Bug 534582 (RHQ-1365) - session timing out generates errors in server log if you have browser pointing at dashboard
Summary: session timing out generates errors in server log if you have browser pointin...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: RHQ-1365
Product: RHQ Project
Classification: Other
Component: Core UI
Version: 1.2
Hardware: All
OS: All
low
medium
Target Milestone: ---
: ---
Assignee: Joseph Marques
QA Contact: Jeff Weiss
URL: http://jira.rhq-project.org/browse/RH...
Whiteboard:
Depends On:
Blocks: RHQ-692
TreeView+ depends on / blocked
 
Reported: 2009-01-15 22:01 UTC by Charles Crouch
Modified: 2015-02-01 23:24 UTC (History)
2 users (show)

Fixed In Version: 1.2
Clone Of:
Environment:
trunk from jan14th
Last Closed:
Embargoed:


Attachments (Terms of Use)
dashboardAfterSessionExpires.png (36.81 KB, image/png)
2009-01-23 14:30 UTC, Joseph Marques
no flags Details

Description Charles Crouch 2009-01-15 22:01:00 UTC
This is because of the ajax requests from the dashboard portlets make requests against the dead session.

On the dashboard you end up with the following in several of the portlets...

Security Alert  	
The page requested cannot be displayed due to insufficient permissions. Please contact your RHQ Administrator to add the necessary permissions.


In the rhq server log you get:

[org.rhq.enterprise.gui.legacy.portlet.recentlyApproved.ViewAction] Error generating recently added data: The session ID for user [rhqadmin] is invalid!: invocation: method=public java.util.List org.rhq.enterprise.server.resource.ResourceManagerBean.getRecentlyAddedPlatforms(org.rhq.core.domain.auth.Subject,long),context-data={}
org.rhq.enterprise.server.authz.PermissionException: The session ID for user [rhqadmin] is invalid!: invocation: method=public java.util.List org.rhq.enterprise.server.resource.ResourceManagerBean.getRecentlyAddedPlatforms(org.rhq.core.domain.auth.Subject,long),context-data={}
at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.buildPermissionException(RequiredPermissionsInterceptor.java:161)
at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.buildPermissionException(RequiredPermissionsInterceptor.java:157)
at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:97)
at sun.reflect.GeneratedMethodAccessor93.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:106)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:214)
at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:184)
at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:81)
at $Proxy260.getRecentlyAddedPlatforms(Unknown Source)
at org.rhq.enterprise.gui.legacy.portlet.recentlyApproved.ViewAction.execute(ViewAction.java:66)
at org.apache.struts.tiles.actions.TilesAction.execute(TilesAction.java:73)
at org.rhq.enterprise.gui.legacy.action.BaseRequestProcessor.processActionPerform(BaseRequestProcessor.java:46)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.struts.action.ActionServlet.process(ActionServlet.j

Comment 1 Joseph Marques 2009-01-15 22:13:35 UTC
this should be solvable using Seam Filters

Comment 2 Charles Crouch 2009-01-15 23:01:51 UTC
This may or may not be connected, but just before I start seeing the session exceptions in the log comes

2009-01-15 16:14:05,877 ERROR [org.apache.struts.taglib.tiles.InsertTag] Servlet
Exception in '/portlet/summaryCounts/View.jsp': javax.servlet.jsp.JspException:
Error - tag importAttribute : property 'summary' not found in context. Check tag
 syntax
org.apache.jasper.JasperException: An exception occurred processing JSP page /po
rtlet/summaryCounts/View.jsp at line 16

13:   <tiles:put name="showRefresh" beanName="showRefresh" />
14: </tiles:insert>
15:
16: <tiles:importAttribute name="summary"/>
17: <tiles:importAttribute name="platform"/>
18: <tiles:importAttribute name="server"/>
19: <tiles:importAttribute name="service"/>



Comment 3 Joseph Marques 2009-01-23 12:50:55 UTC
charles, yup, they both have the same root cause.  one tries to access a method that is behind our method-level security, the other deals with the result of what our authentication interceptor results in.

Comment 4 Joseph Marques 2009-01-23 14:29:44 UTC
rev2724 - the dashboard portlets now graceful suppress authorized data from being displayed once the http session times out; 

Comment 5 Joseph Marques 2009-01-23 14:30:36 UTC
i've attached a screenshot of what the dashboard looks like after all portlets try to refresh AFTER the http session has timed out.  the exceptions are no longer piped to the server log anymore either.

Comment 6 Jeff Weiss 2009-01-27 18:19:44 UTC
Fixed, rev2733

Dashboard just shows "no resources to display" for all portlets.  Server logs show:

2009-01-27 13:14:05,372 INFO  [org.jboss.seam.contexts.Contexts] starting up: org.jboss.seam.security.identity
2009-01-27 13:14:05,373 INFO  [org.jboss.seam.contexts.Contexts] starting up: org.jboss.seam.web.session




Comment 7 Red Hat Bugzilla 2009-11-10 20:31:24 UTC
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-1365
Imported an attachment (id=368530)



Note You need to log in before you can comment on or make changes to this bug.