geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jian Liao (JIRA)" <...@geronimo.apache.org>
Subject [jira] Commented: (GERONIMO-1480) Cross context include does not set jacc contextID for 2nd web app. (Tomcat only)
Date Thu, 09 Feb 2006 09:24:57 GMT
    [ http://issues.apache.org/jira/browse/GERONIMO-1480?page=comments#action_12365703 ] 

Jian Liao commented on GERONIMO-1480:
-------------------------------------

Your new patch is like what I am done on my testing env, but I use "mb.setString(webContext.getPath()
+ dispatchPath);". because mapper initialize its internal context with the value return by
webContext.getPath() in org.apache.catalina.core.StandardContext, line 4110 (Tomcat 5.5.12).
But they are exactly the same cause getPath() will delegate to getName() :-).

Now both policy context and jndi context work well !!!

Thanks, jeff.

- Jian Liao

> Cross context include does not set jacc contextID for 2nd web app. (Tomcat only)
> --------------------------------------------------------------------------------
>
>          Key: GERONIMO-1480
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1480
>      Project: Geronimo
>         Type: Bug
>   Components: Tomcat
>     Versions: 1.0.1, 1.1
>     Reporter: David Jencks
>     Assignee: Jeff Genender
>     Priority: Blocker
>      Fix For: 1.1, 1.0.1

>
> If you do a cross context include from web app A to web app B, the jacc contextID fetched
from PolicyContext when you evaluate isUserInRole in web app B is the contextID for A, not
B.
> Presumably the cross context dispatch does not go through the PolicyContextValve for
B.  Here's a thread trace that demonstrates this, with a couple annotations.
> http-0.0.0.0-8080-Processor24@43e daemon prio=5, in group "main", status: RUNNING
> 	  implies():80, GeronimoPolicy.java
> 	  implies():46, JaasPolicyCoordinator.java
> 	  implies():189, ProtectionDomain.java
> 	  checkPermission():254, AccessControlContext.java
> 	  hasRole():248, TomcatGeronimoRealm.java
> 	  isUserInRole():2128, Request.java
> 	  isUserInRole():761, RequestFacade.java
> 	  isUserInRole():163, HttpServletRequestWrapper.java
> 	  isUserInRole():163, HttpServletRequestWrapper.java
> 	  isUserInRole():163, HttpServletRequestWrapper.java
> 	  isUserInRole():163, HttpServletRequestWrapper.java
> 	  isUserInRole():265, PortletRequestImpl.java
> 	  _jspService():46, roles.jsp
> 	  service():97, HttpJspBase.java
> 	  service():688, HttpServlet.java
> 	  service():322, JspServletWrapper.java
> 	  serviceJspFile():314, JspServlet.java
> 	  service():264, JspServlet.java
> 	  service():688, HttpServlet.java
> 	  internalDoFilter():252, ApplicationFilterChain.java
> 	  doFilter():173, ApplicationFilterChain.java
> 	  invoke():672, ApplicationDispatcher.java
> 	  doInclude():574, ApplicationDispatcher.java
> 	  include():499, ApplicationDispatcher.java
> 	  include():72, JetspeedRequestDispatcher.java
> 	  doView():363, GenericServletPortlet.java
> 	  doDispatch():250, GenericPortlet.java
> 	  render():178, GenericPortlet.java
> 	  render():102, JetspeedPortletInstance.java
> THIS IS WEB APP B
> 	  doGet():230, JetspeedContainerServlet.java
> 	  service():595, HttpServlet.java
> 	  service():688, HttpServlet.java
> 	  internalDoFilter():252, ApplicationFilterChain.java
> 	  doFilter():173, ApplicationFilterChain.java
> 	  invoke():672, ApplicationDispatcher.java
> 	  doInclude():574, ApplicationDispatcher.java
> 	  include():499, ApplicationDispatcher.java
> THIS IS A INCLUDING B
> 	  invoke():213, ServletPortletInvoker.java
> 	  render():125, ServletPortletInvoker.java
> 	  renderPortlet():119, PortletContainerImpl.java
> 	  renderPortlet():120, JetspeedPortletContainerWrapper.java
> 	  execute():120, RenderingJobImpl.java
> 	  renderNow():110, PortletRendererImpl.java
> 	  aggregateAndRender():199, PageAggregatorImpl.java
> 	  aggregateAndRender():182, PageAggregatorImpl.java
> 	  build():106, PageAggregatorImpl.java
> 	  invoke():48, AggregatorValve.java
> 	  invokeNext():166, JetspeedPipeline.java
> 	  invoke():132, ActionValveImpl.java
> 	  invokeNext():166, JetspeedPipeline.java
> 	  invoke():76, ContainerValve.java
> 	  invokeNext():166, JetspeedPipeline.java
> 	  invoke():100, DecorationValve.java
> 	  invokeNext():166, JetspeedPipeline.java
> 	  invoke():179, ProfilerValveImpl.java
> 	  invokeNext():166, JetspeedPipeline.java
> 	  invoke():143, LoginValidationValveImpl.java
> 	  invokeNext():166, JetspeedPipeline.java
> 	  invoke():148, PasswordCredentialValveImpl.java
> 	  invokeNext():166, JetspeedPipeline.java
> 	  invoke():168, LocalizationValveImpl.java
> 	  invokeNext():166, JetspeedPipeline.java
> 	  run():117, AbstractSecurityValve.java
> 	  doPrivileged():-1, AccessController.java
> 	  doAsPrivileged():437, Subject.java
> 	  invoke():111, AbstractSecurityValve.java
> 	  invokeNext():166, JetspeedPipeline.java
> 	  invoke():55, PortalURLValveImpl.java
> 	  invokeNext():166, JetspeedPipeline.java
> 	  invoke():128, CapabilityValveImpl.java
> 	  invokeNext():166, JetspeedPipeline.java
> 	  invoke():145, JetspeedPipeline.java
> 	  service():231, JetspeedEngine.java
> THIS IS WEB APP A:
> 	  doGet():226, JetspeedServlet.java
> 	  service():595, HttpServlet.java
> 	  service():688, HttpServlet.java
> 	  internalDoFilter():252, ApplicationFilterChain.java
> 	  doFilter():173, ApplicationFilterChain.java
> 	  invoke():672, ApplicationDispatcher.java
> 	  processRequest():463, ApplicationDispatcher.java
> 	  doForward():398, ApplicationDispatcher.java
> 	  forward():301, ApplicationDispatcher.java
> 	  doForward():693, PageContextImpl.java
> 	  forward():660, PageContextImpl.java
> 	  _jspService():16, index.jsp
> 	  service():97, HttpJspBase.java
> 	  service():688, HttpServlet.java
> 	  service():322, JspServletWrapper.java
> 	  serviceJspFile():314, JspServlet.java
> 	  service():264, JspServlet.java
> 	  service():688, HttpServlet.java
> 	  internalDoFilter():252, ApplicationFilterChain.java
> 	  doFilter():173, ApplicationFilterChain.java
> 	  invoke():213, StandardWrapperValve.java
> 	  invoke():178, StandardContextValve.java
> 	  invoke():52, DefaultSubjectValve.java
> 	  invoke():432, AuthenticatorBase.java
> 	  invoke():262, GeronimoStandardContext.java
> 	  invoke():52, PolicyContextValve.java
> 	  invoke():53, TransactionContextValve.java
> 	  invoke():47, ComponentContextValve.java
> 	  invoke():60, InstanceContextValve.java
> 	  invoke():126, StandardHostValve.java
> 	  invoke():105, ErrorReportValve.java
> 	  invoke():107, StandardEngineValve.java
> 	  invoke():541, AccessLogValve.java
> 	  service():148, CoyoteAdapter.java
> 	  process():868, Http11Processor.java
> 	  processConnection():663, Http11BaseProtocol.java
> 	  processSocket():527, PoolTcpEndpoint.java
> 	  runIt():80, LeaderFollowerWorkerThread.java
> 	  run():684, ThreadPool.java
> 	  run():552, Thread.java
> This demonstrates that cross context dispatch should not be used on geronimo-tomcat until
this and related problems are fixed.  Aside from the wrong security permissions being applied,
the jndi context is wrong.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message