You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Jeff Genender (JIRA)" <de...@geronimo.apache.org> on 2006/02/04 22:22:04 UTC
[jira] Reopened: (GERONIMO-1480) Cross context include does not set
jacc contextID for 2nd web app. (Tomcat only)
[ http://issues.apache.org/jira/browse/GERONIMO-1480?page=all ]
Jeff Genender reopened GERONIMO-1480:
-------------------------------------
Change fix version
> Cross context include does not set jacc contextID for 2nd web app. (Tomcat only)
> --------------------------------------------------------------------------------
>
> Key: GERONIMO-1480
> URL: http://issues.apache.org/jira/browse/GERONIMO-1480
> Project: Geronimo
> Type: Bug
> Components: Tomcat
> Versions: 1.0.1, 1.1
> Reporter: David Jencks
> Assignee: Jeff Genender
> Priority: Blocker
> Fix For: 1.1, 1.0.1
>
> If you do a cross context include from web app A to web app B, the jacc contextID fetched from PolicyContext when you evaluate isUserInRole in web app B is the contextID for A, not B.
> Presumably the cross context dispatch does not go through the PolicyContextValve for B. Here's a thread trace that demonstrates this, with a couple annotations.
> http-0.0.0.0-8080-Processor24@43e daemon prio=5, in group "main", status: RUNNING
> implies():80, GeronimoPolicy.java
> implies():46, JaasPolicyCoordinator.java
> implies():189, ProtectionDomain.java
> checkPermission():254, AccessControlContext.java
> hasRole():248, TomcatGeronimoRealm.java
> isUserInRole():2128, Request.java
> isUserInRole():761, RequestFacade.java
> isUserInRole():163, HttpServletRequestWrapper.java
> isUserInRole():163, HttpServletRequestWrapper.java
> isUserInRole():163, HttpServletRequestWrapper.java
> isUserInRole():163, HttpServletRequestWrapper.java
> isUserInRole():265, PortletRequestImpl.java
> _jspService():46, roles.jsp
> service():97, HttpJspBase.java
> service():688, HttpServlet.java
> service():322, JspServletWrapper.java
> serviceJspFile():314, JspServlet.java
> service():264, JspServlet.java
> service():688, HttpServlet.java
> internalDoFilter():252, ApplicationFilterChain.java
> doFilter():173, ApplicationFilterChain.java
> invoke():672, ApplicationDispatcher.java
> doInclude():574, ApplicationDispatcher.java
> include():499, ApplicationDispatcher.java
> include():72, JetspeedRequestDispatcher.java
> doView():363, GenericServletPortlet.java
> doDispatch():250, GenericPortlet.java
> render():178, GenericPortlet.java
> render():102, JetspeedPortletInstance.java
> THIS IS WEB APP B
> doGet():230, JetspeedContainerServlet.java
> service():595, HttpServlet.java
> service():688, HttpServlet.java
> internalDoFilter():252, ApplicationFilterChain.java
> doFilter():173, ApplicationFilterChain.java
> invoke():672, ApplicationDispatcher.java
> doInclude():574, ApplicationDispatcher.java
> include():499, ApplicationDispatcher.java
> THIS IS A INCLUDING B
> invoke():213, ServletPortletInvoker.java
> render():125, ServletPortletInvoker.java
> renderPortlet():119, PortletContainerImpl.java
> renderPortlet():120, JetspeedPortletContainerWrapper.java
> execute():120, RenderingJobImpl.java
> renderNow():110, PortletRendererImpl.java
> aggregateAndRender():199, PageAggregatorImpl.java
> aggregateAndRender():182, PageAggregatorImpl.java
> build():106, PageAggregatorImpl.java
> invoke():48, AggregatorValve.java
> invokeNext():166, JetspeedPipeline.java
> invoke():132, ActionValveImpl.java
> invokeNext():166, JetspeedPipeline.java
> invoke():76, ContainerValve.java
> invokeNext():166, JetspeedPipeline.java
> invoke():100, DecorationValve.java
> invokeNext():166, JetspeedPipeline.java
> invoke():179, ProfilerValveImpl.java
> invokeNext():166, JetspeedPipeline.java
> invoke():143, LoginValidationValveImpl.java
> invokeNext():166, JetspeedPipeline.java
> invoke():148, PasswordCredentialValveImpl.java
> invokeNext():166, JetspeedPipeline.java
> invoke():168, LocalizationValveImpl.java
> invokeNext():166, JetspeedPipeline.java
> run():117, AbstractSecurityValve.java
> doPrivileged():-1, AccessController.java
> doAsPrivileged():437, Subject.java
> invoke():111, AbstractSecurityValve.java
> invokeNext():166, JetspeedPipeline.java
> invoke():55, PortalURLValveImpl.java
> invokeNext():166, JetspeedPipeline.java
> invoke():128, CapabilityValveImpl.java
> invokeNext():166, JetspeedPipeline.java
> invoke():145, JetspeedPipeline.java
> service():231, JetspeedEngine.java
> THIS IS WEB APP A:
> doGet():226, JetspeedServlet.java
> service():595, HttpServlet.java
> service():688, HttpServlet.java
> internalDoFilter():252, ApplicationFilterChain.java
> doFilter():173, ApplicationFilterChain.java
> invoke():672, ApplicationDispatcher.java
> processRequest():463, ApplicationDispatcher.java
> doForward():398, ApplicationDispatcher.java
> forward():301, ApplicationDispatcher.java
> doForward():693, PageContextImpl.java
> forward():660, PageContextImpl.java
> _jspService():16, index.jsp
> service():97, HttpJspBase.java
> service():688, HttpServlet.java
> service():322, JspServletWrapper.java
> serviceJspFile():314, JspServlet.java
> service():264, JspServlet.java
> service():688, HttpServlet.java
> internalDoFilter():252, ApplicationFilterChain.java
> doFilter():173, ApplicationFilterChain.java
> invoke():213, StandardWrapperValve.java
> invoke():178, StandardContextValve.java
> invoke():52, DefaultSubjectValve.java
> invoke():432, AuthenticatorBase.java
> invoke():262, GeronimoStandardContext.java
> invoke():52, PolicyContextValve.java
> invoke():53, TransactionContextValve.java
> invoke():47, ComponentContextValve.java
> invoke():60, InstanceContextValve.java
> invoke():126, StandardHostValve.java
> invoke():105, ErrorReportValve.java
> invoke():107, StandardEngineValve.java
> invoke():541, AccessLogValve.java
> service():148, CoyoteAdapter.java
> process():868, Http11Processor.java
> processConnection():663, Http11BaseProtocol.java
> processSocket():527, PoolTcpEndpoint.java
> runIt():80, LeaderFollowerWorkerThread.java
> run():684, ThreadPool.java
> run():552, Thread.java
> This demonstrates that cross context dispatch should not be used on geronimo-tomcat until this and related problems are fixed. Aside from the wrong security permissions being applied, the jndi context is wrong.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira