You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/07/13 13:28:20 UTC
[jira] [Commented] (BROOKLYN-316) jetty loginService used in karaf:
can cause ConstraintSecurityHandler's to fail
[ https://issues.apache.org/jira/browse/BROOKLYN-316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15374977#comment-15374977 ]
ASF GitHub Bot commented on BROOKLYN-316:
-----------------------------------------
GitHub user aledsage opened a pull request:
https://github.com/apache/brooklyn-server/pull/255
BROOKLYN-316: fix use of karaf jetty LoginService
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/aledsage/brooklyn-server fix/ui-in-karaf
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/brooklyn-server/pull/255.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #255
----
commit 23e08c87cafef82a8260587df782fe957a6552e1
Author: Aled Sage <al...@gmail.com>
Date: 2016-07-13T13:27:14Z
BROOKLYN-316: fix use of karaf jetty LoginService
----
> jetty loginService used in karaf: can cause ConstraintSecurityHandler's to fail
> -------------------------------------------------------------------------------
>
> Key: BROOKLYN-316
> URL: https://issues.apache.org/jira/browse/BROOKLYN-316
> Project: Brooklyn
> Issue Type: Bug
> Reporter: Aled Sage
>
> In a downstream project of Brooklyn, trying to use karaf with Brooklyn master, some UI modules failed to load. Whether it fails, and which modules fail, is non-deterministic.
> ---
> On doing a {{bundle:refresh}} for the ui module, it started up correctly.
> Below is the exception from the logs. The second is probably the most relevant:
> {noformat}
> 07:54:26,624 WARN 224 component.AbstractLifeCycle [pool-99-thread-3] FAILED HttpServiceContext{httpContext=WebAppHttpContext{amp-ui-blueprint-composer - 13}}: java.lang.IllegalStateException: LoginService has different IdentityService to org.eclipse.jetty.security.ConstraintSecurityHandler@315dd009
> java.lang.IllegalStateException: LoginService has different IdentityService to org.eclipse.jetty.security.ConstraintSecurityHandler@315dd009
> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:376)[220:org.eclipse.jetty.security:9.2.14.v20151106]
> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:449)[220:org.eclipse.jetty.security:9.2.14.v20151106]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)[224:org.eclipse.jetty.util:9.2.14.v20151106]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)[224:org.eclipse.jetty.util:9.2.14.v20151106]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)[224:org.eclipse.jetty.util:9.2.14.v20151106]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)[221:org.eclipse.jetty.server:9.2.14.v20151106]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)[221:org.eclipse.jetty.server:9.2.14.v20151106]
> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:116)[221:org.eclipse.jetty.server:9.2.14.v20151106]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)[224:org.eclipse.jetty.util:9.2.14.v20151106]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)[224:org.eclipse.jetty.util:9.2.14.v20151106]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)[224:org.eclipse.jetty.util:9.2.14.v20151106]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)[221:org.eclipse.jetty.server:9.2.14.v20151106]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)[221:org.eclipse.jetty.server:9.2.14.v20151106]
> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:784)[221:org.eclipse.jetty.server:9.2.14.v20151106]
> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:294)[222:org.eclipse.jetty.servlet:9.2.14.v20151106]
> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:741)[221:org.eclipse.jetty.server:9.2.14.v20151106]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:245)[244:org.ops4j.pax.web.pax-web-jetty:4.2.4]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)[224:org.eclipse.jetty.util:9.2.14.v20151106]
> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:259)[244:org.ops4j.pax.web.pax-web-jetty:4.2.4]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1047)[246:org.ops4j.pax.web.pax-web-runtime:4.2.4]
> at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:413)[246:org.ops4j.pax.web.pax-web-runtime:4.2.4]
> at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:380)[242:org.ops4j.pax.web.pax-web-extender-war:4.2.4]
> at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:692)[242:org.ops4j.pax.web.pax-web-extender-war:4.2.4]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:237)[242:org.ops4j.pax.web.pax-web-extender-war:4.2.4]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:182)[242:org.ops4j.pax.web.pax-web-extender-war:4.2.4]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:135)[242:org.ops4j.pax.web.pax-web-extender-war:4.2.4]
> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941)[org.osgi.core-6.0.0.jar:]
> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870)[org.osgi.core-6.0.0.jar:]
> at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)[org.osgi.core-6.0.0.jar:]
> at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183)[org.osgi.core-6.0.0.jar:]
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318)[org.osgi.core-6.0.0.jar:]
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261)[org.osgi.core-6.0.0.jar:]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:101)[242:org.ops4j.pax.web.pax-web-extender-war:4.2.4]
> at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:219)[242:org.ops4j.pax.web.pax-web-extender-war:4.2.4]
> at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:179)[242:org.ops4j.pax.web.pax-web-extender-war:4.2.4]
> at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59)[242:org.ops4j.pax.web.pax-web-extender-war:4.2.4]
> at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender$1.run(AbstractExtender.java:280)[242:org.ops4j.pax.web.pax-web-extender-war:4.2.4]
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)[:1.7.0_71]
> at java.util.concurrent.FutureTask.run(FutureTask.java:262)[:1.7.0_71]
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)[:1.7.0_71]
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)[:1.7.0_71]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)[:1.7.0_71]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)[:1.7.0_71]
> at java.lang.Thread.run(Thread.java:745)[:1.7.0_71]
> {noformat}
> Running this in the debugger, I see there is a race: multiple threads are doing {{ConstraintSecurityHandler.doStart()}}. There is one thread per UI bundle.
> These threads all share the same {{LoginService}} (which is defined in Brooklyn's {{karaf/jetty-config/src/main/resources/jetty.xml}}. However, that LoginService does not have an IdentityService.
> Each thread executing doStart() will see that there is no IdentityService, will instantiate one, and will set it on the shared LoginService.
> The subsequent check that {{securityService.getLoginService() == _loginService}} then fails for some threads, depending on the interleaving.
> The doStart() does the following to get the identityService:
> * is there an identityService already set on the loginService (if so, use it)
> * is there a bean for an identityService that it can use
> * instantiate a new {{org.eclipse.jetty.security.DefaultIdentityService}}, and use that.
> The stacktraces below show the execution state of two threads. One or both is about to fail (depending on subsequent interleaving, which I was controlling through an attached debugger):
> A solution would therefore be for Brooklyn to create the loginService bean with an existing IdentityService instance.
> {noformat}
> Thread [pool-99-thread-2] (Suspended)
> owns: Object (id=981)
> owns: Object (id=982)
> owns: Object (id=983)
> owns: WebObserver$1 (id=984)
> ConstraintSecurityHandler(SecurityHandler).doStart() line: 351
> ConstraintSecurityHandler.doStart() line: 449
> ConstraintSecurityHandler(AbstractLifeCycle).start() line: 68
> SessionHandler(ContainerLifeCycle).start(LifeCycle) line: 132
> SessionHandler(ContainerLifeCycle).doStart() line: 114
> SessionHandler(AbstractHandler).doStart() line: 61
> SessionHandler(ScopedHandler).doStart() line: 120
> SessionHandler.doStart() line: 116
> SessionHandler(AbstractLifeCycle).start() line: 68
> HttpServiceContext(ContainerLifeCycle).start(LifeCycle) line: 132
> HttpServiceContext(ContainerLifeCycle).doStart() line: 114
> HttpServiceContext(AbstractHandler).doStart() line: 61
> HttpServiceContext(ScopedHandler).doStart() line: 120
> HttpServiceContext(ContextHandler).startContext() line: 784
> HttpServiceContext(ServletContextHandler).startContext() line: 294
> HttpServiceContext(ContextHandler).doStart() line: 741
> HttpServiceContext.doStart() line: 245
> HttpServiceContext(AbstractLifeCycle).start() line: 68
> JettyServerImpl$1.start() line: 259
> HttpServiceStarted.end(HttpContext) line: 1047
> HttpServiceProxy.end(HttpContext) line: 413
> RegisterWebAppVisitorWC.end() line: 380
> WebApp.accept(WebAppVisitor) line: 692
> WebAppPublisher$WebAppDependencyListener.register(WebAppDependencyHolder, HttpService) line: 237
> WebAppPublisher$WebAppDependencyListener.addingService(ServiceReference<WebAppDependencyHolder>) line: 182
> WebAppPublisher$WebAppDependencyListener.addingService(ServiceReference) line: 135
> ServiceTracker$Tracked.customizerAdding(ServiceReference<S>, ServiceEvent) line: 941
> ServiceTracker$Tracked.customizerAdding(Object, Object) line: 870
> ServiceTracker$Tracked(AbstractTracked<S,T,R>).trackAdding(S, R) line: 256
> ServiceTracker$Tracked(AbstractTracked<S,T,R>).trackInitial() line: 183
> ServiceTracker<S,T>.open(boolean) line: 318
> ServiceTracker<S,T>.open() line: 261
> WebAppPublisher.publish(WebApp) line: 101
> WebObserver.deploy(WebApp) line: 219
> WebObserver$1.doStart() line: 179
> WebObserver$1(SimpleExtension).start() line: 59
> AbstractExtender$1.run() line: 280
> Executors$RunnableAdapter<T>.call() line: 471
> ScheduledThreadPoolExecutor$ScheduledFutureTask<V>(FutureTask<V>).run() line: 262
> ScheduledThreadPoolExecutor$ScheduledFutureTask<V>.access$201(ScheduledThreadPoolExecutor$ScheduledFutureTask) line: 178
> ScheduledThreadPoolExecutor$ScheduledFutureTask<V>.run() line: 292
> ScheduledThreadPoolExecutor(ThreadPoolExecutor).runWorker(ThreadPoolExecutor$Worker) line: 1145
> ThreadPoolExecutor$Worker.run() line: 615
> Thread.run() line: 745
> Thread [pool-99-thread-1] (Suspended (breakpoint at line 374 in SecurityHandler))
> owns: Object (id=985)
> owns: Object (id=986)
> owns: Object (id=987)
> owns: WebObserver$1 (id=988)
> ConstraintSecurityHandler(SecurityHandler).doStart() line: 374
> ConstraintSecurityHandler.doStart() line: 449
> ConstraintSecurityHandler(AbstractLifeCycle).start() line: 68
> SessionHandler(ContainerLifeCycle).start(LifeCycle) line: 132
> SessionHandler(ContainerLifeCycle).doStart() line: 114
> SessionHandler(AbstractHandler).doStart() line: 61
> SessionHandler(ScopedHandler).doStart() line: 120
> SessionHandler.doStart() line: 116
> SessionHandler(AbstractLifeCycle).start() line: 68
> HttpServiceContext(ContainerLifeCycle).start(LifeCycle) line: 132
> HttpServiceContext(ContainerLifeCycle).doStart() line: 114
> HttpServiceContext(AbstractHandler).doStart() line: 61
> HttpServiceContext(ScopedHandler).doStart() line: 120
> HttpServiceContext(ContextHandler).startContext() line: 784
> HttpServiceContext(ServletContextHandler).startContext() line: 294
> HttpServiceContext(ContextHandler).doStart() line: 741
> HttpServiceContext.doStart() line: 245
> HttpServiceContext(AbstractLifeCycle).start() line: 68
> JettyServerImpl$1.start() line: 259
> HttpServiceStarted.end(HttpContext) line: 1047
> HttpServiceProxy.end(HttpContext) line: 413
> RegisterWebAppVisitorWC.end() line: 380
> WebApp.accept(WebAppVisitor) line: 692
> WebAppPublisher$WebAppDependencyListener.register(WebAppDependencyHolder, HttpService) line: 237
> WebAppPublisher$WebAppDependencyListener.addingService(ServiceReference<WebAppDependencyHolder>) line: 182
> WebAppPublisher$WebAppDependencyListener.addingService(ServiceReference) line: 135
> ServiceTracker$Tracked.customizerAdding(ServiceReference<S>, ServiceEvent) line: 941
> ServiceTracker$Tracked.customizerAdding(Object, Object) line: 870
> ServiceTracker$Tracked(AbstractTracked<S,T,R>).trackAdding(S, R) line: 256
> ServiceTracker$Tracked(AbstractTracked<S,T,R>).trackInitial() line: 183
> ServiceTracker<S,T>.open(boolean) line: 318
> ServiceTracker<S,T>.open() line: 261
> WebAppPublisher.publish(WebApp) line: 101
> WebObserver.deploy(WebApp) line: 219
> WebObserver$1.doStart() line: 179
> WebObserver$1(SimpleExtension).start() line: 59
> AbstractExtender$1.run() line: 280
> Executors$RunnableAdapter<T>.call() line: 471
> ScheduledThreadPoolExecutor$ScheduledFutureTask<V>(FutureTask<V>).run() line: 262
> ScheduledThreadPoolExecutor$ScheduledFutureTask<V>.access$201(ScheduledThreadPoolExecutor$ScheduledFutureTask) line: 178
> ScheduledThreadPoolExecutor$ScheduledFutureTask<V>.run() line: 292
> ScheduledThreadPoolExecutor(ThreadPoolExecutor).runWorker(ThreadPoolExecutor$Worker) line: 1145
> ThreadPoolExecutor$Worker.run() line: 615
> Thread.run() line: 745
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)