You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Robert Munteanu (JIRA)" <ji...@apache.org> on 2016/11/19 09:59:58 UTC
[jira] [Created] (SLING-6305) LoginAdminWhitelist configuration is
applied too late
Robert Munteanu created SLING-6305:
--------------------------------------
Summary: LoginAdminWhitelist configuration is applied too late
Key: SLING-6305
URL: https://issues.apache.org/jira/browse/SLING-6305
Project: Sling
Issue Type: Bug
Components: JCR
Affects Versions: JCR Base 2.4.2
Reporter: Robert Munteanu
I've been getting some local failures with the launchpad/testing module, and I noticed that the {{org.apache.sling.junit.scriptable}} bundle was not whitelisted for loginAdministrative:
{noformat}19.11.2016 10:40:54.063 *ERROR* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService)] org.apache.sling.junit.scriptable [org.apache.sling.junit.scriptable.ScriptableTestsProvider(204)] The activate method has thrown an exception (javax.jcr.LoginException: Bundle org.apache.sling.junit.scriptable is NOT whitelisted)
javax.jcr.LoginException: Bundle org.apache.sling.junit.scriptable is NOT whitelisted{noformat}
The configuration was correct, so I added a little debug information in the {{org.apache.sling.jcr.base}} bundle to print the whitelist regexp in the same line as the whitelisted bundles. I noticed then that the component is activated several times, with only the last one actually setting the configuration
{noformat}19.11.2016 10:40:51.630 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService)] org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, org.apache.sling.extensions.webconsolesecurityprovider, org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, org.apache.sling.resourceresolver, org.apache.sling.servlets.post, org.apache.sling.servlets.resolver], whitelistRegexp=null
19.11.2016 10:40:55.150 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl)] org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, org.apache.sling.extensions.webconsolesecurityprovider, org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, org.apache.sling.resourceresolver, org.apache.sling.servlets.post, org.apache.sling.servlets.resolver], whitelistRegexp=null
19.11.2016 10:40:56.200 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.security.user.UserConfigurationImpl)] org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, org.apache.sling.extensions.webconsolesecurityprovider, org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, org.apache.sling.resourceresolver, org.apache.sling.servlets.post, org.apache.sling.servlets.resolver], whitelistRegexp=null
19.11.2016 10:40:57.190 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider)] org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, org.apache.sling.extensions.webconsolesecurityprovider, org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, org.apache.sling.resourceresolver, org.apache.sling.servlets.post, org.apache.sling.servlets.resolver], whitelistRegexp=null
19.11.2016 10:40:57.692 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.sling.jcr.base.internal.LoginAdminWhitelist)] org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, org.apache.sling.extensions.webconsolesecurityprovider, org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, org.apache.sling.resourceresolver, org.apache.sling.servlets.post, org.apache.sling.servlets.resolver], whitelistRegexp=org.apache.sling.(launchpad|junit).*{noformat}
With the error appearing at 10:40:54. and the correct configuration being applied at 10:40:57, it's clear that the configuration should've been applied much earlier.
[~jsedding] - what are your thoughts on this?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)