Bug 627391 - Users with a valid role is unable to view Tomcat AutoGroup graphs and tables
Users with a valid role is unable to view Tomcat AutoGroup graphs and tables
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Core Server (Show other bugs)
3.0.0
All All
medium Severity medium (vote)
: ---
: ---
Assigned To: RHQ Project Maintainer
Corey Welton
:
Depends On:
Blocks: jon241-bugs 649825 rhq401
  Show dependency treegraph
 
Reported: 2010-08-25 18:46 EDT by Larry O'Leary
Modified: 2011-05-23 21:17 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 649825 (view as bug list)
Environment:
JBoss Operations Network version: 2.4.0.GA build number: 10927:8fb6059 Apache Tomcat 5.5.23 jopr-tomcat-plugin-3.0.0.GA.jar
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Relevant server log in debug mode with error at 2010-08-26 02:22:19,078 (78.38 KB, application/octet-stream)
2010-08-25 18:46 EDT, Larry O'Leary
no flags Details
Screen shot showing Monitor -> Graphs page as rhqadmin user (71.58 KB, image/png)
2010-08-25 18:46 EDT, Larry O'Leary
no flags Details
Screen shot showing Monitor -> Tables page as rhqadmin user (76.60 KB, image/png)
2010-08-25 18:47 EDT, Larry O'Leary
no flags Details
Screen shot showing Monitor -> Graphs page as non-rhqadmin user (52.83 KB, image/png)
2010-08-25 18:48 EDT, Larry O'Leary
no flags Details
Screen shot showing Monitor -> Tables page as non-rhqadmin user (18.03 KB, image/png)
2010-08-25 18:48 EDT, Larry O'Leary
no flags Details
screenshot_graph (74.94 KB, image/png)
2011-05-20 03:41 EDT, Sunil Kondkar
no flags Details

  None (edit)
Description Larry O'Leary 2010-08-25 18:46:00 EDT
Created attachment 441068 [details]
Relevant server log in debug mode with error at 2010-08-26 02:22:19,078

Description of problem:
A user who has a role which contains a compatible group definition with Tomcat Server resources is unable to see any metric graphs and when selecting the Tables view the following error is displayed:

QueryParameterException
could not locate named parameter [subject]
You can view the stack trace, return to the previous page, Dashboard, or Browse Resources page.

The following stack trace is also available in the UI:

javax.el.ELException: /rhq/common/monitor/tables.xhtml @52,103 value="#{MetricsTableUIBean.metricSummaries}": Error reading 'metricSummaries' on type org.rhq.enterprise.gui.measurement.tables.MetricsTableUIBean
javax.faces.FacesException: javax.el.ELException: /rhq/common/monitor/tables.xhtml @52,103 value="#{MetricsTableUIBean.metricSummaries}": Error reading 'metricSummaries' on type org.rhq.enterprise.gui.measurement.tables.MetricsTableUIBean


Complete stack can be found in attached log snippet.

Version-Release number of selected component (if applicable):
3.0.0

How reproducible:
Always

Steps to Reproduce:
   #  Install and configure JON 2.4
   #  Install Tomcat (test case used tomcat5 RPM 5.5.23 from RHEL5 repository)
   #  Add Tomcat to inventory (test case imported Tomcat manually)
   #  Create a new user account (Administration -> Security -> Users >> New...):
         Name:             My User
         Email:            myuser@mydomain.com
         Password:         123456
         Enable Login:     Yes
         Username:         myuser
   #  Create new resource group (Groups -> New Group Definition):
         Name:             Tomcat Servers
         Recursive:        Yes
   #  Add group definition condition:
         Group Definition Conditions:
            groupby resource.parent.trait[Trait.hostname]
            resource.type.plugin=Tomcat
            resource.type.name=Tomcat Server
   #  Calculate groups
   #  Confirm that at least one group was created containing at least 1 child
   #  Create a new role (Administration -> Security -> Roles >> New...):
         Name:             Tomcat Managers
         Manage bundles:   Yes
         Modify            Yes
         Delete            Yes
         Create Children   Yes
         Alert             Write
         Measure           Write
         Content           Write
         Control           Write
         Configure         Read
   #  Add user to new role (Assigned Users >> Add To List...):
         Users:            myuser
   #  Add group(s) to new role (Assigned Resource Groups >> Add To List...):
         Groups:           DynaGroup - Tomcat Servers ( hostname )
   #  Navigate to Resources -> Servers
   #  Click on Tomcat Server resource
   #  Expand and select Tomcat Server resource -> Tomcat Connector
   #  Select Monitor -> Graphs tab
   #  Verify Tomcat Connector resource is available and graphs are being displayed (TomcatConnector_Monitor-Graphs_rhqadmin.png)
   #  Select Monitor -> Tables tab
   #  Verify tables are being displayed with data (TomcatConnector_Monitor-Tables_rhqadmin.png)
   #  Logout
   #  Login as myuser/123456
   #  Navigate to Resources -> Servers
   #  Click on Tomcat Server resource
   #  Expand and select Tomcat Server resource -> Tomcat Connector
   #  Select Monitor -> Graphs tab
   #  Notice that availability appears but graphs do not (TomcatConnector_Monitor-Graphs_myuser.png)
   #  Select Monitor -> Tables tab
   #  Notice the "QueryParameterException could not locate named parameter [subject]" error message (TomcatConnector_Monitor-Tables_myuser.png)
      Relevant server log at debug is attached (rhq-server-debug.log)
  
Actual results:
Non-superuser sees no Tomcat AutoGroup metric graphs and strange exception when attempting to view metric tables.

Expected results:
Metric graphs and metric tables as non-superuser

Additional info:
This issue may not be limited to the AutoGroup displays of a Tomcat server and may not occur if other role permissions are used.  The testing was limited to this specific use-case.
Comment 1 Larry O'Leary 2010-08-25 18:46:56 EDT
Created attachment 441069 [details]
Screen shot showing Monitor -> Graphs page as rhqadmin user
Comment 2 Larry O'Leary 2010-08-25 18:47:34 EDT
Created attachment 441070 [details]
Screen shot showing Monitor -> Tables page as rhqadmin user
Comment 3 Larry O'Leary 2010-08-25 18:48:13 EDT
Created attachment 441071 [details]
Screen shot showing Monitor -> Graphs page as non-rhqadmin user
Comment 4 Larry O'Leary 2010-08-25 18:48:45 EDT
Created attachment 441072 [details]
Screen shot showing Monitor -> Tables page as non-rhqadmin user
Comment 6 John Sanda 2010-08-26 09:51:27 EDT
The underlying bug is in a JPAQL query that excecutes in AuthorizationManagerBean.canViewAutoGroup. The relevant part of the exception is,

Caused by: java.lang.IllegalArgumentException: org.hibernate.QueryParameterException: could not locate named parameter [subject]
	at org.hibernate.ejb.QueryImpl.setParameter(QueryImpl.java:176)
	at org.rhq.enterprise.server.authz.AuthorizationManagerBean.canViewAutoGroup(AuthorizationManagerBean.java:212)

The problem is that the method is trying to bind the subject id to a named parameter "subject" but the named parameter as defined in the query is actually "subjectId".

I am investigating possible workarounds.
Comment 7 Charles Crouch 2010-11-01 23:59:50 EDT
From looking at the git commits for JON2.4.1 (release3 branch) I believe this is fixed in there. 
John, please shout if thats not the case. Also please confirm whether this fix is also in master?
Comment 8 John Sanda 2010-11-02 09:08:11 EDT
The commit hashes (in the release3 branch) for the work are,

da4c70da6d11ec2a8f1a18dba5bdecd4e31337ee
ff677500c349d4c6e3908e27fa728251bd55a674


It does not appear that they have been merged into master yet.
Comment 9 Charles Crouch 2010-11-04 12:06:13 EDT
Ready for testing from the release3 branch
Comment 10 Rajan Timaniya 2010-11-08 09:07:33 EST
Tested on RHQ-Rel build #422
(http://hudson-qe.rhq.rdu.redhat.com:8080/view/RHQ/job/ci-rhq-release/422/)

Observation:
Non-super can see metric graphs and metric tables of Tomcat AutoGroup. 
There isn't any exception when attempting to view metric tables/graphs.
Comment 11 Rajan Timaniya 2010-11-08 09:09:05 EST
Observation:
Non-superuser can see metric graphs and metric tables of Tomcat AutoGroup. 
There isn't any exception when attempting to view metric tables/graphs.
Comment 12 Rajan Timaniya 2010-11-09 03:21:23 EST
Verified on RHQ-Rel (RHQ 3.0.1) build #422

It works as expected so making this bug as verified.
Comment 13 Sunil Kondkar 2010-11-23 07:48:16 EST
Reverified this against jon-server-2.4.1-SNAPSHOT build# 24. 

The metric graphs and tables of Tomcat AutoGroup are displayed to the non-superuser.
No exception is observed when attempting to view metric tables/graphs.
Comment 14 Charles Crouch 2011-05-19 20:49:56 EDT
Setting this back to ON_QA for testing in rhq401, since ips checked this into release-4.0.0 branch:

http://git.fedorahosted.org/git?p=rhq/rhq.git;a=commit;h=079818ad45eda07cd1a6190ac571c6e24c58d885
http://git.fedorahosted.org/git?p=rhq/rhq.git;a=commit;h=8447359984ff3925311ef8e82f1663cbff783dee
Comment 15 Sunil Kondkar 2011-05-20 03:40:24 EDT
Verified on build#38 (Version: 4.0.1-SNAPSHOT Build Number: a104cdf)

The metric graphs and tables of Tomcat AutoGroup are displayed to the
non-superuser.

The metric graph and tables in Tomcat connectors->Monitoring tab are displayed properly and no exception is observed when attempting to view metric tables/graphs.

Attaching a screenshot for display of graph to the non-superuser.

Marking as verified.
Comment 16 Sunil Kondkar 2011-05-20 03:41:20 EDT
Created attachment 500010 [details]
screenshot_graph
Comment 17 Corey Welton 2011-05-23 21:17:38 EDT
Bookkeeping - closing bug - fixed in recent release.
Comment 18 Corey Welton 2011-05-23 21:17:38 EDT
Bookkeeping - closing bug - fixed in recent release.
Comment 19 Corey Welton 2011-05-23 21:17:41 EDT
Bookkeeping - closing bug - fixed in recent release.
Comment 20 Corey Welton 2011-05-23 21:17:41 EDT
Bookkeeping - closing bug - fixed in recent release.

Note You need to log in before you can comment on or make changes to this bug.