>The thing that pops out for me is that there are 17 threads currently >executing the below code path, all of them having >AuthorizationManagerBean.hasGlobalPermission() as the last RHQ EJB method that >was called. Keep in mind, as I understand it, there are 20 users logged into >the GUI doing stuff, but still, this looks very suspicious to me. > > Thanks, > Ian > > at java.lang.Class.getInterfaces(Native Method) > at org.hibernate.intercept.FieldInterceptionHelper.isInstrumented(FieldInterceptionHelper.java:27) > at org.hibernate.intercept.FieldInterceptionHelper.isInstrumented(FieldInterceptionHelper.java:38) > at org.hibernate.engine.EntityEntry.requiresDirtyCheck(EntityEntry.java:221) > at org.hibernate.event.def.DefaultFlushEntityEventListener.onFlushEntity(DefaultFlushEntityEventListener.java:118) > at org.hibernate.event.def.AbstractFlushingEventListener.flushEntities(AbstractFlushingEventListener.java:196) > at org.hibernate.event.def.AbstractFlushingEventListener.flushEverythingToExecutions(AbstractFlushingEventListener.java:76) > at org.hibernate.event.def.DefaultAutoFlushEventListener.onAutoFlush(DefaultAutoFlushEventListener.java:35) > at org.hibernate.impl.SessionImpl.autoFlushIfRequired(SessionImpl.java:969) > at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1114) > at org.hibernate.impl.QueryImpl.list(QueryImpl.java:79) > at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:80) > at org.rhq.enterprise.server.authz.AuthorizationManagerBean.hasGlobalPermission(AuthorizationManagerBean.java:111) > at org.rhq.enterprise.server.authz.AuthorizationManagerBean.isInventoryManager(AuthorizationManagerBean.java:166) > at org.rhq.enterprise.server.authz.AuthorizationManagerBean.canViewResource(AuthorizationManagerBean.java:142) > at sun.reflect.GeneratedMethodAccessor617.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112) > at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166) > at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(TxPolicy.java:126) > at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:195) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77) > at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240) > at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210) > at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84) > at $Proxy149.canViewResource(Unknown Source) > at org.rhq.enterprise.server.measurement.MeasurementScheduleManagerBean.findSchedulesByResourcesAndDefinitions(MeasurementScheduleManagerBean.java:262) > at org.rhq.enterprise.server.measurement.MeasurementScheduleManagerBean.findSchedulesByResourceIdsAndDefinitionId(MeasurementScheduleManagerBean.java:255) > at sun.reflect.GeneratedMethodAccessor1523.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112) > at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166) > at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77) > at sun.reflect.GeneratedMethodAccessor96.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) > at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:153) > at sun.reflect.GeneratedMethodAccessor95.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) > at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(TxPolicy.java:126) > at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:195) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77) > at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240) > at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210) > at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84) > at $Proxy321.findSchedulesByResourceIdsAndDefinitionId(Unknown Source) > at org.rhq.enterprise.server.measurement.MeasurementChartsManagerBean.getAggregateMetricDisplaySummaries(MeasurementChartsManagerBean.java:454) > at org.rhq.enterprise.server.measurement.MeasurementChartsManagerBean.getMetricDisplaySummariesForCompatibleGroup(MeasurementChartsManagerBean.java:120) > at org.rhq.enterprise.server.measurement.MeasurementChartsManagerBean.getMetricDisplaySummariesForCompatibleGroup(MeasurementChartsManagerBean.java:179) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112) > at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166) > at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77) > at sun.reflect.GeneratedMethodAccessor96.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) > at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:153) > at sun.reflect.GeneratedMethodAccessor95.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) > at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) > at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77) > at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) > at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) > at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240) > at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210) > at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84) > at $Proxy358.getMetricDisplaySummariesForCompatibleGroup(Unknown Source) > at org.rhq.enterprise.gui.measurement.graphs.IndicatorChartsUIBean.<init>(IndicatorChartsUIBean.java:90) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) > at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) > at java.lang.reflect.Constructor.newInstance(Constructor.java:494) > at java.lang.Class.newInstance0(Class.java:350) > at java.lang.Class.newInstance(Class.java:303) > at com.sun.faces.mgbean.BeanBuilder.newBeanInstance(BeanBuilder.java:186) > at com.sun.faces.mgbean.BeanBuilder.build(BeanBuilder.java:106) > at com.sun.faces.mgbean.BeanManager.createAndPush(BeanManager.java:368) > at com.sun.faces.mgbean.BeanManager.create(BeanManager.java:230) > at com.sun.faces.el.ManagedBeanELResolver.getValue(ManagedBeanELResolver.java:86) > at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:53) > at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72) > at org.jboss.el.parser.AstIdentifier.getValue(AstIdentifier.java:44) > at org.jboss.el.parser.AstValue.getValue(AstValue.java:63) > at org.jboss.el.parser.AstNotEqual.getValue(AstNotEqual.java:21) > at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186) > at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71) > at com.sun.facelets.tag.TagAttribute.getObject(TagAttribute.java:233) > at com.sun.facelets.tag.TagAttribute.getBoolean(TagAttribute.java:79) > at com.sun.facelets.tag.jstl.core.IfHandler.apply(IfHandler.java:49) > at com.sun.facelets.tag.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:47) > at com.sun.facelets.tag.jsf.ComponentHandler.applyNextHandler(ComponentHandler.java:314) > at com.sun.facelets.tag.jsf.ComponentHandler.apply(ComponentHandler.java:169) > at com.sun.facelets.tag.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:47) > at com.sun.facelets.tag.ui.CompositionHandler.apply(CompositionHandler.java:119) > at com.sun.facelets.compiler.NamespaceHandler.apply(NamespaceHandler.java:49) > at com.sun.facelets.compiler.EncodingHandler.apply(EncodingHandler.java:25) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:248) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:294) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:273) > at com.sun.facelets.impl.DefaultFaceletContext.includeFacelet(DefaultFaceletContext.java:144) > at com.sun.facelets.tag.ui.IncludeHandler.apply(IncludeHandler.java:60) > at com.sun.facelets.tag.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:47) > at com.sun.facelets.tag.ui.CompositionHandler.apply(CompositionHandler.java:119) > at com.sun.facelets.compiler.NamespaceHandler.apply(NamespaceHandler.java:49) > at com.sun.facelets.compiler.EncodingHandler.apply(EncodingHandler.java:25) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:248) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:294) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:273) > at com.sun.facelets.impl.DefaultFaceletContext.includeFacelet(DefaultFaceletContext.java:144) > at com.sun.facelets.tag.ui.IncludeHandler.apply(IncludeHandler.java:60) > at com.sun.facelets.tag.ui.DefineHandler.applyDefinition(DefineHandler.java:64) > at com.sun.facelets.tag.ui.CompositionHandler.apply(CompositionHandler.java:131) > at com.sun.facelets.impl.DefaultFaceletContext$TemplateManager.apply(DefaultFaceletContext.java:310) > at com.sun.facelets.impl.DefaultFaceletContext.includeDefinition(DefaultFaceletContext.java:280) > at com.sun.facelets.tag.ui.InsertHandler.apply(InsertHandler.java:68) > at com.sun.facelets.tag.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:47) > at com.sun.facelets.tag.ui.DefineHandler.applyDefinition(DefineHandler.java:64) > at com.sun.facelets.tag.ui.CompositionHandler.apply(CompositionHandler.java:131) > at com.sun.facelets.impl.DefaultFaceletContext$TemplateManager.apply(DefaultFaceletContext.java:310) > at com.sun.facelets.impl.DefaultFaceletContext.includeDefinition(DefaultFaceletContext.java:280) > at com.sun.facelets.tag.ui.InsertHandler.apply(InsertHandler.java:68) > at com.sun.facelets.tag.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:47) > at com.sun.facelets.tag.jsf.core.ViewHandler.apply(ViewHandler.java:109) > at com.sun.facelets.tag.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:47) > at com.sun.facelets.compiler.NamespaceHandler.apply(NamespaceHandler.java:49) > at com.sun.facelets.tag.CompositeFaceletHandler.apply(CompositeFaceletHandler.java:47) > at com.sun.facelets.compiler.EncodingHandler.apply(EncodingHandler.java:25) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:248) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:294) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:273) > at com.sun.facelets.impl.DefaultFaceletContext.includeFacelet(DefaultFaceletContext.java:144) > at com.sun.facelets.tag.ui.CompositionHandler.apply(CompositionHandler.java:113) > at com.sun.facelets.compiler.NamespaceHandler.apply(NamespaceHandler.java:49) > at com.sun.facelets.compiler.EncodingHandler.apply(EncodingHandler.java:25) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:248) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:294) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:273) > at com.sun.facelets.impl.DefaultFaceletContext.includeFacelet(DefaultFaceletContext.java:144) > at com.sun.facelets.tag.ui.CompositionHandler.apply(CompositionHandler.java:113) > at com.sun.facelets.compiler.NamespaceHandler.apply(NamespaceHandler.java:49) > at com.sun.facelets.compiler.EncodingHandler.apply(EncodingHandler.java:25) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:248) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:294) > at com.sun.facelets.impl.DefaultFacelet.include(DefaultFacelet.java:273) > at com.sun.facelets.impl.DefaultFaceletContext.includeFacelet(DefaultFaceletContext.java:144) > at com.sun.facelets.tag.ui.CompositionHandler.apply(CompositionHandler.java:113) > at com.sun.facelets.compiler.NamespaceHandler.apply(NamespaceHandler.java:49) > at com.sun.facelets.compiler.EncodingHandler.apply(EncodingHandler.java:25) > at com.sun.facelets.impl.DefaultFacelet.apply(DefaultFacelet.java:95) > at com.sun.facelets.FaceletViewHandler.buildView(FaceletViewHandler.java:524) > at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:567) > at org.rhq.enterprise.gui.common.framework.FaceletRedirectionViewHandler.renderView(FaceletRedirectionViewHandler.java:64) > at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:100) > at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:176) > at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110) > at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) > at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) > at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:532) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:47) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) > at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:38) > at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) > at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) > at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) > at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) > at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) > at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) > at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) > at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178) > at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) > at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:390) > at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:517) > at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) > at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) > at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58) > at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) > at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) > at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) > at java.lang.Thread.run(Thread.java:595)
Ok, I can see how this would be bad. If you have a compatible group of 900 resources with 8 metrics enabled we're going to call canViewResource 8*900 times... when we don't actually have to call it at all. that'd be 7200 extra trips to the db. And that's just for the summary. Then of course we have to go load the data. The entire getAggregateMetricDisplaySummaries needs to be rewritten for the compatible group case. With one group level auth check that happens once and single queries to aggregate the metrics. - Greg
We can always change: SomeSLSB ... { List<Result> someMethod(...int[] resourceIds...) { for (int resourceId : resourceIds) { if (!authorizationManager.canViewResource(subject, resourceId)) ... } ... } } To: SomeSLSB ... { List<Result> someMethod(...int[] resourceIds...) { if (!authorizationManager.canViewAllResources(subject, resourceIds)) ... ... } } If the intent is to investigate a patch for 2.x, then I think this would be a safer interim solution because, for the most part, it involves writing only a single, easily unit-testable, new method...as opposed to refactoring and/or rewriting existing methods across several measurement-related SLSBs to use the different (but obviously vastly improved) authorization style. Granted, the implementation for 'canViewAllResources' should / would have to batch the 'resourceIds' into chunks of 1000 (to bypass Oracle in-clause restrictions), but we have several examples of how to do that across the code base today. You're still getting comparable savings in terms of the number of DB roundtrips, and the DB would only have to work marginally harder because most of what 'canViewAllResources' needs would be available in table indexes. Then again, the batching might be somewhat moot in this scenario. Looking at "private List<MeasurementSchedule> findSchedulesByResourcesAndDefinitions(Subject subject, int[] resourceIds, int[] definitionIds)" I see that the call to MeasurementSchedule.FIND_BY_RESOURCE_IDS_AND_DEFINITION_IDS isn't batched, which means we already don't support rendering groups containing more than 1000 members. ; /
I committed some changes so that we are no longer making NxM calls to AuthorizationManagerBean where N = number of measurement schedule defs and M = number of resources. We now only make 1 call. Moving to ON_QA as the changes have been merged into master.
QA Closing - this looks like a code change.
Mass-closure of verified bugs against JON.