585416 – Add Users and Add Roles pages rewrite groupId in URL as type - Can result in ResourceTypeNotFoundException

Bug 585416 - Add Users and Add Roles pages rewrite groupId in URL as type - Can result in ResourceTypeNotFoundException

Summary: Add Users and Add Roles pages rewrite groupId in URL as type - Can result in ...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	RHQ Project
Classification:	Other
Component:	Core UI
Sub Component:
Version:	1.3.1
Hardware:	All
OS:	All
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	John Sanda
QA Contact:	Corey Welton
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	jon-sprint10-bugs
TreeView+	depends on / blocked

Reported:	2010-04-23 23:08 UTC by Larry O'Leary
Modified:	2010-05-24 17:39 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:	JON 2.3.1
Last Closed:	2010-05-17 17:44:27 UTC
Embargoed:

Attachments	(Terms of Use)
git-format-patch (6.42 KB, patch) 2010-04-23 23:52 UTC, Larry O'Leary	no flags	Details \| Diff
View All

Description Larry O'Leary 2010-04-23 23:08:16 UTC

Description of problem:
When using the Add Users or Add Roles pages on the UI to add users or roles to a group - such as a group alert definition - the following exception can occur:

org.rhq.enterprise.server.resource.ResourceTypeNotFoundException: Resource type with id [10581] does not exist. 
   at org.rhq.enterprise.server.resource.ResourceTypeManagerBean.getResourceTypeById(ResourceTypeManagerBean.java:87) 
   at sun.reflect.GeneratedMethodAccessor1517.invoke(Unknown Source) 
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
   at java.lang.reflect.Method.invoke(Method.java:597) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112) 
   at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166) 
   at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77) 
   at sun.reflect.GeneratedMethodAccessor84.invoke(Unknown Source) 
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
   at java.lang.reflect.Method.invoke(Method.java:597) 
   at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) 
   at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:153) 
   at sun.reflect.GeneratedMethodAccessor83.invoke(Unknown Source) 
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
   at java.lang.reflect.Method.invoke(Method.java:597) 
   at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) 
   at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) 
   at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77) 
   at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) 
   at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) 
   at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240) 
   at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210) 
   at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84) 
   at $Proxy177.getResourceTypeById(Unknown Source) 
   at org.rhq.enterprise.gui.legacy.action.resource.ResourceController.setResource(ResourceController.java:96) 
   at org.rhq.enterprise.gui.legacy.action.resource.ResourceController.setResource(ResourceController.java:61) 
   at org.rhq.enterprise.gui.legacy.action.resource.common.monitor.alerts.config.PortalAction.setResource(PortalAction.java:93) 
   at org.rhq.enterprise.gui.legacy.action.resource.common.monitor.alerts.config.PortalAction.addUsersDefinitions(PortalAction.java:303) 
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 
   at java.lang.reflect.Method.invoke(Method.java:597) 
   at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:270) 
   at org.rhq.enterprise.gui.legacy.action.BaseDispatchAction.execute(BaseDispatchAction.java:82) 
   at org.rhq.enterprise.gui.legacy.action.BaseRequestProcessor.processActionPerform(BaseRequestProcessor.java:46) 
   at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) 
   at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) 
   at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) 
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) 
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:654) 
   at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:557) 
   at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:481) 
   at org.apache.struts.tiles.UrlController.execute(UrlController.java:89) 
   at org.apache.struts.tiles.TilesRequestProcessor.processTilesDefinition(TilesRequestProcessor.java:219) 
   at org.apache.struts.tiles.TilesRequestProcessor.internalModuleRelativeForward(TilesRequestProcessor.java:341) 
   at org.apache.struts.action.RequestProcessor.processForward(RequestProcessor.java:572) 
   at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:221) 
   at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) 
   at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) 
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) 
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:47) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.rhq.enterprise.gui.legacy.TullverketJonSPNEGOFilter.doFilter(TullverketJonSPNEGOFilter.java:169) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at net.sourceforge.spnego.SpnegoHttpFilter.doFilter(SpnegoHttpFilter.java:250) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) 
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) 
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) 
   at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) 
   at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) 
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 
   at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) 
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) 
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) 
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) 
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) 
   at java.lang.Thread.run(Thread.java:619)


Version-Release number of selected component (if applicable):
RHQ 1.3.1 and 1.3.0

How reproducible:
If a resource type does not exist with the same ID as the group that is being manipulated, always

Steps to Reproduce:
1. JON 2.3.1 install
2. at least 16 users in the system (Administration -> Security -> Users)
3. at least one "Compatible Group" with any number of resources in it
   # Groups -> New Group
   # Name: My Compat Group
   # Description: does not matter
   # Location: does not matter
   # Contains: Compatible Resources
   # Resource Type: Platform Type - Linux
   # Recursive: false
   # Click OK
4. at least one "Group Alert Definition" with any condition in it
   # Navigate to a "Compatible Group" - For example: Groups -> Compatible Groups >> My Compat Group
   # Select the Alert >> Definition tab 
   # Click New Definition
   # Name: My Group Alert Definition
   # If Condition: Metric: Free Memory
   # is Greater than: 1000
   # Click OK
5. add JON users for alert notification
   # Navigate to a "Compatible Group" - For example: Groups -> Compatible Groups >> My Compat Group
   # Select the Alert >> Definition tab 
   # Select My Group Alert Definition
   # Select Notify JON Users tab
   # Select Add To List button
   # Hover over page selection link/arrow on Users panel and notice URL contains type=#### parameter instead of groupId (http://localhost:7080/alerts/Config.do?mode=addUsers&ad=10061&type=10072&pna=1&sca=s.name&soa=ASC&psa=15
   # Select next page 2 link or next page arrow
      If a Resource Type does not exist that has the same ID as the Group Definition ID (groupId) and exception will be thrown
      Otherwise, things will appear to work as normal but notice the URL in the browser's location bar contains type=#### instead of groupId=####
  
Actual results:
Either ResourceTypeNotFoundException
Or notable type=#### replacing groupId=#### in the URL when selecting a page of the Users or Roles panel of the Add Users or Add Roles page.

Expected results:
No exception and type=#### should never appear in the URL within these operations.

Additional info:
The issue is that DefinitionUsersForm.jsp mistakenly maps groupId to the URL parameter named type.

This also occurs in DefinitionRolesForm.jsp and will most likely result in the same misbehaviour or error if adding Notify Roles when there are multiple pages of roles in the Add Role page/panel.

Comment 1 Larry O'Leary 2010-04-23 23:52:18 UTC

Created attachment 408765 [details]
git-format-patch

A patch that will fix this issue.  Patch should be good for 1.3.0, 1.3.1, and HEAD.

Comment 2 John Sanda 2010-05-17 17:42:21 UTC

The offending JSPs are obsolete in HEAD as they have been replaced with a JSF-based solution. Moving to ON_QA for final verification.

Comment 3 John Sanda 2010-05-17 17:44:27 UTC

I talked with Charles Crouch and am closing this out since the bug is no longer relevant for 2.4.

Note You need to log in before you can comment on or make changes to this bug.