth.login.common.PasswordCredential * "*" read)
(javax.management.MBeanServerPermission createMBeanServer)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission apple.laf.* read,write)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission com.apple.macos.useScreenMenuBar read,write)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission j2eelogin.name write)
(java.util.PropertyPermission java.specification.vendor read)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission j2eelogin.password write)
(java.util.PropertyPermission * read,write)
(java.util.PropertyPermission os.name read)
(java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission org.xml.sax.parser write)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission os.version read)
(java.util.PropertyPermission os.arch read)
(java.util.PropertyPermission mrj.version read)
(java.util.PropertyPermission com.apple.hwaccel read,write)
(java.util.PropertyPermission apple.awt.* read,write)
(java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
)

)|#]

Comment by Shing Wai Chan [ 03/Jan/11 ]

How bad is its impact? (Severity)
high

How often does it happen? Will many users see this problem? (Frequency)
With security manager on, a servlet may have issue to load an ejb.

How much effort is required to fix it? (Cost)
low

What is the risk of fixing it and how will the risk be mitigated? (Risk)
low

Comment by Shing Wai Chan [ 04/Jan/11 ]

Sending src/main/java/org/apache/catalina/core/StandardContext.java
Transmitting file data .
Committed revision 44210.

reviewed by Ron Monzillo, V B Kumar Jayanti

Simplfy the above change
Sending src/main/java/org/apache/catalina/core/StandardContext.java
Transmitting file data .
Committed revision 44333.





[GLASSFISH-15388] DeploymentContext instance not available for deploying to all virtual servers Created: 29/Dec/10  Updated: 04/Jan/11  Resolved: 04/Jan/11

Status: Resolved
Project: glassfish
Component/s: web_container
Affects Version/s: 3.1_ms07
Fix Version/s: 3.1_b36

Type: Bug Priority: Major
Reporter: sheetalv Assignee: Shing Wai Chan
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Dependency
depends on GLASSFISH-11984 JSF applications cannot be deployed t... Resolved
blocks GLASSFISH-11984 JSF applications cannot be deployed t... Resolved

 Description   

Recently Ed made some changes w.r.t the use of the GF Annotation Scanning feature in JSF. The org.glassfish.faces.integration.GlassFishInjectionProvider class has a method getAnnotatedClassesInCurrentModule() which gets hold of the DeploymentContext via :
DeploymentContext dc = serverConfigLookup.getDeploymentContext(servletContext);

Now this code works perfectly well when there is only 1 virtual server (default "server") to deploy to. But when I add more virtual servers, the DeploymentContext is null when GF tries to deploy to the second virtual server. I was able to see why. WebContainer.loadWebModule() sets this DeploymentContext to null at line 1986. So henceforth, it is null in the same VM.

This is a problem when deploying JSF apps to multiple virtual servers.



 Comments   
Comment by sheetalv [ 29/Dec/10 ]

Cannot proceed with the fix for 11984 until this gets resolved.

Comment by Shing Wai Chan [ 03/Jan/11 ]

How bad is its impact? (Severity)
low

How often does it happen? Will many users see this problem? (Frequency)
When we deploy jsf app into multiple virtual servers

How much effort is required to fix it? (Cost)
low

What is the risk of fixing it and how will the risk be mitigated? (Risk)
low

Comment by Shing Wai Chan [ 04/Jan/11 ]

Sending web-glue/src/main/java/com/sun/enterprise/web/WebApplication.java
Sending web-glue/src/main/java/com/sun/enterprise/web/WebContainer.java
Transmitting file data ..
Committed revision 44208.

reviewed by Kinman Chung





[GLASSFISH-15355] WAB undeployment must happen synchronously upon bundle.stop() Created: 27/Dec/10  Updated: 31/Dec/10  Resolved: 31/Dec/10

Status: Resolved
Project: glassfish
Component/s: OSGi-JavaEE
Affects Version/s: 3.1_b33
Fix Version/s: 3.1_b36

Type: Bug Priority: Major
Reporter: Sanjeeb Sahoo Assignee: Sanjeeb Sahoo
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by GLASSFISH-15398 WAB does not get deployed correctly i... Resolved
Tags: 3_1-approved

 Description   

rfc #66 spec mandates the following:
A web application is stopped by stopping the corresponding WAB. In response to a WAB STOPPING
event, the Web Extender must undeploy the corresponding Web Application from the Servlet Con-
tainer and clean up any resources. This undeploying must occur synchronously with the WAB's stop-
ping event. This will involve the following steps:
1 An org/osgi/service/web/UNDEPLOYING event is posted to signal that a Web Application will be
removed. See Events on page 426.
2 Unregister the corresponding Servlet Context service
3 The Web Runtime must stop serving content from the Web Application.
4 The Web Runtime must clean up any Web Application specific resources as per servlet 2.5 specifi-
cation.
5 Emit an org/osgi/service/web/UNDEPLOYED event. See Events on page 426.
6 It is possible that there are one or more colliding WABs because they had the same Context Path as
this stopped WAB. If such colliding WABs exists then the Web Extender must attempt to deploy
the colliding WAB with the lowest bundle id.
Any failure during undeploying should be logged but must not stop the cleaning up of resources and
notification of (other) listeners as well as handling any collisions.

We are currently doing all these asynchronously.

How bad is its impact? (Severity): Minor

How often does it happen? Will many users see this problem? (Frequency): OSGi EE spec compliance

How much effort is required to fix it? (Cost): Medium - We already understand the issue and have a fix.

What is the risk of fixing it and how will the risk be mitigated? (Risk): Low - affects only OSGi enabled JavaEE application users.



 Comments   
Comment by Sanjeeb Sahoo [ 31/Dec/10 ]

ss141213@Sahoo:/space/ss141213/WS/gf/v3/osgi-javaee$ svn commit -m "Issue 15355: Undeploy hybrid app synchrously upon bundle.stop(). Also take care of possible IllegalStateExceptions which can happen if bundle goes into STOPPING state while it is still being deployed as described in a related issue 15398. See issue 15355 for approval details."
Sending osgi-javaee/osgi-javaee-base/src/main/java/org/glassfish/osgijavaeebase/JavaEEExtender.java
Sending osgi-javaee/osgi-web-container/src/main/java/org/glassfish/osgiweb/OSGiWebDeploymentRequest.java
Transmitting file data ..
Committed revision 44175.





[GLASSFISH-15354] ContextPathCollisionDetector is not cleaned up when deployment fails abruptly Created: 27/Dec/10  Updated: 31/Dec/10  Resolved: 31/Dec/10

Status: Resolved
Project: glassfish
Component/s: OSGi-JavaEE
Affects Version/s: 3.1_b33
Fix Version/s: 3.1_b36

Type: Bug Priority: Major
Reporter: Sanjeeb Sahoo Assignee: Sanjeeb Sahoo
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Tags: 3_1-approved

 Description   

ContextPathCollisionDetector is used to detect conflicts in context path. Currently, we add bundle details in ContextPathCollisionDetector at the beginning of deployment and remove bundle details from ContextPathCollisionDetector on undeployment. If a bundle fails to deploy, we don't remove its details from ContextPathCollisionDetector as a result of which subsequent attempt to deploy any bundle with the same context path results in ContextPathCollisionException.

The simple fix is to cleanup in case of failed deployment.

How bad is its impact? (Severity): rfc #66 compliance issue.

How often does it happen? Will many users see this problem? (Frequency): Sometimes

How much effort is required to fix it? (Cost): Very Low

What is the risk of fixing it and how will the risk be mitigated? (Risk): Only affects hybrid app users and fix is well understood.



 Comments   
Comment by Sanjeeb Sahoo [ 31/Dec/10 ]

ss141213@Sahoo:/space/ss141213/WS/gf/v3/osgi-javaee$ svn commit -m "Issue 15354: clean up context path collision detector on failed deployment. see jira for approval details." osgi-web-container/
Sending osgi-web-container/src/main/java/org/glassfish/osgiweb/ContextPathCollisionDetector.java
Sending osgi-web-container/src/main/java/org/glassfish/osgiweb/OSGiWebDeploymentRequest.java
Transmitting file data ..
Committed revision 44174.





[GLASSFISH-15288] Class not found exception from loading persistent state from a file from a previous run. Created: 20/Dec/10  Updated: 29/Dec/10  Resolved: 29/Dec/10

Status: Resolved
Project: glassfish
Component/s: deployment
Affects Version/s: 3.1_b33
Fix Version/s: 3.1_b36

Type: Bug Priority: Major
Reporter: zorro Assignee: Hong Zhang
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

solaris sparc


Tags: 3_1-approved

 Description   

Assigning to admin gui as this seems to be a gui issue that it is not prompting for a restart.

build 33

Deployed niles bookstore on a 3-node cluster.
Using Oracle Load Testing Harness ran longevity test.

bug: Class not found exception from loading persistent state from a file from a previous run.
See EJBObjectInputStream.resolveClass() in stack trace below.

#|2010-12-10T12:53:46.436-0800|SEVERE|oracle-glassfish3.1|org.apache.catalina.session.ManagerBase|_ThreadID=16;_ThreadName=Thread-1;|PWC2773: Exception loading sessions from persistent storage
java.lang.ClassNotFoundException: NileBookStore.session.BigDummyObject

This message occurs just BEFORE the deploying NileBookStore message.

Full stack traces and deploy log message at end of this email at [1].

This error would not happen if there had not been a start/stop/start cycle in testing.

[1]/net/asqe-logs.us.oracle.com/export1/gms/gf31/gms/set_12_19_10_t_22_43_52/scenario_0001_Sun_Dec_19_22_44_16_PST_2010/n1c1m3/logs/server.log
[#|2010-12-10T12:53:46.427-0800|SEVERE|oracle-glassfish3.1|org.apache.catalina.session.ManagerBase|_ThreadID=16;_ThreadName=Thread-1;|PWC2767: ClassNotFoundException while loading persisted sessions: java.lang.ClassNotFoundException: NileBookStore.session.BigDummyObject
java.lang.ClassNotFoundException: NileBookStore.session.BigDummyObject
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at org.apache.felix.framework.ModuleImpl.doImplicitBootDelegation(ModuleImpl.java:1535)
at org.apache.felix.framework.ModuleImpl.searchDynamicImports(ModuleImpl.java:1472)
at org.apache.felix.framework.ModuleImpl.findClassOrResourceByDelegation(ModuleImpl.java:734)
at org.apache.felix.framework.ModuleImpl.access$400(ModuleImpl.java:71)
at org.apache.felix.framework.ModuleImpl$ModuleClassLoader.loadClass(ModuleImpl.java:1768)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:603)
at com.sun.ejb.base.io.EJBObjectInputStream.resolveClass(EJBObjectInputStream.java:163)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495)
at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1623)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1322)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
at org.apache.catalina.session.StandardSession.readRemainingObject(StandardSession.java:1951)
at org.apache.catalina.session.StandardSession.readObject(StandardSession.java:1859)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
at org.apache.catalina.session.StandardSession.deserialize(StandardSession.java:1144)
at org.apache.catalina.session.StandardManager.readSessions(StandardManager.java:492)
at org.apache.catalina.session.StandardManager.doLoadFromFile(StandardManager.java:422)
at org.apache.catalina.session.StandardManager.load(StandardManager.java:393)
at org.apache.catalina.session.StandardManager.start(StandardManager.java:834)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:5307)
at com.sun.enterprise.web.WebModule.start(WebModule.java:497)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:917)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:901)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:750)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1979)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1627)
at com.sun.enterprise.web.WebApplication.start(WebApplication.java:100)
at org.glassfish.internal.data.EngineRef.start(EngineRef.java:130)
at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:269)
at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:290)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:461)
at com.sun.enterprise.v3.server.ApplicationLoaderService.processApplication(ApplicationLoaderService.java:351)
at com.sun.enterprise.v3.server.ApplicationLoaderService.postConstruct(ApplicationLoaderService.java:202)
at com.sun.hk2.component.AbstractCreatorImpl.inject(AbstractCreatorImpl.java:128)
at com.sun.hk2.component.ConstructorCreator.initialize(ConstructorCreator.java:88)
at com.sun.hk2.component.AbstractCreatorImpl.get(AbstractCreatorImpl.java:79)
at com.sun.hk2.component.SingletonInhabitant.get(SingletonInhabitant.java:64)
at com.sun.hk2.component.EventPublishingInhabitant.get(EventPublishingInhabitant.java:136)
at com.sun.hk2.component.AbstractInhabitantImpl.get(AbstractInhabitantImpl.java:73)
at com.sun.enterprise.v3.server.AppServerStartup.run(AppServerStartup.java:243)
at com.sun.enterprise.v3.server.AppServerStartup.start(AppServerStartup.java:135)
at com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79)
at com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97)
at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55)

#]

[#|2010-12-10T12:53:46.436-0800|SEVERE|oracle-glassfish3.1|org.apache.catalina.session.ManagerBase|_ThreadID=16;_ThreadName=Thread-1;|PWC2773: Exception loading sessions from persistent storage
java.lang.ClassNotFoundException: NileBookStore.session.BigDummyObject
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at org.apache.felix.framework.ModuleImpl.doImplicitBootDelegation(ModuleImpl.java:1535)
at org.apache.felix.framework.ModuleImpl.searchDynamicImports(ModuleImpl.java:1472)
at org.apache.felix.framework.ModuleImpl.findClassOrResourceByDelegation(ModuleImpl.java:734)
at org.apache.felix.framework.ModuleImpl.access$400(ModuleImpl.java:71)
at org.apache.felix.framework.ModuleImpl$ModuleClassLoader.loadClass(ModuleImpl.java:1768)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:247)
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:603)
at com.sun.ejb.base.io.EJBObjectInputStream.resolveClass(EJBObjectInputStream.java:163)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495)
at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1623)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1322)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
at org.apache.catalina.session.StandardSession.readRemainingObject(StandardSession.java:1951)
at org.apache.catalina.session.StandardSession.readObject(StandardSession.java:1859)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350)
at org.apache.catalina.session.StandardSession.deserialize(StandardSession.java:1144)
at org.apache.catalina.session.StandardManager.readSessions(StandardManager.java:492)
at org.apache.catalina.session.StandardManager.doLoadFromFile(StandardManager.java:422)
at org.apache.catalina.session.StandardManager.load(StandardManager.java:393)
at org.apache.catalina.session.StandardManager.start(StandardManager.java:834)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:5307)
at com.sun.enterprise.web.WebModule.start(WebModule.java:497)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:917)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:901)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:750)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1979)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1627)
at com.sun.enterprise.web.WebApplication.start(WebApplication.java:100)
at org.glassfish.internal.data.EngineRef.start(EngineRef.java:130)
at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:269)
at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:290)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:461)
at com.sun.enterprise.v3.server.ApplicationLoaderService.processApplication(ApplicationLoaderService.java:351)
at com.sun.enterprise.v3.server.ApplicationLoaderService.postConstruct(ApplicationLoaderService.java:202)
at com.sun.hk2.component.AbstractCreatorImpl.inject(AbstractCreatorImpl.java:128)
at com.sun.hk2.component.ConstructorCreator.initialize(ConstructorCreator.java:88)
at com.sun.hk2.component.AbstractCreatorImpl.get(AbstractCreatorImpl.java:79)
at com.sun.hk2.component.SingletonInhabitant.get(SingletonInhabitant.java:64)
at com.sun.hk2.component.EventPublishingInhabitant.get(EventPublishingInhabitant.java:136)
at com.sun.hk2.component.AbstractInhabitantImpl.get(AbstractInhabitantImpl.java:73)
at com.sun.enterprise.v3.server.AppServerStartup.run(AppServerStartup.java:243)
at com.sun.enterprise.v3.server.AppServerStartup.start(AppServerStartup.java:135)
at com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79)
at com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97)
at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55)

#]

[#|2010-12-10T12:53:46.950-0800|INFO|oracle-glassfish3.1|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=1;_ThreadName=main;|WEB0671: Loading application [NileBookStore] at [/NileBookStore]|#]

[#|2010-12-10T12:53:46.950-0800|INFO|oracle-glassfish3.1|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=16;_ThreadName=Thread-1;|WEB0671: Loading application [NileBookStore] at [/NileBookStore]|#]

[#|2010-12-10T12:53:46.950-0800|INFO|oracle-glassfish3.1|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=1;_ThreadName=main;|WEB0671: Loading application [NileBookStore] at [/NileBookStore]|#]

[2] /net/asqe-logs.us.oracle.com/export1/gms/gf31/gms/set_12_19_10_t_22_43_52/scenario_0001_Sun_Dec_19_22_44_16_PST_2010/n1c1m3/logs/server.log

[#|2010-12-10T00:22:34.875-0800|WARNING|oracle-glassfish3.1|javax.enterprise.system.core.transaction.com.sun.jts.jta|_ThreadID=16;_ThreadName=Thread-1;|
java.lang.IllegalStateException
at com.sun.jts.jta.TransactionServiceProperties.initRecovery(TransactionServiceProperties.java:283)
at com.sun.enterprise.transaction.jts.JavaEETransactionManagerJTSDelegate.initRecovery(JavaEETransactionManagerJTSDelegate.java:408)
at com.sun.enterprise.transaction.JavaEETransactionManagerSimplified.initRecovery(JavaEETransactionManagerSimplified.java:287)
at com.sun.enterprise.transaction.startup.TransactionRecoveryWrapper.onReady(TransactionRecoveryWrapper.java:100)
at com.sun.enterprise.transaction.startup.TransactionRecoveryWrapper$1.event(TransactionRecoveryWrapper.java:86)
at org.glassfish.kernel.event.EventsImpl.send(EventsImpl.java:128)
at com.sun.enterprise.v3.server.AppServerStartup.run(AppServerStartup.java:321)
at com.sun.enterprise.v3.server.AppServerStartup.start(AppServerStartup.java:135)
at com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79)
at com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97)
at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55)

#]

log:
http://aras2.us.oracle.com:8080/logs/gf31/gms/set_12_19_10_t_22_43_52/scenario_0001_Sun_Dec_19_22_44_16_PST_2010/n1c1m3/logs/server.log

all logs:
http://aras2.us.oracle.com:8080/logs/gf31/gms/set_12_19_10_t_22_43_52/scenario_0001_Sun_Dec_19_22_44_16_PST_2010/



 Comments   
Comment by Nazrul [ 20/Dec/10 ]

Are we using in-memory replication? The log message seem to indicate we are using file system for saving session state. Refer to

PWC2773: Exception loading sessions from persistent storage
java.lang.ClassNotFoundException: NileBookStore.session.BigDummyObject

Also, the domain.xml looks corrupted. So, it is not possible to understand what the configuration looks like. Refer to http://aras2.us.oracle.com:8080/logs/gf31/gms/set_12_19_10_t_22_43_52/scenario_0001_Sun_Dec_19_22_44_16_PST_2010/das/domain.xml

It would be useful if we can monitor the logs, JVM heap size, etc. during the run and report issues as soon as they begin to show up.

Comment by zorro [ 21/Dec/10 ]

<application availability-enabled="true" context-root="/NileBookStore" location="$

{com.sun.aas.instanceRootURI}

/applications/NileBookStore/" name="NileBookStore" object-type="user">

you can see domain.xml in the physical location:
/net/asqe-logs/export1/gms/gf31/gms/set_12_19_10_t_22_43_52/scenario_0001_Sun_Dec_19_22_44_16_PST_2010

Comment by zorro [ 21/Dec/10 ]

updated the bug with the requested information.
domain.xml can be viewed directly from physical location:
/net/asqe-logs/export1/gms/gf31/gms/set_12_19_10_t_22_43_52/scenario_0001_Sun_Dec_19_22_44_16_PST_2010

Comment by zorro [ 21/Dec/10 ]

from domain.xml /net/asqe-logs/export1/gms/gf31/gms/set_12_19_10_t_22_43_52/scenario_0001_Sun_Dec_19_22_44_16_PST_2010
<availability-service>
<web-container-availability/>
<ejb-container-availability sfsb-store-pool-name="jdbc/hastore"/>
<jms-availability/>
</availability-service>

Comment by Mahesh Kannan [ 21/Dec/10 ]

This is coming from web container during app loading time. Looks like some issue during trying to load sessions from file

Comment by Nazrul [ 21/Dec/10 ]

If we are using in-memory replication, when would file system be used to save the session state?

Comment by Dhiru Pandey [ 22/Dec/10 ]

Shouldn't loading sessions from file be disabled if we are using in-memory replication

Comment by Shing Wai Chan [ 22/Dec/10 ]

It seems that we are not using HA here.
According to the above stack trace, StandardManager.start() is called which will not be the case for HA environment as ReplicationWebEventPersistentManager is used.

Do you deploy the application with --target $

{GF_CLUSTER_NAME}

--availabilityenabled=true ?

Comment by Rajiv Mordani [ 22/Dec/10 ]

HA isn't being used here. Not sure if the app is deployed correctly for HA to be enabled.

Comment by Shing Wai Chan [ 22/Dec/10 ]

User is deploying the application without --availabilityenabled=true.

It was working fine after using the correct deploy command.

Comment by zorro [ 27/Dec/10 ]

The steps for enabling HA were.

Via command line deployed application Nilebookstore.
Via Admin GUI set the availabitiy to true.
GUI DID NOT prompt for restarting the server and checking domain.xml showed that the availability is set to true.

Excepted:

  • Admin GUI should have prompted the user for restarting the server.
Comment by Nazrul [ 27/Dec/10 ]

Do we need to re-start application if --availabilityenabled=true (refer to previous comments)? If deployment and GUI is working as expected, please update the bug with that information.

Comment by Shing Wai Chan [ 27/Dec/10 ]

Admin gui should prompt for restart once availabilityenabled is changed.

Comment by Anissa Lam [ 27/Dec/10 ]

Are you talking about restarting the application or restarting the server ?

For every screen refresh, GUI calls the hidden command _get-restart-required to test if server should be restarted and inform the user.
GUI has no idea if HA is enabled in the system or not.
If server needs to be restarted, then _get-restart-required should be set to true with the reason specified. GUI is not in a position to determine whether to tell user to restart the server. We can only ask the backend this question.

Transferring to 'admin'. If this is related to the deployment code to 'trigger' restart state of the server, then please transfer to 'deployment'.

Comment by kumara [ 28/Dec/10 ]

Requesting Hong for help in closing the issue. It looks like an application's "availability-enabled" attribute is updated through admin console, we need to set the "restart status" to true (though I am not sure why that should happen. Hong: Can you please track it down and determine whether a restart should be required.

Comment by Hong Zhang [ 28/Dec/10 ]

Ok, I will work with the web team to see why the server restart status need to be set for setting the "availability-enabled" attribute.

Zorro: can you please publish the complete steps/application for me to reproduce the problem?

And a couple questions for the steps your described earlier:
1) Via command line deployed application Nilebookstore.
2) Via Admin GUI set the availabitiy to true.
3) GUI DID NOT prompt for restarting the server and checking domain.xml showed that the availability is set to true.

If in 2), you use asadmin CLI set command to set the availability attribute to true, does it make a difference?

If you restart the cluster even if the GUI did not prompt for it, would things work as expected?

I want to find out if there is a different between GUI and CLI on marking the server restart status, and also if restarting the cluster will indeed solve the problem. Thanks for your help.

Comment by Hong Zhang [ 28/Dec/10 ]

After talking to Rajiv, the application/server restart is necessary to reload the application with HA enabled so the necessary HA set up could happen in the container code.
There is currently an application config listener which listens to the application config related events and reload application as needed. I will make changes there to reload the application when the availability-enabled attribute is changed (this will work for both CLI and GUI paths).

Comment by Hong Zhang [ 28/Dec/10 ]

How bad is its impact? (Severity)
Could be hard to debug as user will assume the HA is enabled for the application after setting the attribute.

How often does it happen? Will many users see this problem? (Frequency)
If user deploys the application without HA enabled initially, and later wants to take advantage of the HA by enabling the HA attribute (through CLI or GUI).

How much effort is required to fix it? (Cost)
The fix is available, waiting for QE to provide steps to verify.

What is the risk of fixing it and how will the risk be mitigated? (Risk)
Small. The fix is to register an additional config change with the application config change event listener to trigger the application reloading. Will run the necessary tests before checking in the change.

Comment by Chris Kasso [ 29/Dec/10 ]

Approved for 3.1

Comment by Hong Zhang [ 29/Dec/10 ]

Talked to Shingwai about the set of the steps to reproduce and verify and he could not reproduce this in his environment. He thinks we could only reproduce this in the SQE environment. As the application gets reloaded now with my change after the attribute is set, I have gone ahead and checked in the changes and will let SQE verify in their environment.

Zorro: could you please use tomorrow's nightly (12/30) or later builds to verify the fix. Thanks!





[GLASSFISH-15382] FindBugs error in handler code Created: 29/Dec/10  Updated: 29/Dec/10  Resolved: 29/Dec/10

Status: Resolved
Project: glassfish
Component/s: admin_gui
Affects Version/s: None
Fix Version/s: 3.1_b36

Type: Bug Priority: Major
Reporter: Anissa Lam Assignee: Anissa Lam
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Tags: 3_1-approved

 Description   

FindBugs error:

anilam: admingui/common/src/main/java/org/glassfish/admingui/common/handlers/InstanceHandler.java:145: NP_ALWAYS_NULL: Null pointer dereference of origList in org.glassfish.admingui.common.handlers.InstanceHandler.saveJvmOptionValues(HandlerContext)

anilam: admingui/common/src/main/java/org/glassfish/admingui/common/handlers/UtilHandlers.java:426: NP_NULL_ON_SOME_PATH: Possible null pointer dereference of list2 in org.glassfish.admingui.common.handlers.UtilHandlers.listCombine(HandlerContext)

anilam: admingui/common/src/main/java/org/glassfish/admingui/common/handlers/UtilHandlers.java:424: NP_NULL_ON_SOME_PATH: Possible null pointer dereference of list2 in org.glassfish.admingui.common.handlers.UtilHandlers.listCombine(HandlerContext)



 Comments   
Comment by Anissa Lam [ 29/Dec/10 ]

Looked at the error, the first is a real one. 2nd and 3rd is , trivial fix.
while testing this, i see that for request resulting in FAILURE, the log message that used to be there wasn't there anymore. So i add it back. There is no change in functionality at all.

How bad is its impact? (Severity)
an NPE will occur if the list of JVM option is empty.

How often does it happen? Will many users see this problem? (Frequency)
When JVM option is empty. however, since the out-of-box config always have jvm option defined, it maybe unlikely user sees this.

How much effort is required to fix it? (Cost)
Min. The fix is trivial.

What is the risk of fixing it and how will the risk be mitigated? (Risk)
Small. local change.

svn diff:

~/Awork/V3/v3/admingui 564) svn diff common
Index: common/src/main/java/org/glassfish/admingui/common/handlers/InstanceHandler.java
===================================================================
— common/src/main/java/org/glassfish/admingui/common/handlers/InstanceHandler.java (revision 44118)
+++ common/src/main/java/org/glassfish/admingui/common/handlers/InstanceHandler.java (working copy)
@@ -142,7 +142,7 @@
if (endpoint.contains("profiler"))

{ payload1.put("profiler", "true"); }
  • if (origList != null || origList.size()>0){
    + if ( (origList != null) && origList.size()>0) { prepareJvmOptionPayload(payload1, target, origList); RestUtil.restRequest(endpoint, payload1, "POST", null, false, false); }

    Index: common/src/main/java/org/glassfish/admingui/common/handlers/UtilHandlers.java
    ===================================================================

      • common/src/main/java/org/glassfish/admingui/common/handlers/UtilHandlers.java (revision 44118)
        +++ common/src/main/java/org/glassfish/admingui/common/handlers/UtilHandlers.java (working copy)
        @@ -420,12 +420,11 @@
        if (list == null) { list = new ArrayList(); }
  • if (list2 == null) {
  • handlerCtx.setOutputValue("result", list);
    + if (list2 != null)
    Unknown macro: {+ for(Object one }
  • for(Object one : list2) { - list.add(one); - }

    handlerCtx.setOutputValue("result", list);
    }

Index: common/src/main/java/org/glassfish/admingui/common/util/RestUtil.java
===================================================================
— common/src/main/java/org/glassfish/admingui/common/util/RestUtil.java (revision 44118)
+++ common/src/main/java/org/glassfish/admingui/common/util/RestUtil.java (working copy)
@@ -298,6 +298,10 @@
if (throwException) {
if (handlerCtx != null) {
GuiUtil.handleError(handlerCtx, message);
+ if (!quiet) {
+ GuiUtil.getLogger().severe(GuiUtil.getCommonMessage("LOG_REQUEST_RESULT", new Object[]

{exitCode, endpoint, attrs}));
+ GuiUtil.getLogger().finest("response.getResponseBody(): " + response.getResponseBody());
+ }
return new HashMap();
} else { //If handlerCtx is not passed in, it means the caller (java handler) wants to handle this exception itself. @@ -307,6 +311,7 @@ }
case WARNING: {
GuiUtil.prepareAlert("warning", GuiUtil.getCommonMessage("msg.command.warning"), message);
+ GuiUtil.getLogger().warning(GuiUtil.getCommonMessage("LOG_REQUEST_RESULT", new Object[]{exitCode, endpoint, attrs}

));
return responseMap;
}
case SUCCESS:

{ @@ -315,7 +320,7 @@ }

} catch (Exception ex) {
if (!quiet) {

  • GuiUtil.getLogger().severe(GuiUtil.getCommonMessage("LOG_REQUEST_FAILED", new Object[] {exitCode, endpoint, attrs}));
    + GuiUtil.getLogger().severe(GuiUtil.getCommonMessage("LOG_REQUEST_RESULT", new Object[]{exitCode, endpoint, attrs}

    ));
    GuiUtil.getLogger().finest("response.getResponseBody(): " + response.getResponseBody());
    }
    if (handlerCtx != null) {
    Index: common/src/main/resources/org/glassfish/common/admingui/Strings.properties
    ===================================================================

      • common/src/main/resources/org/glassfish/common/admingui/Strings.properties (revision 44118)
        +++ common/src/main/resources/org/glassfish/common/admingui/Strings.properties (working copy)
        @@ -810,7 +810,7 @@
        LOG_INIT_SESSION=Admin Console: Initializing Session Attributes...
        LOG_MSG_WARNING_NO_ADMIN_LISTENER_PORT=getDeploymentFacility: cannot get admin listener port, default to 4848
        LOG_REST_REQUEST_INFO=restRequest: endpoint= {0}\nattrs={1}\nmethod={2}
        -LOG_REQUEST_FAILED=RestResponse.getResponse() gives {0}

        . endpoint = ''

        {1}''; attrs = ''{2}''
        +LOG_REQUEST_RESULT=RestResponse.getResponse() gives {0}. endpoint = ''{1}

        ''; attrs = ''

        {2}

        ''
        LOG_UPDATE_ENTITY_FAILED=updateEntity failed. parent=''

        {0}''; attrs =''{1}''
        LOG_BUILD_MULTI_VALUE_MAP_ERROR=Unable to add key ("{0}

        ") w/ value ("

        {1}

        ").
        LOG_EXCEPTION_OCCURED=Exception Occurred :

Comment by Jason Lee [ 29/Dec/10 ]

Looks good.

Comment by Anissa Lam [ 29/Dec/10 ]

Project: glassfish
Repository: svn
Revision: 44147
Author: anilam
Date: 2010-12-29 18:30:31 UTC
Link:

Log Message:
------------
GLASSFISH-15382. Fix FindBugs error and add back logging for FAILURE request in parseResponse.
Approver: Anissa
Reviewer: Jason.

Revisions:
----------
44147

Modified Paths:
---------------
trunk/v3/admingui/common/src/main/resources/org/glassfish/common/admingui/Strings.properties
trunk/v3/admingui/common/src/main/java/org/glassfish/admingui/common/handlers/UtilHandlers.java
trunk/v3/admingui/common/src/main/java/org/glassfish/admingui/common/handlers/InstanceHandler.java
trunk/v3/admingui/common/src/main/java/org/glassfish/admingui/common/util/RestUtil.java





[GLASSFISH-15363] [PERF] JServlet: Inmemory logging cleanup Created: 27/Dec/10  Updated: 29/Dec/10  Resolved: 29/Dec/10

Status: Resolved
Project: glassfish
Component/s: failover
Affects Version/s: 3.1_b34
Fix Version/s: 3.1_b36

Type: Bug Priority: Blocker
Reporter: Nazrul Assignee: Mahesh Kannan
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Tags: 3_1-approved

 Description   

Current JServlet run sees the following log messages:

[#|2010-12-27T18:26:50.724-0800|INFO|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=16;_ThreadName=Thread-1;|Calling save with composite metadata|#]

[#|2010-12-27T18:26:50.724-0800|INFO|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=16;_ThreadName=Thread-1;|Calling save with composite metadata|#]

[#|2010-12-27T18:26:50.724-0800|INFO|glassfish3.1|javax.enterprise.system.std.com.sun.enterprise.server.logging|_ThreadID=16;_ThreadName=Thread-1;|Calling save with composite metadata|#]

While we are at it, please review all log messages and clean-up the debug messages.



 Comments   
Comment by Mahesh Kannan [ 28/Dec/10 ]

How bad is its impact? (Severity)
Affects performance numbers due to excessive logging

How often does it happen? Will many users see this problem? (Frequency)
The log messages appear every minute

How much effort is required to fix it? (Cost)
Very small. Diffs attached

What is the risk of fixing it and how will the risk be mitigated? (Risk)
Minimal

svn diff
Index: src/main/java/org/shoal/ha/cache/impl/store/ReplicaStore.java
===================================================================
— src/main/java/org/shoal/ha/cache/impl/store/ReplicaStore.java (revision 1408)
+++ src/main/java/org/shoal/ha/cache/impl/store/ReplicaStore.java (working copy)
@@ -141,7 +141,7 @@
synchronized (entry) {
if (idleEntryDetector.isIdle(entry, now))

{ entry.markAsRemoved("Idle"); - _logger.log(Level.WARNING, "ReplicaStore removing (idle) key: " + entry.getKey()); + _logger.log(Level.FINE, "ReplicaStore removing (idle) key: " + entry.getKey()); iterator.remove(); result++; }

@@ -156,7 +156,7 @@

ctx.getDataStoreMBean().incrementRemoveExpiredEntriesCount(result);
} else

{ - _logger.log(Level.FINE, "ReplicaStore.removeExpired(). Skipping since there is already another thread running"); + _logger.log(Level.FINEST, "ReplicaStore.removeExpired(). Skipping since there is already another thread running"); }

return result;
Index: src/main/java/org/shoal/ha/cache/impl/interceptor/ReplicationCommandTransmitterWithMap.java
===================================================================
— src/main/java/org/shoal/ha/cache/impl/interceptor/ReplicationCommandTransmitterWithMap.java (revision 1408)
+++ src/main/java/org/shoal/ha/cache/impl/interceptor/ReplicationCommandTransmitterWithMap.java (working copy)
@@ -272,9 +272,9 @@
timeStamp = lastTS;
}
} else {

  • if (_statsLogger.isLoggable(Level.FINER)) { - _statsLogger.log(Level.FINER, "flushAndTransmit visited a new Batch"); - }

    +// if (_statsLogger.isLoggable(Level.FINEST))

    { +// _statsLogger.log(Level.FINEST, "flushAndTransmit visited a new Batch"); +// }

    }
    }

Comment by Mahesh Kannan [ 28/Dec/10 ]

svn commit -m "Fix for 15363. Reviewed by Rajiv. Approved by Nazrul, Rajiv"
Sending cache/src/main/java/org/shoal/adapter/store/ReplicatedBackingStoreFactory.java
Sending cache/src/main/java/org/shoal/adapter/store/commands/RemoveExpiredResultCommand.java
Sending cache/src/main/java/org/shoal/ha/cache/api/DataStoreContext.java
Sending cache/src/main/java/org/shoal/ha/cache/impl/interceptor/ReplicationCommandTransmitterManager.java
Sending cache/src/main/java/org/shoal/ha/cache/impl/interceptor/ReplicationCommandTransmitterWithMap.java
Sending cache/src/main/java/org/shoal/ha/cache/impl/store/DataStoreEntryUpdater.java
Sending cache/src/main/java/org/shoal/ha/cache/impl/store/ReplicaStore.java
Sending cache/src/main/java/org/shoal/ha/cache/impl/util/ASyncReplicationManager.java
Sending cache/src/main/java/org/shoal/ha/mapper/DefaultKeyMapper.java
Transmitting file data .........
Committed revision 1409.

Comment by Mahesh Kannan [ 29/Dec/10 ]

Integrated 1.5.25 into GF

svn commit -m "Integrate 1.5.25 into GF. Contains fix for 15363" pom.xml
Sending pom.xml
Transmitting file data .
Committed revision 44139.





Generated at Sun Apr 19 11:16:34 UTC 2015 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.