geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <...@geronimo.apache.org>
Subject [jira] Created: (GERONIMO-1480) Cross context include does not set jacc contextID for 2nd web app. (Tomcat only)
Date Tue, 17 Jan 2006 09:19:42 GMT
Cross context include does not set jacc contextID for 2nd web app. (Tomcat only)
--------------------------------------------------------------------------------

         Key: GERONIMO-1480
         URL: http://issues.apache.org/jira/browse/GERONIMO-1480
     Project: Geronimo
        Type: Bug
  Components: Tomcat  
    Versions: 1.0.1, 1.1    
    Reporter: David Jencks
 Assigned to: Jeff Genender 
    Priority: Blocker
     Fix For: 1.0.1, 1.1


If you do a cross context include from web app A to web app B, the jacc contextID fetched
from PolicyContext when you evaluate isUserInRole in web app B is the contextID for A, not
B.

Presumably the cross context dispatch does not go through the PolicyContextValve for B.  Here's
a thread trace that demonstrates this, with a couple annotations.

http-0.0.0.0-8080-Processor24@43e daemon prio=5, in group "main", status: RUNNING
	  implies():80, GeronimoPolicy.java
	  implies():46, JaasPolicyCoordinator.java
	  implies():189, ProtectionDomain.java
	  checkPermission():254, AccessControlContext.java
	  hasRole():248, TomcatGeronimoRealm.java
	  isUserInRole():2128, Request.java
	  isUserInRole():761, RequestFacade.java
	  isUserInRole():163, HttpServletRequestWrapper.java
	  isUserInRole():163, HttpServletRequestWrapper.java
	  isUserInRole():163, HttpServletRequestWrapper.java
	  isUserInRole():163, HttpServletRequestWrapper.java
	  isUserInRole():265, PortletRequestImpl.java
	  _jspService():46, roles.jsp
	  service():97, HttpJspBase.java
	  service():688, HttpServlet.java
	  service():322, JspServletWrapper.java
	  serviceJspFile():314, JspServlet.java
	  service():264, JspServlet.java
	  service():688, HttpServlet.java
	  internalDoFilter():252, ApplicationFilterChain.java
	  doFilter():173, ApplicationFilterChain.java
	  invoke():672, ApplicationDispatcher.java
	  doInclude():574, ApplicationDispatcher.java
	  include():499, ApplicationDispatcher.java
	  include():72, JetspeedRequestDispatcher.java
	  doView():363, GenericServletPortlet.java
	  doDispatch():250, GenericPortlet.java
	  render():178, GenericPortlet.java
	  render():102, JetspeedPortletInstance.java

THIS IS WEB APP B
	  doGet():230, JetspeedContainerServlet.java
	  service():595, HttpServlet.java
	  service():688, HttpServlet.java
	  internalDoFilter():252, ApplicationFilterChain.java
	  doFilter():173, ApplicationFilterChain.java
	  invoke():672, ApplicationDispatcher.java
	  doInclude():574, ApplicationDispatcher.java
	  include():499, ApplicationDispatcher.java

THIS IS A INCLUDING B
	  invoke():213, ServletPortletInvoker.java
	  render():125, ServletPortletInvoker.java
	  renderPortlet():119, PortletContainerImpl.java
	  renderPortlet():120, JetspeedPortletContainerWrapper.java
	  execute():120, RenderingJobImpl.java
	  renderNow():110, PortletRendererImpl.java
	  aggregateAndRender():199, PageAggregatorImpl.java
	  aggregateAndRender():182, PageAggregatorImpl.java
	  build():106, PageAggregatorImpl.java
	  invoke():48, AggregatorValve.java
	  invokeNext():166, JetspeedPipeline.java
	  invoke():132, ActionValveImpl.java
	  invokeNext():166, JetspeedPipeline.java
	  invoke():76, ContainerValve.java
	  invokeNext():166, JetspeedPipeline.java
	  invoke():100, DecorationValve.java
	  invokeNext():166, JetspeedPipeline.java
	  invoke():179, ProfilerValveImpl.java
	  invokeNext():166, JetspeedPipeline.java
	  invoke():143, LoginValidationValveImpl.java
	  invokeNext():166, JetspeedPipeline.java
	  invoke():148, PasswordCredentialValveImpl.java
	  invokeNext():166, JetspeedPipeline.java
	  invoke():168, LocalizationValveImpl.java
	  invokeNext():166, JetspeedPipeline.java
	  run():117, AbstractSecurityValve.java
	  doPrivileged():-1, AccessController.java
	  doAsPrivileged():437, Subject.java
	  invoke():111, AbstractSecurityValve.java
	  invokeNext():166, JetspeedPipeline.java
	  invoke():55, PortalURLValveImpl.java
	  invokeNext():166, JetspeedPipeline.java
	  invoke():128, CapabilityValveImpl.java
	  invokeNext():166, JetspeedPipeline.java
	  invoke():145, JetspeedPipeline.java
	  service():231, JetspeedEngine.java

THIS IS WEB APP A:
	  doGet():226, JetspeedServlet.java
	  service():595, HttpServlet.java
	  service():688, HttpServlet.java
	  internalDoFilter():252, ApplicationFilterChain.java
	  doFilter():173, ApplicationFilterChain.java
	  invoke():672, ApplicationDispatcher.java
	  processRequest():463, ApplicationDispatcher.java
	  doForward():398, ApplicationDispatcher.java
	  forward():301, ApplicationDispatcher.java
	  doForward():693, PageContextImpl.java
	  forward():660, PageContextImpl.java
	  _jspService():16, index.jsp
	  service():97, HttpJspBase.java
	  service():688, HttpServlet.java
	  service():322, JspServletWrapper.java
	  serviceJspFile():314, JspServlet.java
	  service():264, JspServlet.java
	  service():688, HttpServlet.java
	  internalDoFilter():252, ApplicationFilterChain.java
	  doFilter():173, ApplicationFilterChain.java
	  invoke():213, StandardWrapperValve.java
	  invoke():178, StandardContextValve.java
	  invoke():52, DefaultSubjectValve.java
	  invoke():432, AuthenticatorBase.java
	  invoke():262, GeronimoStandardContext.java
	  invoke():52, PolicyContextValve.java
	  invoke():53, TransactionContextValve.java
	  invoke():47, ComponentContextValve.java
	  invoke():60, InstanceContextValve.java
	  invoke():126, StandardHostValve.java
	  invoke():105, ErrorReportValve.java
	  invoke():107, StandardEngineValve.java
	  invoke():541, AccessLogValve.java
	  service():148, CoyoteAdapter.java
	  process():868, Http11Processor.java
	  processConnection():663, Http11BaseProtocol.java
	  processSocket():527, PoolTcpEndpoint.java
	  runIt():80, LeaderFollowerWorkerThread.java
	  run():684, ThreadPool.java
	  run():552, Thread.java

This demonstrates that cross context dispatch should not be used on geronimo-tomcat until
this and related problems are fixed.  Aside from the wrong security permissions being applied,
the jndi context is wrong.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message