Red Hat Bugzilla – Bug 534582
session timing out generates errors in server log if you have browser pointing at dashboard
Last modified: 2015-02-01 18:24:58 EST
This is because of the ajax requests from the dashboard portlets make requests against the dead session. On the dashboard you end up with the following in several of the portlets... Security Alert The page requested cannot be displayed due to insufficient permissions. Please contact your RHQ Administrator to add the necessary permissions. In the rhq server log you get: [org.rhq.enterprise.gui.legacy.portlet.recentlyApproved.ViewAction] Error generating recently added data: The session ID for user [rhqadmin] is invalid!: invocation: method=public java.util.List org.rhq.enterprise.server.resource.ResourceManagerBean.getRecentlyAddedPlatforms(org.rhq.core.domain.auth.Subject,long),context-data={} org.rhq.enterprise.server.authz.PermissionException: The session ID for user [rhqadmin] is invalid!: invocation: method=public java.util.List org.rhq.enterprise.server.resource.ResourceManagerBean.getRecentlyAddedPlatforms(org.rhq.core.domain.auth.Subject,long),context-data={} at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.buildPermissionException(RequiredPermissionsInterceptor.java:161) at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.buildPermissionException(RequiredPermissionsInterceptor.java:157) at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:97) at sun.reflect.GeneratedMethodAccessor93.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77) at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:106) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:214) at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:184) at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:81) at $Proxy260.getRecentlyAddedPlatforms(Unknown Source) at org.rhq.enterprise.gui.legacy.portlet.recentlyApproved.ViewAction.execute(ViewAction.java:66) at org.apache.struts.tiles.actions.TilesAction.execute(TilesAction.java:73) at org.rhq.enterprise.gui.legacy.action.BaseRequestProcessor.processActionPerform(BaseRequestProcessor.java:46) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) at org.apache.struts.action.ActionServlet.process(ActionServlet.j
this should be solvable using Seam Filters
This may or may not be connected, but just before I start seeing the session exceptions in the log comes 2009-01-15 16:14:05,877 ERROR [org.apache.struts.taglib.tiles.InsertTag] Servlet Exception in '/portlet/summaryCounts/View.jsp': javax.servlet.jsp.JspException: Error - tag importAttribute : property 'summary' not found in context. Check tag syntax org.apache.jasper.JasperException: An exception occurred processing JSP page /po rtlet/summaryCounts/View.jsp at line 16 13: <tiles:put name="showRefresh" beanName="showRefresh" /> 14: </tiles:insert> 15: 16: <tiles:importAttribute name="summary"/> 17: <tiles:importAttribute name="platform"/> 18: <tiles:importAttribute name="server"/> 19: <tiles:importAttribute name="service"/>
charles, yup, they both have the same root cause. one tries to access a method that is behind our method-level security, the other deals with the result of what our authentication interceptor results in.
rev2724 - the dashboard portlets now graceful suppress authorized data from being displayed once the http session times out;
i've attached a screenshot of what the dashboard looks like after all portlets try to refresh AFTER the http session has timed out. the exceptions are no longer piped to the server log anymore either.
Fixed, rev2733 Dashboard just shows "no resources to display" for all portlets. Server logs show: 2009-01-27 13:14:05,372 INFO [org.jboss.seam.contexts.Contexts] starting up: org.jboss.seam.security.identity 2009-01-27 13:14:05,373 INFO [org.jboss.seam.contexts.Contexts] starting up: org.jboss.seam.web.session
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-1365 Imported an attachment (id=368530)