Bug 614886 - PermissionException with "read only" role
PermissionException with "read only" role
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
3.0.0
All All
urgent Severity high (vote)
: ---
: ---
Assigned To: Ian Springer
Sudhir D
:
Depends On:
Blocks: jon-sprint12-bugs
  Show dependency treegraph
 
Reported: 2010-07-15 09:44 EDT by Greg Hinkle
Modified: 2013-08-05 20:37 EDT (History)
5 users (show)

See Also:
Fixed In Version: 2.4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-12 12:45:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch that fixes this issue (1.84 KB, patch)
2010-07-20 13:57 EDT, Ian Springer
no flags Details | Diff
Group conifguration update (197.74 KB, image/png)
2010-07-21 05:47 EDT, Sudhir D
no flags Details

  None (edit)
Description Greg Hinkle 2010-07-15 09:44:45 EDT
Description of problem:
If you log in as a user with only the "measure" permission assigned for a resource and then browse to that resourcce, the overview page throws and exception instead of loading.

PermissionException
User [readonly] does not have permission to manage configuration for resource[id=10001]

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. create group with a resource
2. create role with only "measure" permission and assign created group
3. create a user and assign only the role created above
4. browse to resource and view summary -> overview subtab
  
Actual results:
PermissionException

Expected results:
Page should load with whatever data the user should be able to see. e.g. the config section should show a lock or something instead of the config change data

Additional info:
Comment 1 Charles Crouch 2010-07-15 12:56:21 EDT
We should look at fixing this. For now we dont need a fancy lock icon, just a message.
Comment 2 Joseph Marques 2010-07-16 01:44:39 EDT
commit 9b91e5efdfd522c622bb8d779b01bd75b799e616
Author: Joseph Marques <joseph@redhat.com>
Date:   Fri Jul 16 01:42:31 2010 -0400

BZ-614886: fix permissions necessary for resource/plugin configuration updates
    
* historic/auditing data should not requires permission above and beyond the
  ability to view the corresponding resource to which that data is attached

-----

the user should not be able to the view the entirety of the summary>overview sub-tab without any further permissions beyond having the corresponding resource in some group in one of that user's roles.
Comment 3 Sudhir D 2010-07-16 04:51:56 EDT
Tested on jon-server-2.4.0.GA_QA.zip  build# 65. Still getting below error.


PermissionException
	User [testuser] does not have permission to manage configuration for resource[id=10003]
	You can view the stack trace, return to the previous page, Dashboard, or Browse Resources page.

Will keep it in ON_QA and re-test on next build as I'm not sure if the changes were present in the above build.
Comment 4 Joseph Marques 2010-07-16 09:36:47 EDT
Sudhir, take note of the timestamp for my comment (1:45am EDT).  I only pushed the fix for this a short while before you tested it (4:50am EDT).  so the JON build you tested it against wouldn't have had the fix yet.  the JON build created at or around noon EDT today will have the fix.
Comment 5 Joseph Marques 2010-07-16 10:56:37 EDT
After discussion with the team, we actually want to treat a few subsystems differently - resource configuration and operations.  Both of these subsystems should **not** allow users to **view** the data, unless they have the corresponding permission:

current and historic resource configuration - CONFIGURE
scheduled operations / operation history - CONTROL

-----

The fix for each will require a similar strategy:

* go to the XXXManagerBean SLSB
* find all methods that return current / scheduled / historic data
* add the necessary permission check to the top of each of those methods
* use IDE tools to inspect the call hierarchy for every single one of these methods
** follow all paths back up to the UI, and test those pages to make sure the top-level exception handling is acceptable (i.e., the entire page shouldn't blow up if this data was only rendering as one small part of it, because that prevents the viewing of data that the user would have otherwise been able to see)
** follow all paths to other SLSB callers, as these new permissions will change the precondition / assumptions of those callers.  if overlord was being passed, then we're safe because he can do everything in the system.  but if the credentialed user was being passed to the method that has the new security checks, it may now fail in ways previously unhandled.  in these instances, we'll have to figure out what should be the right handling on a case-by-case basis.

-----

Since we're close to release, we need to isolate this fix to the configuration subsystem first.  Time-allowing, we may revisit this for operations as well.
Comment 6 Joseph Marques 2010-07-19 01:35:12 EDT
commit c1472c2fa4cc5c3c05321961bfd63408d7b8f08a
Author: Joseph Marques <joseph@redhat.com>
Date:   Sun Jul 18 18:06:03 2010 -0400

    BZ-614886: add secondary permission for configuration subsystem
    
part 1 - new enum
    
* rename CONFIGURE perm to CONFIGURE_WRITE
** rename action is safe because permissions are persisted using ordinals, not string names
* add new CONFIGURE_READ permission
** must be added to the end of the enum, becuase permissions are persisted using ordinals
    
part 2 - update code paths
   
* update code paths previously using CONFIGURE perm to now use CONFIGURE_WRITE
* for ResourceDetailView, change logic to show tab if user has config-read perm on resource
Comment 7 Joseph Marques 2010-07-19 01:35:36 EDT
commit c09481313e95c91d65c758117ff2bbe03b5e9eac
Author: Joseph Marques <joseph@redhat.com>
Date:   Sun Jul 18 22:45:03 2010 -0400

    BZ-614886: update view/edit role page to accomodate new read/write config permissions
    
* new layout for permissions we may eventually want to have separate read/write bits
* new properties in ApplicationResources.properties for i18n
* use javascript to keep the read/write bits in "sync"
** if config-write is checked, also check config-read
** if config-read is unckeched, also uncheck config-write
* update the RoleManagerBean to ensure config-read is added when config-write is selected
** this will mostly be for remote callers, since our UI already uses javascript to handle this more intuitively
Comment 8 Joseph Marques 2010-07-19 01:38:23 EDT
commit 5c5877e4f6c8ae0770e65cc5482a33a4bf75f17b
Author: Joseph Marques <joseph@redhat.com>
Date:   Mon Jul 19 01:03:37 2010 -0400

    BZ-614886: fix all callpaths originating from existing UI to respect configuration authorization
    
----- security changes in resource-specific facelets -----
    
resource/summary/overview.xhtml
   configData: !!MISSING!! -> ResourceUIBean.permissions.configureRead
    
resource/configuration/view.xhtml
   configData: !!MISSING!! -> ResourceUIBean.permissions.configureRead
   editButtons: ResourceUIBean.permissions.configure -> ResourceUIBean.permissions.configureWrite
   added error message if user doesn't have read permission on the resource
    
resource/configuration/edit.xhtml
   configData: !!MISSING!! -> ResourceUIBean.permissions.configureRead
   editButtons: ResourceUIBean.permissions.configure -> ResourceUIBean.permissions.configureWrite
   added error message if user doesn't have read permission on the resource
    
resource/configuration/history.xhtml
   configData: !!MISSING!! -> ResourceUIBean.permissions.configureRead
   editButtons: ResourceUIBean.permissions.configure -> ResourceUIBean.permissions.configureWrite
       added error message if user doesn't have read permission on the resource
    
resource/configuration/raw.xhtml (included from other protected pages)
   ResourceUIBean.permissions.configure -> ResourceUIBean.permissions.configureWrite
    
resource/configuration/structured.xhtml (included from other protected pages)
   ResourceUIBean.permissions.configure -> ResourceUIBean.permissions.configureWrite
    
----- security changes in resource-specific jsf managed beans -----
    
resource/configuration/view.xhtml -> ResourceConfigurationViewer
   getLatestResourceConfigurationUpdate(subject, resourceId, fromStructured)
      canViewResource -> hasResourcePermission(CONFIGURE_READ)
   isResourceConfigurationUpdateInProgress(subject, resourceId)
      canViewResource -> hasResourcePermission(CONFIGURE_READ)
    
resource/configuration/edit.xhtml -> ResourceConfigurationEditor
   translateResourceConfiguration(subject, resourceId, configuration, fromStructured)
      canViewResource -> hasResourcePermission(CONFIGURE_READ)
   updateStructuredOrRawConfiguration(subject, resourceId, configuration, fromStructured)
      !!MISSING!! -> hasResourcePermission(CONFIGURE_WRITE)
   updateResourceConfiguration(subject, resourceId, configuration, fromStructured)
      !!MISSING!! -> hasResourcePermission(CONFIGURE_WRITE)

resource/configuration/history.xhtml -> GetLatestConfigurationUpdateUIBean
   getLatestResourceConfigurationUpdate(subject, resourceId, fromStructured)
      already secured as part of resource/configuration/view.xhtml work
    
resource/configuration/history.xhtml -> ListConfigurationUpdateUIBean
   updateStructuredOrRawConfiguration(subject, resourceId, configuration, fromStructured)
      already secured as part of resource/configuration/edit.xhtml work
   updateResourceConfiguration(subject, resourceId, configuration, fromStructured)
      already secured as part of resource/configuration/edit.xhtml work
   purgeResourceConfigurationUpdate(subject, configurationUpdateId, purgeInProgress)
      this method was already correctly using CONFIGURE_WRITE permission
   findResourceConfigurationUpdates(subject, resourceId, beginDate, endDate, suppressOldest, pc)
      !!MISSING!! -> hasResourcePermission(CONFIGURE_READ)
    
resource/configuration/history.xhtml -> ViewResourceConfigurationUpdateUIBean
   translateResourceConfiguration(subject, resourceId, configuration, fromStructured)
      already secured as part of resource/configuration/edit.xhtml work
   updateStructuredOrRawConfiguration(subject, resourceId, configuration, fromStructured)
      already secured as part of resource/configuration/edit.xhtml work
   updateResourceConfiguration(subject, resourceId, configuration, fromStructured)
      already secured as part of resource/configuration/edit.xhtml work
   getLatestResourceConfigurationUpdate(subject, resourceId, fromStructured)
      already secured as part of resource/configuration/view.xhtml work
    
----- security changes in group-specific facelets -----
    
group/configuration/viewCurrent.xhtml
   configData: !!MISSING!! -> ResourceUIBean.permissions.configureRead
   editButtons: ResourceUIBean.permissions.configure -> ResourceUIBean.permissions.configureWrite
   added error message if user doesn't have read permission on the resource
    
group/configuration/editCurrent.xhtml
   configData: !!MISSING!! -> ResourceUIBean.permissions.configureRead
   save/reset/cancel buttons: ResourceUIBean.permissions.configure -> ResourceUIBean.permissions.configureWrite
   added error message if user doesn't have read permission on the resource
    
group/configuration/history.xhtml
   configData: !!MISSING!! -> ResourceUIBean.permissions.configureRead
   deleteButton: !!MISSING!! -> ResourceUIBean.permissions.configureWrite
   added error message if user doesn't have read permission on the resource
    
----- security changes in group-specific jsf managed beans -----
    
group/configuration/viewCurrent.xhtml -> ViewGroupResourceConfigurationUIBean
   getResourceConfigurationsForCompatibleGroup(subject, groupId)
      !!MISSING!! -> hasResourcePermission(CONFIGURE_READ)
    
group/configuration/editCurrent.xhtml -> EditGroupResourceConfigurationUIBean
   scheduleGroupResourceConfigurationUpdate(subject, groupId, map(resourceId, config))
      already secured correctly CONFIGURE_WRITE, no changes necessary
    
group/configuration/history.xhtml -> GroupResourceConfigurationHistoryUIBean
   deleteGroupResourceConfigurationUpdates(subject, groupId, groupConfigUpdateIds)
      already secured correctly CONFIGURE_WRITE, no changes necessary
   findGroupResourceConfigurationUpdates(groupId, pc)
      !!MISSING!! - added subject it to interface, then added hasGroupPermission(CONFIGURE_READ)

group/configuration/history.xhtml -> GroupResourceConfigurationHistoryDetailsUIBean
   getResourceConfigurationMapForGroupUpdate(groupConfigUpdateId)
      !!MISSING!! - added subject it to interface
      add call into getGroupPluginConfigurationUpdate(subject, groupConfigurationUpdateId)
         canViewGroup -> hasGroupPermission(CONFIGURE_READ)
   findResourceConfigurationUpdateCompositesByParentId(groupConfigUpdateId)
      !!MISSING!! - added subject it to interface
      add call into into getGroupPluginConfigurationUpdate(subject, groupConfigurationUpdateId)
         already secured as part of group/configuration/history.xhtml work
Comment 9 Joseph Marques 2010-07-19 01:39:00 EDT
commit 2bcb6f216b47999fd85b1f1b136cdb188dc81c30
Author: Joseph Marques <joseph@redhat.com>
Date:   Mon Jul 19 01:29:00 2010 -0400

    BZ-614886: finally, perform necessary upgrade tasks so users see no upgrade impact
    
if some role previously had CONFIGURE perm (now called CONFIGURE_WRITE), give it the implied perm CONFIGURE_READ so users don't experience an unexpected permission restriction after upgrade
Comment 10 Joseph Marques 2010-07-19 01:43:09 EDT
Test setup:

* create an "uber" group, containing all resources in the inventory for convenience (you can do this by creating a recursive, mixed group and adding all of the platforms for it)
* create a user called "noperm", assign him to a role with no perms, add the uber group to this role
* create a user called "config-read", assign him to a role with only CONFIGURE_READ permission, add the uber group to this role
* create a user called "config-write", assign him to a role with only CONFIGURE_WRITE permission, add the uber group to this role

Test verification:

* ensure that "noperm" user get an appropriate error message that he can not view resource configuration data when navigating to the tabs listed below
* ensure that "config-read" user get an appropriate error message that he can not edit resource configuration data when navigating to the tabs listed below
* ensure that "config-write" user can view and/or edit the configuration data for the tabs listed below

tab list:

resource tab: summary > overview
resource tab: configuration > view
resource tab: configuration > edit
resource tab: configuration > history
group tab: configuration > view
group tab: configuration > edit
group tab: configuration > history
Comment 11 Joseph Marques 2010-07-19 02:38:32 EDT
commit 6eafe393c583fdc260868248a69a827211c5195a
Author: Joseph Marques <joseph@redhat.com>
Date:   Mon Jul 19 02:25:21 2010 -0400

    BZ-614886: respect authz when displaying configUpdates in subsystem view
    
* only show config update rows that reference resources with CONFIGURE_READ perm
Comment 12 Joseph Marques 2010-07-19 16:18:39 EDT
Tested formal upgrade from RHQ 1.3.0 (JON 2.3.0) to RHQ 3.0.0, and the entire process completed successfully.  Logged into the UI and saw that roles which previously had CONFIGURE permission now had both CONFIGURE_READ and CONFIGURE_WRITE permission.
Comment 13 Sudhir D 2010-07-20 07:46:05 EDT
I have verified this in a fresh setup scenario and it is working as expected. Rajan will test the upgraded scenario.
Comment 14 John Sanda 2010-07-20 11:56:18 EDT
Testing against build 180 of ci-rhq-release hudson job. Encountered a NPE when trying to view a group config update on the group config history subtab.

Steps to reproduce:
0. Log in as rhqadmin and do the following as rhqadmin
1. Create compatible group
2. Apply group config update
3. Go to the group tab
4. Go to the configuration history for the group
5. Click on 'View Group Update' and an exception is thrown sending you to error.xhtml

Stack trace:
    javax.faces.FacesException: javax.el.ELException: /rhq/group/configuration/history.xhtml @169,51 configurationSet="#{GroupResourceConfigurationHistoryDetailsUIBean.configurationSet}": Error reading 'configurationSet' on type org.rhq.enterprise.gui.configuration.group.GroupResourceConfigurationHistoryDetailsUIBean at org.rhq.core.gui.util.FacesExpressionUtility.getValue(FacesExpressionUtility.java:50) at org.rhq.core.gui.util.FacesComponentUtility.getExpressionAttribute(FacesComponentUtility.java:336) at org.rhq.core.gui.configuration.propset.ConfigurationSetComponent.getConfigurationDefinition(ConfigurationSetComponent.java:58) at org.rhq.core.gui.configuration.ConfigRenderer.addChildComponents(ConfigRenderer.java:201) at org.rhq.core.gui.configuration.ConfigRenderer.encodeBegin(ConfigRenderer.java:162) at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:813) at org.ajax4jsf.renderkit.RendererBase.renderChild(RendererBase.java:275) at org.ajax4jsf.renderkit.RendererBase.renderChildren(RendererBase.java:258) at org.ajax4jsf.renderkit.html.AjaxOutputPanelRenderer.encodeChildren(AjaxOutputPanelRenderer.java:78) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:930) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:933) at javax.faces.render.Renderer.encodeChildren(Renderer.java:148) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at org.ajax4jsf.renderkit.RendererBase.renderChild(RendererBase.java:277) at org.ajax4jsf.renderkit.RendererBase.renderChildren(RendererBase.java:258) at org.richfaces.renderkit.html.PanelRenderer.doEncodeChildren(PanelRenderer.java:200) at org.richfaces.renderkit.html.PanelRenderer.doEncodeChildren(PanelRenderer.java:195) at org.ajax4jsf.renderkit.RendererBase.encodeChildren(RendererBase.java:120) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:930) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:933) at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:592) at org.rhq.enterprise.gui.common.framework.FaceletRedirectionViewHandler.renderView(FaceletRedirectionViewHandler.java:64) at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:100) at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:176) at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:530) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:50) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:38) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206) at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:51) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:619) Caused by: javax.el.ELException: /rhq/group/configuration/history.xhtml @169,51 configurationSet="#{GroupResourceConfigurationHistoryDetailsUIBean.configurationSet}": Error reading 'configurationSet' on type org.rhq.enterprise.gui.configuration.group.GroupResourceConfigurationHistoryDetailsUIBean at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:76) at org.rhq.core.gui.util.FacesExpressionUtility.getValue(FacesExpressionUtility.java:48) ... 81 more Caused by: javax.ejb.EJBException: java.lang.NullPointerException at org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:63) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83) at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77) at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240) at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210) at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84) at $Proxy365.getResourceConfigurationMapForGroupUpdate(Unknown Source) at org.rhq.enterprise.gui.configuration.group.GroupResourceConfigurationHistoryDetailsUIBean.getConfigurationSet(GroupResourceConfigurationHistoryDetailsUIBean.java:69) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.el.BeanELResolver.getValue(BeanELResolver.java:62) at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:53) at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72) at org.jboss.el.parser.AstPropertySuffix.getValue(AstPropertySuffix.java:53) at org.jboss.el.parser.AstValue.getValue(AstValue.java:67) at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186) at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71) ... 82 more Caused by: java.lang.NullPointerException at org.rhq.enterprise.server.configuration.ConfigurationManagerBean.getGroupPluginConfigurationUpdate(ConfigurationManagerBean.java:1969) at org.rhq.enterprise.server.configuration.ConfigurationManagerBean.getResourceConfigurationMapForGroupUpdate(ConfigurationManagerBean.java:1742) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166) at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77) at sun.reflect.GeneratedMethodAccessor195.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:156) at sun.reflect.GeneratedMethodAccessor194.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) ... 111 more 

/rhq/group/configuration/history.xhtml @169,51 configurationSet="#{GroupResourceConfigurationHistoryDetailsUIBean.configurationSet}": Error reading 'configurationSet' on type org.rhq.enterprise.gui.configuration.group.GroupResourceConfigurationHistoryDetailsUIBean

    javax.el.ELException: /rhq/group/configuration/history.xhtml @169,51 configurationSet="#{GroupResourceConfigurationHistoryDetailsUIBean.configurationSet}": Error reading 'configurationSet' on type org.rhq.enterprise.gui.configuration.group.GroupResourceConfigurationHistoryDetailsUIBean at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:76) at org.rhq.core.gui.util.FacesExpressionUtility.getValue(FacesExpressionUtility.java:48) at org.rhq.core.gui.util.FacesComponentUtility.getExpressionAttribute(FacesComponentUtility.java:336) at org.rhq.core.gui.configuration.propset.ConfigurationSetComponent.getConfigurationDefinition(ConfigurationSetComponent.java:58) at org.rhq.core.gui.configuration.ConfigRenderer.addChildComponents(ConfigRenderer.java:201) at org.rhq.core.gui.configuration.ConfigRenderer.encodeBegin(ConfigRenderer.java:162) at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:813) at org.ajax4jsf.renderkit.RendererBase.renderChild(RendererBase.java:275) at org.ajax4jsf.renderkit.RendererBase.renderChildren(RendererBase.java:258) at org.ajax4jsf.renderkit.html.AjaxOutputPanelRenderer.encodeChildren(AjaxOutputPanelRenderer.java:78) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:930) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:933) at javax.faces.render.Renderer.encodeChildren(Renderer.java:148) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at org.ajax4jsf.renderkit.RendererBase.renderChild(RendererBase.java:277) at org.ajax4jsf.renderkit.RendererBase.renderChildren(RendererBase.java:258) at org.richfaces.renderkit.html.PanelRenderer.doEncodeChildren(PanelRenderer.java:200) at org.richfaces.renderkit.html.PanelRenderer.doEncodeChildren(PanelRenderer.java:195) at org.ajax4jsf.renderkit.RendererBase.encodeChildren(RendererBase.java:120) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:930) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:933) at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:592) at org.rhq.enterprise.gui.common.framework.FaceletRedirectionViewHandler.renderView(FaceletRedirectionViewHandler.java:64) at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:100) at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:176) at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:530) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:50) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:38) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206) at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:51) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:619) Caused by: javax.ejb.EJBException: java.lang.NullPointerException at org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:63) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83) at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77) at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240) at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210) at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84) at $Proxy365.getResourceConfigurationMapForGroupUpdate(Unknown Source) at org.rhq.enterprise.gui.configuration.group.GroupResourceConfigurationHistoryDetailsUIBean.getConfigurationSet(GroupResourceConfigurationHistoryDetailsUIBean.java:69) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.el.BeanELResolver.getValue(BeanELResolver.java:62) at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:53) at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72) at org.jboss.el.parser.AstPropertySuffix.getValue(AstPropertySuffix.java:53) at org.jboss.el.parser.AstValue.getValue(AstValue.java:67) at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186) at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71) ... 82 more Caused by: java.lang.NullPointerException at org.rhq.enterprise.server.configuration.ConfigurationManagerBean.getGroupPluginConfigurationUpdate(ConfigurationManagerBean.java:1969) at org.rhq.enterprise.server.configuration.ConfigurationManagerBean.getResourceConfigurationMapForGroupUpdate(ConfigurationManagerBean.java:1742) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166) at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77) at sun.reflect.GeneratedMethodAccessor195.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:156) at sun.reflect.GeneratedMethodAccessor194.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) ... 111 more 

java.lang.NullPointerException

    javax.ejb.EJBException: java.lang.NullPointerException at org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:63) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83) at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77) at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240) at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210) at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84) at $Proxy365.getResourceConfigurationMapForGroupUpdate(Unknown Source) at org.rhq.enterprise.gui.configuration.group.GroupResourceConfigurationHistoryDetailsUIBean.getConfigurationSet(GroupResourceConfigurationHistoryDetailsUIBean.java:69) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.el.BeanELResolver.getValue(BeanELResolver.java:62) at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:53) at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72) at org.jboss.el.parser.AstPropertySuffix.getValue(AstPropertySuffix.java:53) at org.jboss.el.parser.AstValue.getValue(AstValue.java:67) at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186) at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71) at org.rhq.core.gui.util.FacesExpressionUtility.getValue(FacesExpressionUtility.java:48) at org.rhq.core.gui.util.FacesComponentUtility.getExpressionAttribute(FacesComponentUtility.java:336) at org.rhq.core.gui.configuration.propset.ConfigurationSetComponent.getConfigurationDefinition(ConfigurationSetComponent.java:58) at org.rhq.core.gui.configuration.ConfigRenderer.addChildComponents(ConfigRenderer.java:201) at org.rhq.core.gui.configuration.ConfigRenderer.encodeBegin(ConfigRenderer.java:162) at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:813) at org.ajax4jsf.renderkit.RendererBase.renderChild(RendererBase.java:275) at org.ajax4jsf.renderkit.RendererBase.renderChildren(RendererBase.java:258) at org.ajax4jsf.renderkit.html.AjaxOutputPanelRenderer.encodeChildren(AjaxOutputPanelRenderer.java:78) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:930) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:933) at javax.faces.render.Renderer.encodeChildren(Renderer.java:148) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at org.ajax4jsf.renderkit.RendererBase.renderChild(RendererBase.java:277) at org.ajax4jsf.renderkit.RendererBase.renderChildren(RendererBase.java:258) at org.richfaces.renderkit.html.PanelRenderer.doEncodeChildren(PanelRenderer.java:200) at org.richfaces.renderkit.html.PanelRenderer.doEncodeChildren(PanelRenderer.java:195) at org.ajax4jsf.renderkit.RendererBase.encodeChildren(RendererBase.java:120) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:930) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:933) at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:592) at org.rhq.enterprise.gui.common.framework.FaceletRedirectionViewHandler.renderView(FaceletRedirectionViewHandler.java:64) at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:100) at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:176) at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:530) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:50) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:38) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206) at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:51) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:619) Caused by: java.lang.NullPointerException at org.rhq.enterprise.server.configuration.ConfigurationManagerBean.getGroupPluginConfigurationUpdate(ConfigurationManagerBean.java:1969) at org.rhq.enterprise.server.configuration.ConfigurationManagerBean.getResourceConfigurationMapForGroupUpdate(ConfigurationManagerBean.java:1742) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166) at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77) at sun.reflect.GeneratedMethodAccessor195.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:156) at sun.reflect.GeneratedMethodAccessor194.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) ... 111 more 

    java.lang.NullPointerException at org.rhq.enterprise.server.configuration.ConfigurationManagerBean.getGroupPluginConfigurationUpdate(ConfigurationManagerBean.java:1969) at org.rhq.enterprise.server.configuration.ConfigurationManagerBean.getResourceConfigurationMapForGroupUpdate(ConfigurationManagerBean.java:1742) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166) at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77) at sun.reflect.GeneratedMethodAccessor195.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:156) at sun.reflect.GeneratedMethodAccessor194.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77) at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240) at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210) at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84) at $Proxy365.getResourceConfigurationMapForGroupUpdate(Unknown Source) at org.rhq.enterprise.gui.configuration.group.GroupResourceConfigurationHistoryDetailsUIBean.getConfigurationSet(GroupResourceConfigurationHistoryDetailsUIBean.java:69) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.el.BeanELResolver.getValue(BeanELResolver.java:62) at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:53) at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:72) at org.jboss.el.parser.AstPropertySuffix.getValue(AstPropertySuffix.java:53) at org.jboss.el.parser.AstValue.getValue(AstValue.java:67) at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186) at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71) at org.rhq.core.gui.util.FacesExpressionUtility.getValue(FacesExpressionUtility.java:48) at org.rhq.core.gui.util.FacesComponentUtility.getExpressionAttribute(FacesComponentUtility.java:336) at org.rhq.core.gui.configuration.propset.ConfigurationSetComponent.getConfigurationDefinition(ConfigurationSetComponent.java:58) at org.rhq.core.gui.configuration.ConfigRenderer.addChildComponents(ConfigRenderer.java:201) at org.rhq.core.gui.configuration.ConfigRenderer.encodeBegin(ConfigRenderer.java:162) at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:813) at org.ajax4jsf.renderkit.RendererBase.renderChild(RendererBase.java:275) at org.ajax4jsf.renderkit.RendererBase.renderChildren(RendererBase.java:258) at org.ajax4jsf.renderkit.html.AjaxOutputPanelRenderer.encodeChildren(AjaxOutputPanelRenderer.java:78) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:930) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:933) at javax.faces.render.Renderer.encodeChildren(Renderer.java:148) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at org.ajax4jsf.renderkit.RendererBase.renderChild(RendererBase.java:277) at org.ajax4jsf.renderkit.RendererBase.renderChildren(RendererBase.java:258) at org.richfaces.renderkit.html.PanelRenderer.doEncodeChildren(PanelRenderer.java:200) at org.richfaces.renderkit.html.PanelRenderer.doEncodeChildren(PanelRenderer.java:195) at org.ajax4jsf.renderkit.RendererBase.encodeChildren(RendererBase.java:120) at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:837) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:930) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:933) at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:592) at org.rhq.enterprise.gui.common.framework.FaceletRedirectionViewHandler.renderView(FaceletRedirectionViewHandler.java:64) at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:100) at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:176) at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:110) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:530) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:50) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:38) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206) at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:51) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:619) 


Sending back to dev.
Comment 15 John Sanda 2010-07-20 12:04:40 EDT
I get the NPE described in commnent 14 when logged in as user having only CONFIGURE_READ permission as well.
Comment 16 Charles Crouch 2010-07-20 12:44:28 EDT
Ian, can you take a look at John's most recent comment, it may be an existing issue not related to the recent perm changes.
Comment 17 Ian Springer 2010-07-20 13:56:54 EDT
I got the same NPE even when logged in as rhqadmin, so it had nothing to do with authz perms. It turned out to be a one-line fix of a bug that looked like a copy-paste error. 

Commit 13f415c fixes it but has not been pushed to origin yet. A patch containing the commit is attached for dev review.
Comment 18 Ian Springer 2010-07-20 13:57:32 EDT
Created attachment 433230 [details]
patch that fixes this issue
Comment 19 Joseph Marques 2010-07-20 14:01:44 EDT
patch looks kosher ian.  you got my sign-off.
Comment 20 Ian Springer 2010-07-20 14:15:21 EDT
Pushed to release-3.0.0 branch.
Comment 21 John Sanda 2010-07-20 16:38:05 EDT
Retested the scenario reported in comment 14 with build 188 of the ci-rhq-release hudson job. I was able to view the group config updates with rhqadmin, user having CONFIGURE_READ, and a user having CONFIGURE_WRITE.
Comment 22 Sudhir D 2010-07-21 05:47:32 EDT
Created attachment 433358 [details]
Group conifguration update

Verified Comment# 14 on jon-server-2.4.0.GA_QA.zip build# 71. Click on Group config update did not throw any error. I'm attaching the screen shot of the success message. 

Marking the bug verified.
Comment 23 Sudhir D 2010-07-21 05:53:33 EDT
Oh yes, I also verified as config read and config write and was able to see the group config update from history without any error.
Comment 24 John Sanda 2010-07-21 09:14:10 EDT
Sudhir, if you don't mind I'd like to move this back to ON_QA. I have questions about security around some of the CLI apis. I am still working through some scenarios for the CLI.
Comment 25 John Sanda 2010-07-21 09:33:25 EDT
For my no permission user from the CLI I am able to view a resource configuration with,

* ConfigurationManager.getResourceConfiguration
* ConfigurationManager.getConfiguration


In the web ui, my no permission user is not able to view the same resource configuration that he can access from the CLI. I see in the implementation for getResourceConfiguration that we do a security check to see whether or not the user has access to the resource. Looks like we just need to change the permission we are checking.

As for getConfiguration it has no security checks, and I question whether or not we should even expose that in the remote APIs. Since you are just passing in a config id, you could be trying to fetch something other than a resource configuration, maybe like a plugin configuration which my no perm user should be able to access.

Sending back to dev to resolve these issues.
Comment 26 John Sanda 2010-07-21 09:43:05 EDT
Looks like ConfigurationManager.getGroupResourceConfigurationUpdate checks the wrong permission as well as my no permission user is able to access the group configuration through this method.
Comment 29 John Mazzitelli 2010-07-21 17:05:21 EDT
here's a patch of what I think needs to change based on jsanda's last comment (getConfiguration should not be a remote API, and have CONFIG_READ perm checks be performed in the two methods where they are not):

diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerBean.java
index 99e2d5a..a691bd1 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerBean.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerBean.java
@@ -272,7 +272,7 @@ public class ConfigurationManagerBean implements ConfigurationManagerLocal, Conf
             throw new NoResultException("Cannot get live configuration for unknown resource [" + resourceId + "]");
         }
 
-        if (!authorizationManager.canViewResource(subject, resource.getId())) {
+        if (!authorizationManager.hasResourcePermission(subject, Permission.CONFIGURE_READ, resource.getId())) {
             throw new PermissionException("User [" + subject.getName()
                 + "] does not have permission to view resource configuration for [" + resource + "]");
         }
@@ -1980,7 +1980,7 @@ public class ConfigurationManagerBean implements ConfigurationManagerLocal, Conf
         GroupResourceConfigurationUpdate update = getGroupResourceConfigurationById(configurationUpdateId);
 
         int groupId = update.getGroup().getId();
-        if (authorizationManager.canViewGroup(subject, groupId) == false) {
+        if (authorizationManager.hasGroupPermission(subject, Permission.CONFIGURE_READ, groupId) == false) {
             throw new PermissionException("User[" + subject.getName()
                 + "] does not have permission to view group resourceConfiguration[id=" + configurationUpdateId + "]");
         }
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerLocal.java
index 4242153..6a1c114 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerLocal.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerLocal.java
@@ -381,6 +381,8 @@ public interface ConfigurationManagerLocal {
      */
     void checkForTimedOutConfigurationUpdateRequests();
 
+    public Configuration getConfiguration(Subject subject, int configurationId);
+
     // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
     //
     // The following are shared with the Remote Interface
@@ -392,8 +394,6 @@ public interface ConfigurationManagerLocal {
     public GroupResourceConfigurationUpdate getGroupResourceConfigurationUpdate(Subject subject,
         int configurationUpdateId);
 
-    public Configuration getConfiguration(Subject subject, int configurationId);
-
     /**
      * Get the current plugin configuration for the {@link Resource} with the given id, or <code>null</code> if the
      * resource's plugin configuration is not yet initialized.
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerRemote.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerRemote.java
index b25fa9d..b4836c6 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerRemote.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/configuration/ConfigurationManagerRemote.java
@@ -65,11 +65,6 @@ public interface ConfigurationManagerRemote {
         @WebParam(name = "subject") Subject subject, //
         @WebParam(name = "configurationUpdateId") int configurationUpdateId);
 
-    @WebMethod
-    Configuration getConfiguration( //
-        @WebParam(name = "subject") Subject subject, //
-        @WebParam(name = "configurationId") int configurationId);
-
     /**
      * Get the current plugin configuration for the {@link Resource} with the given id, or <code>null</code> if the
      * resource's plugin configuration is not yet initialized.
Comment 30 John Mazzitelli 2010-07-21 17:35:02 EDT
release-3.0.0 branch commit 09963f393cdfd19d2a54d9b6985259a22aa4ecac

three things
       one, change view check to CONFIG_READ check for resource
       two, change view check to *group* CONFIG_READ check
       three, remove getConfiguration from remote interface
Comment 31 Sudhir D 2010-07-23 10:26:04 EDT
I tested both UI and CLI again from the John's test scenarios. Everything looks good. 

I get the message for noperm user correctly for cli as below, 

Wrapped org.rhq.enterprise.server.authz.PermissionException: [Warning] User [noperm] does not have permission to view resource configuration for [Resource[id=10004, type=RHQ Agent, key=RHQ Agent, name=RHQ Agent, parent=Sudhir RHEL5.5, version=3.0.0.GA_QA]] (<Unknown source>#1)
ConfigurationManager.getLatestResourceConfigurationUpdate(10004) 
^

For the group I get below,

Wrapped org.rhq.enterprise.server.authz.PermissionException: [Warning] User[noperm] does not have permission to view group resourceConfiguration[id=10001] (<Unknown source>#1)
ConfigurationManager.getGroupPluginConfigurationUpdate(10001) 

I get and NPE if I give the wrong groupID. As discussed with John Sanda, I've raised Bug 617598 of low priority.

John found another bug with permission and has raised bug 617603

Marking this bug as verified.
Comment 32 John Sanda 2010-07-23 12:31:30 EDT
I think it is worth noting that we can rigorously verify the expected behavior
(at the EJB level where the security checks are performed) with blazing fast
unit tests. And by blazing fast, I mean tests that neither have dependencies on
a database nor on the embedded EJB container. The automated tests that we have for ConfigurationManagerBean in ConfigurationManagerBeanTest all use the overlord so security isn't really exercised. And no new tests were introduced with these code changes.
Comment 33 Corey Welton 2010-08-12 12:45:50 EDT
Mass-closure of verified bugs against JON.

Note You need to log in before you can comment on or make changes to this bug.