Red Hat Bugzilla – Bug 1280313
Multiple client command execution through SOAP interface does not authenticate correctly
Last modified: 2018-01-30 23:45:38 EST
Description of problem:
We have a test case which tries to run a process using SOAP with invalid credentials. The test passes (exception is thrown) if it is run alone. However, if other SOAP test is run before, no exception is thrown. I think this means that SOAP is using the user credentials from previous test and so it is not stateless as it should be.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Run some commands using SOAP interface with valid credentials.
2. Try to run some command using SOAP interface with invalid credentials.
The command is executed and no exception is thrown
Exception should be thrown
See testNotExistingUser() method here:
I have just tried it with BPMS 6.1 and exception is thrown there. However, the different one when the test is executed alone (RemoteCommunicationException) and with other SOAP tests (WebServiceException). In BPMS 6.2 there is the same exception when the test is executed alone (RemoteCommunicationException) and no exception if it is executed together with other SOAP tests.
Could you provide a test that reproduces this issue?
I tried to reproduce the issue in several different ways but was unable to do so.
At the moment, my suspicion is that this is not a bug, but a weird by-product of the QE tests. However, I've also been wrong about my suspicions quite often!
Apologies Tomas, it took me a while, but all of a sudden I understood where the mistake was and what was happening.
Please ignore the above comment.
However, I do not believe this is a blocker.
What I'm seeing is the following:
1. In certain situations, it's possible to _create a client_ with incorrect/unauthorized login information.
2. However, _requests_ with unauthorized login information are not succeeding.
This means that the problem is only limited to the creation of clients and does not extend to unauthorized requests.
Tomas and/or Lukash, could you confirm this?
Marco, it seems that the SOAP client is working though it uses wrong credentials.
I checked the jenkins jobs and the test passes all the assertions in the code below:
RemoteController rc = new SOAPCommandController(TestConfig.getApplicationUrl(), IntegrationBase.DEPLOYMENT_ID,
ProcessInstance pi = rc.startProcess(DEPLOYMENT_ID, SCRIPT_TASK_PROCESS_ID, null);
And the test fails with java.lang.AssertionError: Expected exception: org.kie.remote.client.api.exception.RemoteCommunicationException
In the log I can see the process instance too.
ProcessInstance 1133 [processId=org.jboss.qa.bpms.ScriptTask,state=2]
Maciej has found a likely fix:
I've confirmed that the same class (AuthValueImpl) also exists in the IBM and Open JDK.
The following code, if executed before the test, provides a workaround:
QE, would it be possible for you to verify this workaround on the test today? (Nov 24th)
(In reply to Marco Rietveld from comment #15)
> QE, would it be possible for you to verify this workaround on the test
> today? (Nov 24th)
Unfortunately not. :-( Everybody gone already. First thing in the morning, though.
Marco, I have just tested it and our reproducer passes when I execute that method before each test. So it seems the issue is fixed by this workaround.
Verified in BPM Suite 6.2.0.CR2