Bug 534582 - (RHQ-1365) session timing out generates errors in server log if you have browser pointing at dashboard
session timing out generates errors in server log if you have browser pointin...
Status: CLOSED NEXTRELEASE
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
1.2
All All
low Severity medium (vote)
: ---
: ---
Assigned To: Joseph Marques
Jeff Weiss
http://jira.rhq-project.org/browse/RH...
: SubBug
Depends On:
Blocks: RHQ-692
  Show dependency treegraph
 
Reported: 2009-01-15 17:01 EST by Charles Crouch
Modified: 2015-02-01 18:24 EST (History)
2 users (show)

See Also:
Fixed In Version: 1.2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
trunk from jan14th
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
dashboardAfterSessionExpires.png (36.81 KB, image/png)
2009-01-23 09:30 EST, Joseph Marques
no flags Details

  None (edit)
Description Charles Crouch 2009-01-15 17:01:00 EST
This is because of the ajax requests from the dashboard portlets make requests against the dead session.

On the dashboard you end up with the following in several of the portlets...

Security Alert  	
The page requested cannot be displayed due to insufficient permissions. Please contact your RHQ Administrator to add the necessary permissions.


In the rhq server log you get:

[org.rhq.enterprise.gui.legacy.portlet.recentlyApproved.ViewAction] Error generating recently added data: The session ID for user [rhqadmin] is invalid!: invocation: method=public java.util.List org.rhq.enterprise.server.resource.ResourceManagerBean.getRecentlyAddedPlatforms(org.rhq.core.domain.auth.Subject,long),context-data={}
org.rhq.enterprise.server.authz.PermissionException: The session ID for user [rhqadmin] is invalid!: invocation: method=public java.util.List org.rhq.enterprise.server.resource.ResourceManagerBean.getRecentlyAddedPlatforms(org.rhq.core.domain.auth.Subject,long),context-data={}
at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.buildPermissionException(RequiredPermissionsInterceptor.java:161)
at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.buildPermissionException(RequiredPermissionsInterceptor.java:157)
at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:97)
at sun.reflect.GeneratedMethodAccessor93.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:106)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:214)
at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:184)
at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:81)
at $Proxy260.getRecentlyAddedPlatforms(Unknown Source)
at org.rhq.enterprise.gui.legacy.portlet.recentlyApproved.ViewAction.execute(ViewAction.java:66)
at org.apache.struts.tiles.actions.TilesAction.execute(TilesAction.java:73)
at org.rhq.enterprise.gui.legacy.action.BaseRequestProcessor.processActionPerform(BaseRequestProcessor.java:46)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.struts.action.ActionServlet.process(ActionServlet.j
Comment 1 Joseph Marques 2009-01-15 17:13:35 EST
this should be solvable using Seam Filters
Comment 2 Charles Crouch 2009-01-15 18:01:51 EST
This may or may not be connected, but just before I start seeing the session exceptions in the log comes

2009-01-15 16:14:05,877 ERROR [org.apache.struts.taglib.tiles.InsertTag] Servlet
Exception in '/portlet/summaryCounts/View.jsp': javax.servlet.jsp.JspException:
Error - tag importAttribute : property 'summary' not found in context. Check tag
 syntax
org.apache.jasper.JasperException: An exception occurred processing JSP page /po
rtlet/summaryCounts/View.jsp at line 16

13:   <tiles:put name="showRefresh" beanName="showRefresh" />
14: </tiles:insert>
15:
16: <tiles:importAttribute name="summary"/>
17: <tiles:importAttribute name="platform"/>
18: <tiles:importAttribute name="server"/>
19: <tiles:importAttribute name="service"/>

Comment 3 Joseph Marques 2009-01-23 07:50:55 EST
charles, yup, they both have the same root cause.  one tries to access a method that is behind our method-level security, the other deals with the result of what our authentication interceptor results in.
Comment 4 Joseph Marques 2009-01-23 09:29:44 EST
rev2724 - the dashboard portlets now graceful suppress authorized data from being displayed once the http session times out; 
Comment 5 Joseph Marques 2009-01-23 09:30:36 EST
i've attached a screenshot of what the dashboard looks like after all portlets try to refresh AFTER the http session has timed out.  the exceptions are no longer piped to the server log anymore either.
Comment 6 Jeff Weiss 2009-01-27 13:19:44 EST
Fixed, rev2733

Dashboard just shows "no resources to display" for all portlets.  Server logs show:

2009-01-27 13:14:05,372 INFO  [org.jboss.seam.contexts.Contexts] starting up: org.jboss.seam.security.identity
2009-01-27 13:14:05,373 INFO  [org.jboss.seam.contexts.Contexts] starting up: org.jboss.seam.web.session


Comment 7 Red Hat Bugzilla 2009-11-10 15:31:24 EST
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-1365
Imported an attachment (id=368530)

Note You need to log in before you can comment on or make changes to this bug.