1179940 – Missing exception handling in MembeshipDAOImpl

Bug 1179940 - Missing exception handling in MembeshipDAOImpl

Summary: Missing exception handling in MembeshipDAOImpl

Keywords:
Status:	VERIFIED
Alias:	None
Product:	JBoss Enterprise Portal Platform 6
Classification:	JBoss
Component:	Portal
Sub Component:
Version:	6.1.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	ER09
Target Release:	6.2.0
Assignee:	Peter Palaga
QA Contact:	vramik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-01-07 21:35 UTC by Martin Weiler
Modified:	2023-02-27 08:27 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1180232 (view as bug list)
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
Byteman rule to simulate DB exception (1.75 KB, text/plain) 2015-01-08 13:20 UTC, Martin Weiler	no flags	Details
GenericJDBCException - 6.1.1.GA (8.21 KB, text/plain) 2015-03-17 15:41 UTC, Tomas Kyjovsky	no flags	Details
GenericJDBCException - 6.2.0.ER9 (7.79 KB, text/plain) 2015-03-17 15:41 UTC, Tomas Kyjovsky	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	GTNPORTAL-3572	0	Major	Resolved	Missing exception handling in MembeshipDAOImpl	2017-08-24 08:29:51 UTC

Description Martin Weiler 2015-01-07 21:35:17 UTC

Description of problem:
Platform issue for GTNPORTAL-3572

MembershipDAOImpl.linkMembership(...) is missing exception handling around the following call:

  getIdentitySession().getRoleManager().createRole(mt.getName(), user.getUserName(), groupId);

If this call fails, eg. for example due to an exception from the underlying database, this result in a corrupted transaction state. Subsequent requests using this thread fail with an error similar to the following:

  org.hibernate.AssertionFailure: null id in org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationship entry (don't flush the Session after an exception occurs)


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 2 Martin Weiler 2015-01-08 13:17:37 UTC

Steps to reproduce the error, and test a fix:

1. Start JPP 6
2. Login as root and create:
   - a new group /platform/test
   - a new user demo (only assigned to /platform/users)
3. Stop the server
4. Edit standalone.xml:

                <security-domain name="gatein-domain" cache-type="default">
                    <authentication>
                         <login-module code="org.exoplatform.web.security.InitSharedStateLoginModule" flag="required">
                            <module-option name="portalContainerName" value="portal"/>
                            <module-option name="realmName" value="gatein-domain"/>
                         </login-module>
                         <login-module code="org.exoplatform.services.security.jaas.SharedStateLoginModule" flag="required">
                            <module-option name="portalContainerName" value="portal"/>
                            <module-option name="realmName" value="gatein-domain"/>
                         </login-module>
                          <login-module code="org.exoplatform.services.organization.idm.CustomMembershipLoginModule" flag="required">
                            <module-option name="portalContainerName" value="portal"/>
                            <module-option name="realmName" value="gatein-domain"/>
                            <module-option name="membershipType" value="member"/>
                            <module-option name="groupId" value="/platform/test"/>
                          </login-module> 
                        <login-module code="org.exoplatform.services.security.j2ee.JBossAS7LoginModule" flag="required">
                            <module-option name="portalContainerName" value="portal"/>
                            <module-option name="realmName" value="gatein-domain"/>
                        </login-module>
                    </authentication>
                </security-domain>

5. Start the server
6. Install byteman against the JPP pid
7. Submit the attached byteman rules. This will simulate a DB error during CustomMembershipLoginModule.addUserToPlatformUsers
8. Log in as user 'demo'

Without the fix for GTNPORTAL-3572, the exception will not be handled properly in MembershipDAOImpl. This leads to the following:

* JPP 6.1.1 / GateIn 3.6:
An Identity operation error is logged:
Caused by: org.hibernate.TransactionException: nested transactions not supported
The user is not logged in, and further requests using this thread are broken.

* JPP 6.2 / GateIn 3.8:
IDM error recovery is happening on CustomMembershipLoginModule.end -> PicketLinkIDMOrganizationServiceImpl.endRequest. Further requests using this thread are handled properly. Nevertheless, proper exception handling inside MembershipDAOImpl is better instead of waiting on the lifecycle end method to clean up the transaction.

Comment 3 Martin Weiler 2015-01-08 13:20:13 UTC

Created attachment 977804 [details]
Byteman rule to simulate DB exception

Comment 4 Peter Palaga 2015-02-24 15:07:46 UTC

https://github.com/gatein/gatein-portal/pull/925 was merged in upstream

Comment 5 Tomas Kyjovsky 2015-03-17 15:40:29 UTC

Martin, I get the same exception for 6.2.0.ER9 and 6.1.1.GA with your byteman script, but it's different from what you wrote in Comment 2:

...
org.hibernate.exception.GenericJDBCException: could not insert
...

Comment 6 Tomas Kyjovsky 2015-03-17 15:41:35 UTC

Created attachment 1002845 [details]
GenericJDBCException - 6.1.1.GA

Comment 7 Tomas Kyjovsky 2015-03-17 15:41:55 UTC

Created attachment 1002846 [details]
GenericJDBCException - 6.2.0.ER9

Comment 8 Tomas Kyjovsky 2015-03-17 15:42:29 UTC

Btw, the GenericJDBCException already appears during portal startup. I never get to the demo login part.

Comment 9 Martin Weiler 2015-03-17 16:03:28 UTC

Tomas,

are you starting JPP with the byteman script already? The steps to follow should be:

- start JPP to create a new group and user, stop JPP again
- edit standalone.xml to add the CustomMembershipLoginModule with the new group
- start JPP again (no byteman)
- after JPP has started, install the byteman rule
- try to log in with the new test user (not yet assigned to the new group)

HTH,
Martin

Comment 10 Tomas Kyjovsky 2015-03-17 16:05:26 UTC

Looks like I missed few steps, sorry. I will retest.

Comment 11 vramik 2015-03-18 16:27:00 UTC

I've retested and I get the same stacktrace as Tomas (https://bugzilla.redhat.com/attachment.cgi?id=1002846). According to IRC conversation with Martin, the db exception is handeles and the issue can be cosidered as fixed, so I'm changing status to verified.

Note You need to log in before you can comment on or make changes to this bug.