users@glassfish.java.net

Re: SEVERE: Linked policy contexts have different roleToSubjectMaps

From: Kumar.Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Tue, 05 Oct 2010 12:37:39 +0530

  Will look into it and get back. Have you filed an issue with the EAR
attached and steps to reproduce ?.

regards,
kumar
On 05/10/10 12:06 AM, glassfish_at_javadesktop.org wrote:
> Hello * and especially hello Kumar,
>
> thanks a lot for your reply and sorry that I didn't react earlier. Since we didn't need EJB-JARs, I stopped dealing with this problem. However, we now came to the point that we definitely need separate EJB-JARs and deployment inside an EAR (no OSGi, unfortunately).
>
> I therefore created a little evaluation-EAR in order to find out the correct deployment descriptors. But even after trying for quite a few hours to get my EAR deployed, I'm still stuck with this exception:
>
> [code]
> SEVERE: Exception while loading the app
> org.glassfish.deployment.common.DeploymentException:
> Error in linking security policy for com.hmg.test -- Inconsistent Module State
> at com.sun.enterprise.security.SecurityUtil.linkPolicyFile(SecurityUtil.java:329)
> at com.sun.enterprise.security.SecurityDeployer.linkPolicies(SecurityDeployer.java:275)
> at com.sun.enterprise.security.SecurityDeployer.access$100(SecurityDeployer.java:77)
> at com.sun.enterprise.security.SecurityDeployer$AppDeployEventListener.event(SecurityDeployer.java:110)
> at org.glassfish.kernel.event.EventsImpl.send(EventsImpl.java:125)
> at org.glassfish.internal.data.ApplicationInfo.load(ApplicationInfo.java:224)
> at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:338)
> at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:183)
> at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:272)
> at com.sun.enterprise.v3.admin.CommandRunnerImpl$1.execute(CommandRunnerImpl.java:310)
> at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:320)
> at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1176)
> at com.sun.enterprise.v3.admin.CommandRunnerImpl.access$900(CommandRunnerImpl.java:83)
> at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1235)
> at org.glassfish.deployment.autodeploy.AutoOperation.run(AutoOperation.java:141)
> at org.glassfish.deployment.autodeploy.AutoDeployer.deploy(AutoDeployer.java:573)
> at org.glassfish.deployment.autodeploy.AutoDeployer.deployAll(AutoDeployer.java:459)
> at org.glassfish.deployment.autodeploy.AutoDeployer.run(AutoDeployer.java:391)
> at org.glassfish.deployment.autodeploy.AutoDeployer.run(AutoDeployer.java:376)
> at org.glassfish.deployment.autodeploy.AutoDeployService$1.run(AutoDeployService.java:195)
> at java.util.TimerThread.mainLoop(Timer.java:512)
> at java.util.TimerThread.run(Timer.java:462)
> [/code]
>
> From your previous answers, I understood that I must declare role-to-group-mappings for my EAR as well as all the EJB-JARs and all the WARs. I therefore looked up some information [url=http://blogs.sun.com/bobby/entry/simplified_security_role_mapping]here[/url], [url=http://java.sun.com/developer/technicalArticles/J2EE/security_annotation/]here[/url], [url=http://download.oracle.com/javaee/5/tutorial/doc/bncav.html]here[/url], [url=http://download.oracle.com/javaee/5/tutorial/doc/bnbxj.html]here[/url] and many other places and added the following sun-*.xml deployment descriptors to my projects:
>
> [b][u]sun-ejb-jar.xml[/u][/b]
> [code]
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD
> Application Server 9.0 EJB 3.0//EN'
> 'http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd'>
> <sun-ejb-jar>
> <security-role-mapping>
> <role-name>_Guest_</role-name>
> <group-name>_Guest_</group-name>
> </security-role-mapping>
> <security-role-mapping>
> <role-name>com.hmg.test.role001</role-name>
> <group-name>com.hmg.test.role001</group-name>
> </security-role-mapping>
> <enterprise-beans>
> <ejb>
> <ejb-name>MyService</ejb-name>
> <ior-security-config>
> <as-context>
> <auth-method>BASIC</auth-method>
> <realm>HaufeLexwareRealm</realm>
> <required>true</required>
> </as-context>
> </ior-security-config>
> </ejb>
> </enterprise-beans>
> </sun-ejb-jar>
> [/code]
>
> [b][u]sun-web.xml[/u][/b]
> [code]
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD
> Application Server 9.0 Servlet 2.5//EN'
> 'http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd'>
> <sun-web-app>
> <security-role-mapping>
> <role-name>_Guest_</role-name>
> <group-name>_Guest_</group-name>
> </security-role-mapping>
> <security-role-mapping>
> <role-name>com.hmg.test.role001</role-name>
> <group-name>com.hmg.test.role001</group-name>
> </security-role-mapping>
> </sun-web-app>
> [/code]
>
> [b][u]sun-application.xml[/u][/b]
> [code]
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE sun-application PUBLIC '-//Sun Microsystems, Inc.//DTD
> Application Server 9.0 Java EE Application 5.0//EN'
> 'http://www.sun.com/software/appserver/dtds/sun-application_5_0-0.dtd'>
> <sun-application>
> <unique-id>62489742739338240</unique-id>
> <security-role-mapping>
> <role-name>_Guest_</role-name>
> <group-name>_Guest_</group-name>
> </security-role-mapping>
> <security-role-mapping>
> <role-name>com.hmg.test.role001</role-name>
> <group-name>com.hmg.test.role001</group-name>
> </security-role-mapping>
> <realm>HaufeLexwareRealm</realm>
> </sun-application>
> [/code]
>
> As you can see, I added the very same "security-role-mapping" elements to all three sun-*.xml deployment descriptors - but no success.
>
> What is still missing here? What's wrong?
>
> Here's the complete project (with all sources and the packaged EAR): http://www.nightlabs.de/~marco/glassfish/2010-10-04.00/test.tar.gz
>
> Btw. I just got a different error message (additionally, i.e. before the one quoted above) when I renamed the EAR and deployed it again:
>
> [code]
> SEVERE: ContainerBase.addChild: start:
> org.apache.catalina.LifecycleException:
> org.glassfish.deployment.common.DeploymentException:
> Error in generating security policy for com.hmg.test.web
> -- javax.security.jacc.PolicyContextException: java.lang.RuntimeException:
> Linked policy contexts have different roleToSubjectMaps
> (com.hmg.test.ear-1.0.0-SNAPSHOT/com_hmg_test_web_war)<->
> (com.hmg.test.ear-1.0.0-SNAPSHOT/com_hmg_test_web_war_internal)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:5289)
> at com.sun.enterprise.web.WebModule.start(WebModule.java:499)
> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:928)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:912)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:694)
> at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1947)
> at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1619)
> at com.sun.enterprise.web.WebApplication.start(WebApplication.java:90)
> at org.glassfish.internal.data.EngineRef.start(EngineRef.java:126)
> at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:241)
> at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:236)
> at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:339)
> at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:183)
> at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:272)
> at com.sun.enterprise.v3.admin.CommandRunnerImpl$1.execute(CommandRunnerImpl.java:310)
> at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:320)
> at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1176)
> at com.sun.enterprise.v3.admin.CommandRunnerImpl.access$900(CommandRunnerImpl.java:83)
> at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1235)
> at org.glassfish.deployment.autodeploy.AutoOperation.run(AutoOperation.java:141)
> at org.glassfish.deployment.autodeploy.AutoDeployer.deploy(AutoDeployer.java:573)
> at org.glassfish.deployment.autodeploy.AutoDeployer.deployAll(AutoDeployer.java:459)
> at org.glassfish.deployment.autodeploy.AutoDeployer.run(AutoDeployer.java:391)
> at org.glassfish.deployment.autodeploy.AutoDeployer.run(AutoDeployer.java:376)
> at org.glassfish.deployment.autodeploy.AutoDeployService$1.run(AutoDeployService.java:195)
> at java.util.TimerThread.mainLoop(Timer.java:512)
> at java.util.TimerThread.run(Timer.java:462)
> Caused by: org.glassfish.deployment.common.DeploymentException:
> Error in generating security policy for com.hmg.test.web
> -- javax.security.jacc.PolicyContextException: java.lang.RuntimeException:
> Linked policy contexts have different roleToSubjectMaps
> (com.hmg.test.ear-1.0.0-SNAPSHOT/com_hmg_test_web_war)<->
> (com.hmg.test.ear-1.0.0-SNAPSHOT/com_hmg_test_web_war_internal)
> at com.sun.enterprise.security.SecurityUtil.generatePolicyFile(SecurityUtil.java:243)
> at com.sun.enterprise.security.SecurityDeployer.commitPolicy(SecurityDeployer.java:217)
> at com.sun.enterprise.security.SecurityDeployer.access$400(SecurityDeployer.java:77)
> at com.sun.enterprise.security.SecurityDeployer$AppDeployEventListener.event(SecurityDeployer.java:121)
> at org.glassfish.kernel.event.EventsImpl.send(EventsImpl.java:125)
> at com.sun.enterprise.web.WebContainer.afterServletContextInitializedEvent(WebContainer.java:618)
> at com.sun.enterprise.web.WebModule.contextListenerStart(WebModule.java:543)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:5266)
> ... 26 more
> [/code]
> If I redeploy it again with the same name, this exception doesn't happen anymore (only the one quoted at the beginning). It seems, there is some initialisation happening only once (and not every time the EAR is undeployed and newly deployed). Maybe this is somehow related to [url=http://forums.java.net/jive/thread.jspa?messageID=478257]this forum post[/url].
>
> I'd greatly appreciate, if you could help me with this issue!
>
> Best regards, Marco :-)
> [Message sent by forum member 'nlmarco']
>
> http://forums.java.net/jive/thread.jspa?messageID=484329
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>