Bug 627391
| Summary: | Users with a valid role is unable to view Tomcat AutoGroup graphs and tables | |||
|---|---|---|---|---|
| Product: | [Other] RHQ Project | Reporter: | Larry O'Leary <loleary> | |
| Component: | Core Server | Assignee: | RHQ Project Maintainer <rhq-maint> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Corey Welton <cwelton> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 3.0.0 | CC: | jsanda, rtimaniy, skondkar | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | All | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 649825 (view as bug list) | Environment: |
JBoss Operations Network
version: 2.4.0.GA
build number: 10927:8fb6059
Apache Tomcat 5.5.23
jopr-tomcat-plugin-3.0.0.GA.jar
|
|
| Last Closed: | Type: | --- | ||
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 616081, 649825, 703268 | |||
| Attachments: | ||||
Created attachment 441069 [details]
Screen shot showing Monitor -> Graphs page as rhqadmin user
Created attachment 441070 [details]
Screen shot showing Monitor -> Tables page as rhqadmin user
Created attachment 441071 [details]
Screen shot showing Monitor -> Graphs page as non-rhqadmin user
Created attachment 441072 [details]
Screen shot showing Monitor -> Tables page as non-rhqadmin user
The underlying bug is in a JPAQL query that excecutes in AuthorizationManagerBean.canViewAutoGroup. The relevant part of the exception is, Caused by: java.lang.IllegalArgumentException: org.hibernate.QueryParameterException: could not locate named parameter [subject] at org.hibernate.ejb.QueryImpl.setParameter(QueryImpl.java:176) at org.rhq.enterprise.server.authz.AuthorizationManagerBean.canViewAutoGroup(AuthorizationManagerBean.java:212) The problem is that the method is trying to bind the subject id to a named parameter "subject" but the named parameter as defined in the query is actually "subjectId". I am investigating possible workarounds. From looking at the git commits for JON2.4.1 (release3 branch) I believe this is fixed in there. John, please shout if thats not the case. Also please confirm whether this fix is also in master? The commit hashes (in the release3 branch) for the work are, da4c70da6d11ec2a8f1a18dba5bdecd4e31337ee ff677500c349d4c6e3908e27fa728251bd55a674 It does not appear that they have been merged into master yet. Ready for testing from the release3 branch Tested on RHQ-Rel build #422 (http://hudson-qe.rhq.rdu.redhat.com:8080/view/RHQ/job/ci-rhq-release/422/) Observation: Non-super can see metric graphs and metric tables of Tomcat AutoGroup. There isn't any exception when attempting to view metric tables/graphs. Observation: Non-superuser can see metric graphs and metric tables of Tomcat AutoGroup. There isn't any exception when attempting to view metric tables/graphs. Verified on RHQ-Rel (RHQ 3.0.1) build #422 It works as expected so making this bug as verified. Reverified this against jon-server-2.4.1-SNAPSHOT build# 24. The metric graphs and tables of Tomcat AutoGroup are displayed to the non-superuser. No exception is observed when attempting to view metric tables/graphs. Setting this back to ON_QA for testing in rhq401, since ips checked this into release-4.0.0 branch: http://git.fedorahosted.org/git?p=rhq/rhq.git;a=commit;h=079818ad45eda07cd1a6190ac571c6e24c58d885 http://git.fedorahosted.org/git?p=rhq/rhq.git;a=commit;h=8447359984ff3925311ef8e82f1663cbff783dee Verified on build#38 (Version: 4.0.1-SNAPSHOT Build Number: a104cdf) The metric graphs and tables of Tomcat AutoGroup are displayed to the non-superuser. The metric graph and tables in Tomcat connectors->Monitoring tab are displayed properly and no exception is observed when attempting to view metric tables/graphs. Attaching a screenshot for display of graph to the non-superuser. Marking as verified. Created attachment 500010 [details]
screenshot_graph
Bookkeeping - closing bug - fixed in recent release. Bookkeeping - closing bug - fixed in recent release. Bookkeeping - closing bug - fixed in recent release. Bookkeeping - closing bug - fixed in recent release. |
Created attachment 441068 [details] Relevant server log in debug mode with error at 2010-08-26 02:22:19,078 Description of problem: A user who has a role which contains a compatible group definition with Tomcat Server resources is unable to see any metric graphs and when selecting the Tables view the following error is displayed: QueryParameterException could not locate named parameter [subject] You can view the stack trace, return to the previous page, Dashboard, or Browse Resources page. The following stack trace is also available in the UI: javax.el.ELException: /rhq/common/monitor/tables.xhtml @52,103 value="#{MetricsTableUIBean.metricSummaries}": Error reading 'metricSummaries' on type org.rhq.enterprise.gui.measurement.tables.MetricsTableUIBean javax.faces.FacesException: javax.el.ELException: /rhq/common/monitor/tables.xhtml @52,103 value="#{MetricsTableUIBean.metricSummaries}": Error reading 'metricSummaries' on type org.rhq.enterprise.gui.measurement.tables.MetricsTableUIBean Complete stack can be found in attached log snippet. Version-Release number of selected component (if applicable): 3.0.0 How reproducible: Always Steps to Reproduce: # Install and configure JON 2.4 # Install Tomcat (test case used tomcat5 RPM 5.5.23 from RHEL5 repository) # Add Tomcat to inventory (test case imported Tomcat manually) # Create a new user account (Administration -> Security -> Users >> New...): Name: My User Email: myuser Password: 123456 Enable Login: Yes Username: myuser # Create new resource group (Groups -> New Group Definition): Name: Tomcat Servers Recursive: Yes # Add group definition condition: Group Definition Conditions: groupby resource.parent.trait[Trait.hostname] resource.type.plugin=Tomcat resource.type.name=Tomcat Server # Calculate groups # Confirm that at least one group was created containing at least 1 child # Create a new role (Administration -> Security -> Roles >> New...): Name: Tomcat Managers Manage bundles: Yes Modify Yes Delete Yes Create Children Yes Alert Write Measure Write Content Write Control Write Configure Read # Add user to new role (Assigned Users >> Add To List...): Users: myuser # Add group(s) to new role (Assigned Resource Groups >> Add To List...): Groups: DynaGroup - Tomcat Servers ( hostname ) # Navigate to Resources -> Servers # Click on Tomcat Server resource # Expand and select Tomcat Server resource -> Tomcat Connector # Select Monitor -> Graphs tab # Verify Tomcat Connector resource is available and graphs are being displayed (TomcatConnector_Monitor-Graphs_rhqadmin.png) # Select Monitor -> Tables tab # Verify tables are being displayed with data (TomcatConnector_Monitor-Tables_rhqadmin.png) # Logout # Login as myuser/123456 # Navigate to Resources -> Servers # Click on Tomcat Server resource # Expand and select Tomcat Server resource -> Tomcat Connector # Select Monitor -> Graphs tab # Notice that availability appears but graphs do not (TomcatConnector_Monitor-Graphs_myuser.png) # Select Monitor -> Tables tab # Notice the "QueryParameterException could not locate named parameter [subject]" error message (TomcatConnector_Monitor-Tables_myuser.png) Relevant server log at debug is attached (rhq-server-debug.log) Actual results: Non-superuser sees no Tomcat AutoGroup metric graphs and strange exception when attempting to view metric tables. Expected results: Metric graphs and metric tables as non-superuser Additional info: This issue may not be limited to the AutoGroup displays of a Tomcat server and may not occur if other role permissions are used. The testing was limited to this specific use-case.