Bug 1012449 - INFO message exception stack trace filling server.log file
Summary: INFO message exception stack trace filling server.log file
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Operations Network
Classification: JBoss
Component: Core Server
Version: JON 3.2
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ER04
: JON 3.2.0
Assignee: Heiko W. Rupp
QA Contact: Mike Foley
URL:
Whiteboard:
Depends On:
Blocks: 1016049
TreeView+ depends on / blocked
 
Reported: 2013-09-26 13:39 UTC by Jeeva Kandasamy
Modified: 2014-01-02 20:43 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1016049 (view as bug list)
Environment:
Last Closed: 2014-01-02 20:43:28 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
info-exception-trace (26.17 KB, text/x-log)
2013-09-26 13:39 UTC, Jeeva Kandasamy 		no flags Details
View All

Description Jeeva Kandasamy 2013-09-26 13:39:14 UTC 
Created attachment 803411 [details]
info-exception-trace

Description of problem:
I created a role with default permissions + Manage Alert (Write). Assigned a user on that group. logged-in via that user. When ever I clock "Inventory", INFO message filling the server.log file with stack exception trace(attached).

00:27:39,683 INFO  [org.rhq.enterprise.server.resource.ResourceManagerBean] (http-/0.0.0.0:7080-4) Failed to get live availability.: org.rhq.enterprise.server.authz.PermissionException: Can not get agent details - Subject[id=10001,name=testuser] lacks MANAGE_SETTINGS for resource[id=10001]

I feel as this is an expected message, we might put it on DEBUG level and may remove exception stack trace.

Version-Release number of selected component (if applicable):
Version: 3.2.0.ER1
Build Number: 54dd29c:464a643
GWT Version: 2.5.0
SmartGWT Version: 3.0

How reproducible:
100%

Steps to Reproduce:
1. create a role with default permissions + Manage Alert (Write).
2. create an user and assign the user to the role (step#1) 
3. login via the user created on step#2
4. tail server.log
5. Click on "Inventory" tab.


Additional info: log is attached
Comment 1 Heiko W. Rupp 2013-10-07 12:00:51 UTC 
master e0283c2

Please note, that in above case when the user e.g. only has access to a group with CPUs, but not to the platform itself, which is what

  >>>  PermissionException: Can not get agent details -  
  >>> Subject[id=10001,name=testuser] lacks MANAGE_SETTINGS for resource[id=10001]

is saying, it also means that the interactive avail check in the UI is failing (as it can not be triggered), so that availability shows grey.

I am marking this one as modified, as this issue is solved, but will clone it to consider changing the handling here.
Comment 2 Lukas Krejci 2013-10-07 12:49:53 UTC 
commit 8356e9344fa5c768607eb1b341c4ece550319694
Author: Lukas Krejci <lkrejci>
Date:   Mon Oct 7 14:49:14 2013 +0200

    [BZ 1016049] - Avoid requiring MANAGE_SETTINGS for live avail checks.
    
    We were using a method that requires MANAGE_SETTINGS permission, which
    is not what we want here. If a user has perms to view a resource (which
    is checked for), they should be able to access its availability.
Comment 3 Lukas Krejci 2013-10-09 13:20:49 UTC 
commit e9e3d41b71c8fd40e9b010fc408b0457ed1b4e8b
Author: Lukas Krejci <lkrejci>
Date:   Wed Oct 9 14:08:30 2013 +0200

    [BZ 1016049] - Avoid requiring MANAGE_SETTINGS for live avail checks.
    
    trying to use AgentManagerLocal.getAgentClient(Agent) does not work in
    ResourceManagerBean.getLiveAvailability() because getLiveAvailability()
    never runs in a transaction.
    
    Use the original approach taken by BZ 988881, only making sure we pass in
    an overlord when requesting the agent client to avoid the failing perm
    check if the user requesting the live availability doesn't have
    MANAGE_SETTINGS permission.
    (cherry picked from commit 83330253f038abaad9311a376257700197a0ffa4)
Comment 4 Simeon Pinder 2013-10-24 04:10:37 UTC 
Moving to ON_QA for testing in the next build.
Note You need to log in before you can comment on or make changes to this bug.