Bug 688358 - [JBPAPP-6104] JON 2.4.1: User Database "Save" operation fails, but reports Success
[JBPAPP-6104] JON 2.4.1: User Database "Save" operation fails, but reports S...
Product: JBoss Enterprise Web Server 2
Classification: JBoss
Component: JON Plugin (Show other bugs)
Unspecified Unspecified
medium Severity medium
: ---
: 2.0.1
Assigned To: Jean-frederic Clere
Mike Foley
: 886984 (view as bug list)
Depends On:
Blocks: ews1.0.2 956987 956990
  Show dependency treegraph
Reported: 2011-03-16 17:09 EDT by Ondřej Žižka
Modified: 2014-08-08 00:24 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The add, modify and remove operations in tomcat 6 and 7 do not manipulate the user database as expected. As a result, the JBoss Operations Network interface fails. The plugin logic is now fixed. To ensure JBoss Operations Network works as expected, set <literal>readonly="false"</literal> in the <parameter>UserDatabase</parameter> resource in the <filename>server.xml</filename> file.
Story Points: ---
Clone Of:
Last Closed: 2014-01-03 07:58:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ondřej Žižka 2011-03-16 17:09:10 EDT
Only happens on Tomcat 6. Tomcat 5.5 might be configured differently (user db not read only).
However this is rather RHQ plugin bug.

Tomcat log:

Mar 15, 2011 3:21:38 PM org.apache.catalina.users.MemoryUserDatabase save
SEVERE: User database has been configured to be read only. Changes cannot be saved

RHQ web:

3/15/11, 3:21:40 PM, EDT Save Save current users and groups to persistent storage. Success rhqadmin
Comment 1 Charles Crouch 2012-10-11 15:05:14 EDT
Looking at https://issues.apache.org/bugzilla/show_bug.cgi?id=49436 this 
message seems to be the result of a change in default behaviour between Tomcat 
5 and 6.
In v5 you could persist changes to Tomcat's user/role/group database 
out-of-the-box. However in v6 it appears you need to specify the atrribute 
readonly=false on the <Resource name="UserDatabase" .../> element in the 
server.xml before any changes will persist.
As a workaround we could document the changes that are required to server.xml. 
In the future the plugin could be extended to potentially update the server.xml 
directly to make this change. It looks like this change can't be made via JMX 
which is how we make other configuration updates.
Dropping priority to medium since the issue has a workaround.
Comment 2 Charles Crouch 2012-10-11 15:15:13 EDT
Moved to the JON product BZ to make tracking it easier.
Comment 3 mark yarborough 2012-11-12 15:25:33 EST
myarboro determine owner in EWS product team.
Comment 4 Rémy Maucherat 2012-12-14 11:39:03 EST
*** Bug 886984 has been marked as a duplicate of this bug. ***
Comment 5 Michal Haško 2012-12-17 08:28:41 EST
The issue described in comment#0 still affects tomcat6 even with readonly="false" attribute on the <Resource> tag in server.xml.
Comment 7 Michal Haško 2013-01-08 04:09:50 EST
This issue affects all tomcat{5,6,7} versions.
Comment 9 Michal Haško 2013-04-11 09:28:14 EDT
Isn't this a duplicate of 865459 or 901050?
Comment 10 Jean-frederic Clere 2013-04-17 04:45:32 EDT
It is a duplicate of 865459
Comment 11 Libor Fuka 2013-05-10 09:26:41 EDT
865459 set verified, so this one is also verified
Comment 12 Mandar Joshi 2013-05-14 02:29:12 EDT
Added DocText.

@Wei Nan Li, can you please review the Doc Text content?
Comment 13 Mandar Joshi 2013-05-14 02:45:58 EDT

@Jean-Frederic Clere,  can you please review the Doc Text content?
Comment 14 Jean-frederic Clere 2013-05-14 05:02:23 EDT
"Cause: Removing a tomcat role in JBoss Enterprise Web Server causes the JBoss Operations Network (JON) interface to fail. Restarting tomcat displays the removed role in the tomcat-users.xml file but not in the JBoss Operations Network web interface.

Consequence: Tomcat 6 and Tomcat 7 does not invoke the save operation. Thus, when a tomcat role is removed using the JON web interface, the tomcat-users.xml file does not get updated. When tomcat,restarts, the role is present in the tomcat-users.xml file but not in the JBoss Operations Network web interface.

Fix: ?

Result: When JBoss Operations Network is used to remove a tomcat role, the tomcat-users.xml file updates and the role is removed as expected."

Well that is not OK.

Any operation were affected add, remove and modify, no changes were written in tomcat-users.xml.

Fix: The storeconfig module (delivered as catalina-storeconfig.jar)  has been added back to tomcat6 and tomcat7, users need to activate the corresponding listener in serverx.ml to get the JON feature working.

 <Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
Comment 15 Jean-frederic Clere 2013-05-30 04:05:35 EDT

My Fix comment is wrong, please use the following:

Fix: The plugin logic has been fixed, the user needs to set readonly="false"
in the resource UserDatabase of server.xml to get the JON feature working.
Comment 16 Jean-frederic Clere 2013-05-30 07:20:06 EDT
No the text is still wrong... Sorry I screwed it see comment #15.
Comment 17 Michal Haško 2013-06-12 03:49:16 EDT
I think the first line of the doc text should clearly say that the add/modify/remove operations manipulate the user database.
Currently it sounds as any add/modify/remove operation should update the tomcat-users.xml file, which is of course not true.
Comment 18 Misha H. Ali 2013-06-12 07:38:59 EDT
Updated. Michal, please confirm if the doc_text is now correct.
Comment 19 Michal Haško 2013-06-12 08:33:08 EDT
Thanks, I think the doc text is now correct.

Note You need to log in before you can comment on or make changes to this bug.