Bug 585416 - Add Users and Add Roles pages rewrite groupId in URL as type - Can result in ResourceTypeNotFoundException
Add Users and Add Roles pages rewrite groupId in URL as type - Can result in ...
Status: CLOSED WONTFIX
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
1.3.1
All All
low Severity medium (vote)
: ---
: ---
Assigned To: John Sanda
Corey Welton
:
Depends On:
Blocks: jon-sprint10-bugs
  Show dependency treegraph
 
Reported: 2010-04-23 19:08 EDT by Larry O'Leary
Modified: 2010-05-24 13:39 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
JON 2.3.1
Last Closed: 2010-05-17 13:44:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
git-format-patch (6.42 KB, patch)
2010-04-23 19:52 EDT, Larry O'Leary
no flags Details | Diff

  None (edit)
Description Larry O'Leary 2010-04-23 19:08:16 EDT
Description of problem:
When using the Add Users or Add Roles pages on the UI to add users or roles to a group - such as a group alert definition - the following exception can occur:

org.rhq.enterprise.server.resource.ResourceTypeNotFoundException: Resource type with id [10581] does not exist. 
   at org.rhq.enterprise.server.resource.ResourceTypeManagerBean.getResourceTypeById(ResourceTypeManagerBean.java:87) 
   at sun.reflect.GeneratedMethodAccessor1517.invoke(Unknown Source) 
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
   at java.lang.reflect.Method.invoke(Method.java:597) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112) 
   at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166) 
   at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77) 
   at sun.reflect.GeneratedMethodAccessor84.invoke(Unknown Source) 
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
   at java.lang.reflect.Method.invoke(Method.java:597) 
   at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) 
   at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:153) 
   at sun.reflect.GeneratedMethodAccessor83.invoke(Unknown Source) 
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
   at java.lang.reflect.Method.invoke(Method.java:597) 
   at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) 
   at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) 
   at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77) 
   at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240) 
   at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210) 
   at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84) 
   at $Proxy177.getResourceTypeById(Unknown Source) 
   at org.rhq.enterprise.gui.legacy.action.resource.ResourceController.setResource(ResourceController.java:96) 
   at org.rhq.enterprise.gui.legacy.action.resource.ResourceController.setResource(ResourceController.java:61) 
   at org.rhq.enterprise.gui.legacy.action.resource.common.monitor.alerts.config.PortalAction.setResource(PortalAction.java:93) 
   at org.rhq.enterprise.gui.legacy.action.resource.common.monitor.alerts.config.PortalAction.addUsersDefinitions(PortalAction.java:303) 
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
   at java.lang.reflect.Method.invoke(Method.java:597) 
   at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:270) 
   at org.rhq.enterprise.gui.legacy.action.BaseDispatchAction.execute(BaseDispatchAction.java:82) 
   at org.rhq.enterprise.gui.legacy.action.BaseRequestProcessor.processActionPerform(BaseRequestProcessor.java:46) 
   at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) 
   at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) 
   at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) 
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) 
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:654) 
   at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:557) 
   at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:481) 
   at org.apache.struts.tiles.UrlController.execute(UrlController.java:89) 
   at org.apache.struts.tiles.TilesRequestProcessor.processTilesDefinition(TilesRequestProcessor.java:219) 
   at org.apache.struts.tiles.TilesRequestProcessor.internalModuleRelativeForward(TilesRequestProcessor.java:341) 
   at org.apache.struts.action.RequestProcessor.processForward(RequestProcessor.java:572) 
   at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:221) 
   at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) 
   at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) 
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) 
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:47) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.rhq.enterprise.gui.legacy.TullverketJonSPNEGOFilter.doFilter(TullverketJonSPNEGOFilter.java:169) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at net.sourceforge.spnego.SpnegoHttpFilter.doFilter(SpnegoHttpFilter.java:250) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) 
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) 
   at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) 
   at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) 
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 
   at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) 
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) 
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) 
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) 
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) 
   at java.lang.Thread.run(Thread.java:619)


Version-Release number of selected component (if applicable):
RHQ 1.3.1 and 1.3.0

How reproducible:
If a resource type does not exist with the same ID as the group that is being manipulated, always

Steps to Reproduce:
1. JON 2.3.1 install
2. at least 16 users in the system (Administration -> Security -> Users)
3. at least one "Compatible Group" with any number of resources in it
   # Groups -> New Group
   # Name: My Compat Group
   # Description: does not matter
   # Location: does not matter
   # Contains: Compatible Resources
   # Resource Type: Platform Type - Linux
   # Recursive: false
   # Click OK
4. at least one "Group Alert Definition" with any condition in it
   # Navigate to a "Compatible Group" - For example: Groups -> Compatible Groups >> My Compat Group
   # Select the Alert >> Definition tab 
   # Click New Definition
   # Name: My Group Alert Definition
   # If Condition: Metric: Free Memory
   # is Greater than: 1000
   # Click OK
5. add JON users for alert notification
   # Navigate to a "Compatible Group" - For example: Groups -> Compatible Groups >> My Compat Group
   # Select the Alert >> Definition tab 
   # Select My Group Alert Definition
   # Select Notify JON Users tab
   # Select Add To List button
   # Hover over page selection link/arrow on Users panel and notice URL contains type=#### parameter instead of groupId (http://localhost:7080/alerts/Config.do?mode=addUsers&ad=10061&type=10072&pna=1&sca=s.name&soa=ASC&psa=15
   # Select next page 2 link or next page arrow
      If a Resource Type does not exist that has the same ID as the Group Definition ID (groupId) and exception will be thrown
      Otherwise, things will appear to work as normal but notice the URL in the browser's location bar contains type=#### instead of groupId=####
  
Actual results:
Either ResourceTypeNotFoundException
Or notable type=#### replacing groupId=#### in the URL when selecting a page of the Users or Roles panel of the Add Users or Add Roles page.

Expected results:
No exception and type=#### should never appear in the URL within these operations.

Additional info:
The issue is that DefinitionUsersForm.jsp mistakenly maps groupId to the URL parameter named type.

This also occurs in DefinitionRolesForm.jsp and will most likely result in the same misbehaviour or error if adding Notify Roles when there are multiple pages of roles in the Add Role page/panel.
Comment 1 Larry O'Leary 2010-04-23 19:52:18 EDT
Created attachment 408765 [details]
git-format-patch

A patch that will fix this issue.  Patch should be good for 1.3.0, 1.3.1, and HEAD.
Comment 2 John Sanda 2010-05-17 13:42:21 EDT
The offending JSPs are obsolete in HEAD as they have been replaced with a JSF-based solution. Moving to ON_QA for final verification.
Comment 3 John Sanda 2010-05-17 13:44:27 EDT
I talked with Charles Crouch and am closing this out since the bug is no longer relevant for 2.4.

Note You need to log in before you can comment on or make changes to this bug.