Marina,
Thanks for sending a pointer to the server.log. In a nutshell, there is
something wrong with your build. Read on, it's interesting...
The reason for the linkage error is that security module is able to see
javax.servlet.http.HttpServletRequestc.class loader by two class
loaders. It is a classic case of constraint violation during class
loading as explained below:
com.sun.enterprise.security.web.integration.WebSecurityManager calls
javax.security.jacc.WebUserDataPermission(javax.servlet.http.HttpServletRequest).
This implies that /javax.servlet.http.HttpServletRequest as seen by
com.sun.enterprise.security.web.integration.WebSecurityManager must be
*same* as javax.servlet.http.HttpServletRequest as seen by
javax.security.jacc.WebUserDataPermission/. By same, I mean the class
name must match as well the class loader that defines the class.
There is something going *wrong* with your build. In your installation,
for whatever reason, I see *javax.security.jacc-10.0-SNAPSHOT.jar*
contains javax.servlet.http.HttpServletRequest.class in addition to many
other javax.servlet.http classes. For that reason,
javax.security.jacc-10.0-SNAPSHOT.jar does not import (OSGi
Import-Package) javax.servlet.http package. As a result,
javax.security.jacc module is loading its own version of
javax.servlet.http.HttpServletRequest.class, where as
com.sun.enterprise.security.web.integration.WebSecurityManager is using
the class as loaded by javax.servlet module. Hence the constraint violation.
This does *not* happen for us, because in our environment,
javax.servlet.http classes are part of javax.servlet module only. So, we
have to investigate why your build (and occasionally hudson build)
produces such javax.security.jacc module. I suggest you do the following:
mvn -X -f v3/security/javax.security.jacc/pom.xml clean install >
bld.log 2>&1
If this does not produce, try doing a build from v3 level with -X option
and see if produces such a bad jar. if yes, then send me the bld.log as
well as mvn version you use.
Thanks,
Sahoo
Sahoo wrote:
> Marina,
>
> This is good in some other sense. Kumar (from security team) was
> telling me that he has seen those errors occasionally in hudson QL
> job, but could never reproduce in local enviriment to get to the root
> cause. If you have the environment, please change felix.log.level to 4
> in felix/conf/config.properties, run the test and send the log to
> Kumar and me to take a look. He had sent a mail to this effect to dev@
> a few days back.
>
> Thanks,
> Sahoo
>
> Marina Vatkina wrote:
>> I'm seeing this stack trace in the log. Can it be related?
>>
>> thanks,
>> -marina
>>
>> [#|2008-09-12T17:15:23.796-0700|SEVERE|GlassFish10.0|org.apache.catalina.connector.CoyoteAdapter|_ThreadID=21;_T
>>
>> hreadName=Thread-3;|PWC3989: An exception or error occurred in the
>> container during the request processing
>> java.lang.LinkageError: loader constraints violated when linking
>> javax/servlet/http/HttpServletRequest class
>> at
>> com.sun.enterprise.security.web.integration.WebSecurityManager.hasUserDataPermission(WebSecurityManag
>>
>> er.java:505)
>> at
>> com.sun.web.security.RealmAdapter.hasUserDataPermission(RealmAdapter.java:858)
>>
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:574)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:687)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:657)
>>
>> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:96)
>> at
>> com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:
>>
>> 98)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:719)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:657)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:651)
>>
>> at
>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1030)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:142)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:719)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:657)
>>
>> at
>> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:651)
>>
>> at
>> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1030)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:307)
>>
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:226)
>>
>> at
>> com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:178)
>>
>> at
>> com.sun.grizzly.http.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:621)
>>
>> at
>> com.sun.grizzly.http.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:552)
>>
>> at
>> com.sun.grizzly.http.DefaultProcessorTask.process(DefaultProcessorTask.java:800)
>>
>> at
>> com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:152)
>>
>> at
>> com.sun.enterprise.v3.services.impl.GlassfishProtocolChain.executeProtocolFilter(GlassfishProtocolCha
>>
>> in.java:70)
>> at
>> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:103)
>>
>> at
>> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:89)
>>
>> at
>> com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:67)
>>
>> at
>> com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:56)
>>
>> at
>> com.sun.grizzly.util.WorkerThreadImpl.processTask(WorkerThreadImpl.java:309)
>>
>> at com.sun.grizzly.util.WorkerThreadImpl.run(WorkerThreadImpl.java:168)
>>
>>
>> Marina Vatkina wrote:
>>> I've just checked out and rebuild my ws.
>>>
>>> -marina
>>>
>>> [testng] Connecting to: http://localhost:8080/hellojspsecure/first.html
>>> [testng] ERROR: Anonymous Client access was Allowed,
>>> security-constraint not Enforced correctly
>>> [testng] FAILED: simpleJSPTestPage
>>> [testng] java.lang.AssertionError: Anonymous Client acess was
>>> Allowed, security-constraint not Enforced expected:<true> but
>>> was:<false>
>>> [testng] at
>>> test.security.hellojsp.HelloSecurityTestNG.simpleJSPTestPage(HelloSecurityTestNG.java:91)
>>>
>>> [testng] ... Removed 26 stack frames
>>> [testng] FAILED: simpleServletTest
>>> [testng] java.lang.AssertionError: Anonymous Client acess was
>>> Allowed, security-constraint not Enforced expected:<true> but
>>> was:<false>
>>> [testng] at
>>> test.security.hellojsp.HelloSecurityTestNG.simpleServletTest(HelloSecurityTestNG.java:219)
>>>
>>> [testng] ... Removed 26 stack frames
>>> [testng] FAILED: staticHTMLPageTest
>>> [testng] java.lang.AssertionError: Anonymous Client acess was
>>> Allowed, security-constraint not Enforced expected:<true> but
>>> was:<false>
>>> [testng] at
>>> test.security.hellojsp.HelloSecurityTestNG.staticHTMLPageTest(HelloSecurityTestNG.java:172)
>>>
>>> [testng] ... Removed 26 stack frames
>>>
>>> [testng] ===============================================
>>> [testng] security_hello_jsp
>>> [testng] Tests run: 3, Failures: 3, Skips: 0
>>> [testng] ===============================================
>>>
>>> [testng] BASIC auth: Group mapped user, testuser42
>>> [testng] String not found: RESULT: principal: testuser42
>>> [testng] BASIC auth: Not authorized user, testuser42
>>> [testng] String not found: HTTP/1.1 403
>>> [testng] BASIC auth: Valid user and invalid password
>>> [testng] String not found: HTTP/1.1 401
>>> [testng] BASIC auth: Role Mapped User, testuser3
>>> [testng] String not found: RESULT: principal: testuser3
>>> [testng] FAILED: testAuthGroupMappedUser
>>> [testng] java.lang.AssertionError: BASIC auth: Group mapped user,
>>> testuser42 expected:<false> but was:<true>
>>> [testng] at
>>> test.security.basicauth.BasicAuthTestNG.testAuthGroupMappedUser(BasicAuthTestNG.java:106)
>>>
>>> [testng] ... Removed 25 stack frames
>>> [testng] FAILED: testAuthNotAuthorizedUser
>>> [testng] java.lang.AssertionError: BASIC auth: Not authorized user,
>>> testuser42 expected:<false> but was:<true>
>>> [testng] at
>>> test.security.basicauth.BasicAuthTestNG.testAuthNotAuthorizedUser(BasicAuthTestNG.java:124)
>>>
>>> [testng] ... Removed 25 stack frames
>>> [testng] FAILED: testAuthNotValidPassword
>>> [testng] java.lang.AssertionError: BASIC auth: Valid user and
>>> invalid password expected:<false> but was:<true>
>>> [testng] at
>>> test.security.basicauth.BasicAuthTestNG.testAuthNotValidPassword(BasicAuthTestNG.java:142)
>>>
>>> [testng] ... Removed 25 stack frames
>>> [testng] FAILED: testAuthRoleMappedUser
>>> [testng] java.lang.AssertionError: BASIC auth: Role Mapped User,
>>> testuser3 expected:<false> but was:<true>
>>> [testng] at
>>> test.security.basicauth.BasicAuthTestNG.testAuthRoleMappedUser(BasicAuthTestNG.java:88)
>>>
>>> [testng] ... Removed 25 stack frames
>>>
>>> [testng] ===============================================
>>> [testng] security_hello_basicauth
>>> [testng] Tests run: 4, Failures: 4, Skips: 0
>>> [testng] ===============================================
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>