Bug 688358

Summary: [JBPAPP-6104] JON 2.4.1: User Database "Save" operation fails, but reports Success
Product: [JBoss] JBoss Enterprise Web Server 2 Reporter: Ondřej Žižka <ozizka>
Component: JON PluginAssignee: Jean-frederic Clere <jclere>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Foley <mfoley>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ccrouch, hrupp, jdoyle, lfuka, majoshi, mfoley, mhasko, mhusnain, myarboro
Target Milestone: ---   
Target Release: 2.0.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The add, modify and remove operations in tomcat 6 and 7 do not manipulate the user database as expected. As a result, the JBoss Operations Network interface fails. The plugin logic is now fixed. To ensure JBoss Operations Network works as expected, set <literal>readonly="false"</literal> in the <parameter>UserDatabase</parameter> resource in the <filename>server.xml</filename> file.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-03 12:58:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 683054, 956987, 956990    

Description Ondřej Žižka 2011-03-16 21:09:10 UTC 
Only happens on Tomcat 6. Tomcat 5.5 might be configured differently (user db not read only).
However this is rather RHQ plugin bug.

-----------------------------------
Tomcat log:

Mar 15, 2011 3:21:38 PM org.apache.catalina.users.MemoryUserDatabase save
SEVERE: User database has been configured to be read only. Changes cannot be saved

-----------------------------------
RHQ web:

3/15/11, 3:21:40 PM, EDT Save Save current users and groups to persistent storage. Success rhqadmin
Comment 1 Charles Crouch 2012-10-11 19:05:14 UTC 
Looking at https://issues.apache.org/bugzilla/show_bug.cgi?id=49436 this 
message seems to be the result of a change in default behaviour between Tomcat 
5 and 6.
In v5 you could persist changes to Tomcat's user/role/group database 
out-of-the-box. However in v6 it appears you need to specify the atrribute 
readonly=false on the <Resource name="UserDatabase" .../> element in the 
server.xml before any changes will persist.
As a workaround we could document the changes that are required to server.xml. 
In the future the plugin could be extended to potentially update the server.xml 
directly to make this change. It looks like this change can't be made via JMX 
which is how we make other configuration updates.
Dropping priority to medium since the issue has a workaround.
Comment 2 Charles Crouch 2012-10-11 19:15:13 UTC 
Moved to the JON product BZ to make tracking it easier.
Comment 3 mark yarborough 2012-11-12 20:25:33 UTC 
myarboro determine owner in EWS product team.
Comment 4 Rémy Maucherat 2012-12-14 16:39:03 UTC 
*** Bug 886984 has been marked as a duplicate of this bug. ***
Comment 5 Michal Haško 2012-12-17 13:28:41 UTC 
The issue described in comment#0 still affects tomcat6 even with readonly="false" attribute on the <Resource> tag in server.xml.
Comment 7 Michal Haško 2013-01-08 09:09:50 UTC 
This issue affects all tomcat{5,6,7} versions.
Comment 9 Michal Haško 2013-04-11 13:28:14 UTC 
Isn't this a duplicate of 865459 or 901050?
Comment 10 Jean-frederic Clere 2013-04-17 08:45:32 UTC 
It is a duplicate of 865459
Comment 11 Libor Fuka 2013-05-10 13:26:41 UTC 
865459 set verified, so this one is also verified
Comment 12 Mandar Joshi 2013-05-14 06:29:12 UTC 
Added DocText.

@Wei Nan Li, can you please review the Doc Text content?
Comment 13 Mandar Joshi 2013-05-14 06:45:58 UTC 
oops..

@Jean-Frederic Clere,  can you please review the Doc Text content?
Comment 14 Jean-frederic Clere 2013-05-14 09:02:23 UTC 
"Cause: Removing a tomcat role in JBoss Enterprise Web Server causes the JBoss Operations Network (JON) interface to fail. Restarting tomcat displays the removed role in the tomcat-users.xml file but not in the JBoss Operations Network web interface.

Consequence: Tomcat 6 and Tomcat 7 does not invoke the save operation. Thus, when a tomcat role is removed using the JON web interface, the tomcat-users.xml file does not get updated. When tomcat,restarts, the role is present in the tomcat-users.xml file but not in the JBoss Operations Network web interface.

Fix: ?

Result: When JBoss Operations Network is used to remove a tomcat role, the tomcat-users.xml file updates and the role is removed as expected."

Well that is not OK.

Any operation were affected add, remove and modify, no changes were written in tomcat-users.xml.

Fix: The storeconfig module (delivered as catalina-storeconfig.jar)  has been added back to tomcat6 and tomcat7, users need to activate the corresponding listener in serverx.ml to get the JON feature working.

 <Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
Comment 15 Jean-frederic Clere 2013-05-30 08:05:35 UTC 
Hm

My Fix comment is wrong, please use the following:

Fix: The plugin logic has been fixed, the user needs to set readonly="false"
in the resource UserDatabase of server.xml to get the JON feature working.
Comment 16 Jean-frederic Clere 2013-05-30 11:20:06 UTC 
No the text is still wrong... Sorry I screwed it see comment #15.
Comment 17 Michal Haško 2013-06-12 07:49:16 UTC 
I think the first line of the doc text should clearly say that the add/modify/remove operations manipulate the user database.
Currently it sounds as any add/modify/remove operation should update the tomcat-users.xml file, which is of course not true.
Comment 18 Misha H. Ali 2013-06-12 11:38:59 UTC 
Updated. Michal, please confirm if the doc_text is now correct.
Comment 19 Michal Haško 2013-06-12 12:33:08 UTC 
Thanks, I think the doc text is now correct.