| Summary: | Gadget web: HTTP Status 403 when logging in as user without overlorduser role | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [JBoss] JBoss Fuse Service Works 6 | Reporter: | Andrej Vano <avano> | ||||
| Component: | RT Governance | Assignee: | kconner | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Andrej Vano <avano> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 6.0.0 GA | CC: | atangrin, avano, kconner, ldimaggi, soa-p-jira | ||||
| Target Milestone: | ER7 | ||||||
| Target Release: | 6.0.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | Type: | Bug | |||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
|
Description
Andrej Vano
2013-10-07 11:43:42 UTC
Interestingly, I tried this on FSW6 ER4 and in the community edition of s-ramp (running on EAP 6.1) and in both cases I get an empty white page in the browser, with the following picketlink error on the console: JBWEB001018: An exception or error occurred in the container during the request processing: java.lang.RuntimeException: PLFED000092: Null Value: Destination is null Along with a stack trace triggered by: at org.picketlink.identity.federation.web.util.PostBindingUtil.sendPost (PostBindingUtil.java:101) Andrej - can you confirm that you get a standard 403 web page (screen shot it for me?) and confirm the version of picketlink in your EAP? Update: if I update EAP 6.1's picketlink from 2.1.6.Final to 2.1.8.Final then the stack trace goes away and I get the expected default jboss 403 error page. Anil pointed me to this: https://issues.jboss.org/browse/PLINK2-82 It may or may not be helpful. I will fix this issue by creating appropriate 403 handlers in the Overlord web applications, but picketlink will need to be patched for those pages to get hit. I added reasonable 403 error pages to all of the Overlord web apps (gadget server, dtgov, s-ramp). It won't refresh the login screen, but will rather show a static 403 page with a link to let the user log out. Again, these pages won't show up unless a patched version of picketlink is being used. If picketlink 2.1.6.Final is being used, then a blank white page will likely show up instead. Created attachment 809151 [details]
403 page
I swear that yesterday the 403 page was displayed every time.. today I found out: 1. start server 2. login as user without 'overlorduser' role Will result in a blank page without 403 and exception in console but: 1. start server 2. log in as admin (has 'overlord' user role) 3. log out admin 4. immediately login as user without 'overlorduser' role Will display a 403 page without exception in console My eap's picketlink version is 2.1.6.Final Ok great, thanks for the additional comments. I think this confirms that the full solution to this issue requires a patch to picketlink. Hi, verified on ER7-2 |