This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 729965 - Error in server log on clicking a resource link by a user having access to the resource
Error in server log on clicking a resource link by a user having access to th...
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
4.1
Unspecified Unspecified
urgent Severity medium (vote)
: ---
: ---
Assigned To: Ian Springer
Mike Foley
:
Depends On:
Blocks: rhq41 rhq41-ui
  Show dependency treegraph
 
Reported: 2011-08-11 08:19 EDT by Sunil Kondkar
Modified: 2013-08-05 20:40 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-02-07 14:28:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Screenshot (59.28 KB, image/png)
2011-08-11 08:20 EDT, Sunil Kondkar
no flags Details

  None (edit)
Description Sunil Kondkar 2011-08-11 08:19:28 EDT
Description of problem:

Created a role with default permissions and added a user and a compatible resource group(Ex: RHQ AGENT) to the role. Logged in to RHQ as the user added. When navigated to the 'Inventory' tab of the resource group and clicked on the resource name link, it did not render the resource tree and did not display the resource details. 

The server log displays below:

2011-08-11 15:59:54,355 ERROR [org.hibernate.hql.PARSER]  Unable to locate appropriate constructor on class [org.rhq.core.domain.resource.composite.ResourceComposite]
[cause=org.hibernate.PropertyNotFoundException: no appropriate constructor in class: org.rhq.core.domain.resource.composite.ResourceComposite]
2011-08-11 15:59:54,359 WARN  [gwt-log] Sending exception to client: [1313058594358] 
javax.ejb.EJBException: java.lang.IllegalArgumentException: org.hibernate.hql.ast.QuerySyntaxException: Unable to locate appropriate constructor on class [org.rhq.core.domain.resource.composite.ResourceComposite] [SELECT  new org.rhq.core.domain.resource.composite.ResourceComposite(   resource,    resource.currentAvailability.availabilityType,    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 8 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 4 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 10 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 7 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 14 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 13 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 11 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 9 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 6 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 5 ))
FROM org.rhq.core.domain.resource.Resource resource
WHERE ( resource.id = :id 
AND resource.inventoryStatus = :inventoryStatus )
 AND ( resource.id IN ( SELECT innerAlias.id 
                    FROM resource innerAlias 
                    JOIN innerAlias.implicitGroups g JOIN g.roles r JOIN r.subjects s 
                   WHERE s.id = 10001 ) )

]
	at org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:63)
	at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83)
	at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
	at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240)
	at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210)
	at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84)
	at $Proxy335.findResourceCompositesByCriteria(Unknown Source)
	at org.rhq.enterprise.gui.coregui.server.gwt.ResourceGWTServiceImpl.findResourceCompositesByCriteria(ResourceGWTServiceImpl.java:138)
	at sun.reflect.GeneratedMethodAccessor515.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:562)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:188)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:224)
	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
	at org.rhq.enterprise.gui.coregui.server.gwt.AbstractGWTServiceImpl.service(AbstractGWTServiceImpl.java:82)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	at sun.reflect.GeneratedMethodAccessor283.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
	at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
	at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283)
	at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
	at org.rhq.enterprise.gui.coregui.server.filter.CacheControlFilter.doFilter(CacheControlFilter.java:70)
	at sun.reflect.GeneratedMethodAccessor292.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
	at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
	at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
	at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
	at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124)
	at sun.reflect.GeneratedMethodAccessor287.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
	at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
	at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
	at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at sun.reflect.GeneratedMethodAccessor286.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
	at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
	at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
	at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.IllegalArgumentException: org.hibernate.hql.ast.QuerySyntaxException: Unable to locate appropriate constructor on class [org.rhq.core.domain.resource.composite.ResourceComposite] [SELECT  new org.rhq.core.domain.resource.composite.ResourceComposite(   resource,    resource.currentAvailability.availabilityType,    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 8 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 4 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 10 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 7 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 14 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 13 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 11 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 9 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 6 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 5 ))
FROM org.rhq.core.domain.resource.Resource resource
WHERE ( resource.id = :id 
AND resource.inventoryStatus = :inventoryStatus )
 AND ( resource.id IN ( SELECT innerAlias.id 
                    FROM resource innerAlias 
                    JOIN innerAlias.implicitGroups g JOIN g.roles r JOIN r.subjects s 
                   WHERE s.id = 10001 ) )

]
	at org.hibernate.ejb.AbstractEntityManagerImpl.throwPersistenceException(AbstractEntityManagerImpl.java:616)
	at org.hibernate.ejb.AbstractEntityManagerImpl.createQuery(AbstractEntityManagerImpl.java:95)
	at org.jboss.ejb3.entity.TransactionScopedEntityManager.createQuery(TransactionScopedEntityManager.java:134)
	at org.rhq.enterprise.server.util.CriteriaQueryGenerator.getQuery(CriteriaQueryGenerator.java:743)
	at org.rhq.enterprise.server.util.CriteriaQueryRunner.getCollection(CriteriaQueryRunner.java:98)
	at org.rhq.enterprise.server.util.CriteriaQueryRunner.execute(CriteriaQueryRunner.java:69)
	at org.rhq.enterprise.server.resource.ResourceManagerBean.findResourceCompositesByCriteria(ResourceManagerBean.java:2461)
	at sun.reflect.GeneratedMethodAccessor516.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
	at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
	at org.rhq.enterprise.server.common.PerformanceMonitorInterceptor.monitorHibernatePerformance(PerformanceMonitorInterceptor.java:32)
	at sun.reflect.GeneratedMethodAccessor187.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
	at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77)
	at sun.reflect.GeneratedMethodAccessor186.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
	at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:156)
	at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
	at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
	... 96 more
Caused by: org.hibernate.hql.ast.QuerySyntaxException: Unable to locate appropriate constructor on class [org.rhq.core.domain.resource.composite.ResourceComposite] [SELECT  new org.rhq.core.domain.resource.composite.ResourceComposite(   resource,    resource.currentAvailability.availabilityType,    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 8 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 4 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 10 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 7 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 14 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 13 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 11 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 9 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 6 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 5 ))
FROM org.rhq.core.domain.resource.Resource resource
WHERE ( resource.id = :id 
AND resource.inventoryStatus = :inventoryStatus )
 AND ( resource.id IN ( SELECT innerAlias.id 
                    FROM resource innerAlias 
                    JOIN innerAlias.implicitGroups g JOIN g.roles r JOIN r.subjects s 
                   WHERE s.id = 10001 ) )

]
	at org.hibernate.hql.ast.QuerySyntaxException.convert(QuerySyntaxException.java:31)
	at org.hibernate.hql.ast.QuerySyntaxException.convert(QuerySyntaxException.java:24)
	at org.hibernate.hql.ast.ErrorCounter.throwQueryException(ErrorCounter.java:59)
	at org.hibernate.hql.ast.QueryTranslatorImpl.analyze(QueryTranslatorImpl.java:235)
	at org.hibernate.hql.ast.QueryTranslatorImpl.doCompile(QueryTranslatorImpl.java:160)
	at org.hibernate.hql.ast.QueryTranslatorImpl.compile(QueryTranslatorImpl.java:111)
	at org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:77)
	at org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:56)
	at org.hibernate.engine.query.QueryPlanCache.getHQLQueryPlan(QueryPlanCache.java:72)
	at org.hibernate.impl.AbstractSessionImpl.getHQLQueryPlan(AbstractSessionImpl.java:133)
	at org.hibernate.impl.AbstractSessionImpl.createQuery(AbstractSessionImpl.java:112)
	at org.hibernate.impl.SessionImpl.createQuery(SessionImpl.java:1623)
	at org.hibernate.ejb.AbstractEntityManagerImpl.createQuery(AbstractEntityManagerImpl.java:92)
	... 128 more
l.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
	at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
	at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
	at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
	at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
	at java.security.AccessController.doPrivileged(Native Method)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.IllegalArgumentException: org.hibernate.hql.ast.QuerySyntaxException: Unable to locate appropriate constructor on class [org.rhq.core.domain.resource.composite.ResourceComposite] [SELECT  new org.rhq.core.domain.resource.composite.ResourceComposite(   resource,    resource.currentAvailability.availabilityType,    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 8 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 4 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 10 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 7 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 14 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 13 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 11 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 9 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 6 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 5 ))
FROM org.rhq.core.domain.resource.Resource resource
WHERE ( resource.id = :id 
AND resource.inventoryStatus = :inventoryStatus )
 AND ( resource.id IN ( SELECT innerAlias.id 
                    FROM resource innerAlias 
                    JOIN innerAlias.implicitGroups g JOIN g.roles r JOIN r.subjects s 
                   WHERE s.id = 10001 ) )

]
	at org.hibernate.ejb.AbstractEntityManagerImpl.throwPersistenceException(AbstractEntityManagerImpl.java:616)
	at org.hibernate.ejb.AbstractEntityManagerImpl.createQuery(AbstractEntityManagerImpl.java:95)
	at org.jboss.ejb3.entity.TransactionScopedEntityManager.createQuery(TransactionScopedEntityManager.java:134)
	at org.rhq.enterprise.server.util.CriteriaQueryGenerator.getQuery(CriteriaQueryGenerator.java:743)
	at org.rhq.enterprise.server.util.CriteriaQueryRunner.getCollection(CriteriaQueryRunner.java:98)
	at org.rhq.enterprise.server.util.CriteriaQueryRunner.execute(CriteriaQueryRunner.java:69)
	at org.rhq.enterprise.server.resource.ResourceManagerBean.findResourceCompositesByCriteria(ResourceManagerBean.java:2461)
	at sun.reflect.GeneratedMethodAccessor516.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112)
	at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166)
	at org.rhq.enterprise.server.common.PerformanceMonitorInterceptor.monitorHibernatePerformance(PerformanceMonitorInterceptor.java:32)
	at sun.reflect.GeneratedMethodAccessor187.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
	at org.rhq.enterprise.server.common.TransactionInterruptInterceptor.addCheckedActionToTransactionManager(TransactionInterruptInterceptor.java:77)
	at sun.reflect.GeneratedMethodAccessor186.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
	at org.rhq.enterprise.server.authz.RequiredPermissionsInterceptor.checkRequiredPermissions(RequiredPermissionsInterceptor.java:156)
	at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118)
	at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
	at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
	... 96 more
Caused by: org.hibernate.hql.ast.QuerySyntaxException: Unable to locate appropriate constructor on class [org.rhq.core.domain.resource.composite.ResourceComposite] [SELECT  new org.rhq.core.domain.resource.composite.ResourceComposite(   resource,    resource.currentAvailability.availabilityType,    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 8 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 4 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 10 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 7 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 14 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 13 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 11 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 9 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 6 ),    ( SELECT count(p) FROM resource.implicitGroups g JOIN g.roles r JOIN r.subjects s JOIN r.permissions p WHERE s.id = 10001 AND p = 5 ))
FROM org.rhq.core.domain.resource.Resource resource
WHERE ( resource.id = :id 
AND resource.inventoryStatus = :inventoryStatus )
 AND ( resource.id IN ( SELECT innerAlias.id 
                    FROM resource innerAlias 
                    JOIN innerAlias.implicitGroups g JOIN g.roles r JOIN r.subjects s 
                   WHERE s.id = 10001 ) )

]
	at org.hibernate.hql.ast.QuerySyntaxException.convert(QuerySyntaxException.java:31)
	at org.hibernate.hql.ast.QuerySyntaxException.convert(QuerySyntaxException.java:24)
	at org.hibernate.hql.ast.ErrorCounter.throwQueryException(ErrorCounter.java:59)
	at org.hibernate.hql.ast.QueryTranslatorImpl.analyze(QueryTranslatorImpl.java:235)
	at org.hibernate.hql.ast.QueryTranslatorImpl.doCompile(QueryTranslatorImpl.java:160)
	at org.hibernate.hql.ast.QueryTranslatorImpl.compile(QueryTranslatorImpl.java:111)
	at org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:77)
	at org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:56)
	at org.hibernate.engine.query.QueryPlanCache.getHQLQueryPlan(QueryPlanCache.java:72)
	at org.hibernate.impl.AbstractSessionImpl.getHQLQueryPlan(AbstractSessionImpl.java:133)
	at org.hibernate.impl.AbstractSessionImpl.createQuery(AbstractSessionImpl.java:112)
	at org.hibernate.impl.SessionImpl.createQuery(SessionImpl.java:1623)
	at org.hibernate.ejb.AbstractEntityManagerImpl.createQuery(AbstractEntityManagerImpl.java:92)
	... 128 more
-------------------------------------------


Version-Release number of selected component (if applicable):

Build: rhq 4.1.0 beta build#47 (Version: 4.1.0.Beta Build Number: a0c6101)

Browser: Firefox 3.6.3
Database: Postgres 8.4.2
OS: Fedora13
java version: 1.6.0_18

How reproducible:

Always

Steps to Reproduce:

1. Login to RHQ as rhqadmin.
2. Create a compatible group of resource. ( I created a compatible group with one RHQ Agent resource)
3. Create a user 'testuser'.
4. Create a role with default permissions.
5. Add the resource group and the user to the role
6. Login to RHQ as the user 'testuser'.
7. Navigate to the 'Inventory' tab of the compatible group.
8. Click on the resource name link 'RHQ AGENT'.
9. It navigates to the 'Inventory' main menu and does not render the resource tree and the server log displays error.

  
Actual results:

It does not render the resource tree and the server log displays error.

Expected results:

It should render the resource tree and no error in the server log.

Additional info:

1. Observed the same issue when the same user 'testuser' clicks the resource link 'RHQ AGENT' in 'Inventory'->Resources->Servers->resource name link.

2. There is another link for platform name in 'Ancestry' column. Clicking on the link displays the same error in server log.
 This link should be disabled for the user 'testuser' as the user does not have permissions to access the platform. Please refer the screenshot for the links.
Comment 1 Sunil Kondkar 2011-08-11 08:20:12 EDT
Created attachment 517781 [details]
Screenshot
Comment 2 Ian Springer 2011-08-11 15:49:28 EDT
[master b7d5d48] (http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commit;h=b7d5d48) fixes the issue with a non-admin user not being able to view Resources they are authorized to view. It turned out to be a regression caused by the recent drift work.

As for the user being able to click on Ancestry Resource links for Resources they are not authorized to view, this is a known issue and one we do not currently plan on fixing. Here's a discussion I had w/ Jay on IRC:

(03:09:55 PM) ips: jshaughn1: part of a bz i'm looking at is that resources in the ancestry field are links even if the current user doesn't have authz to view the resources
(03:10:46 PM) jshaughn1: ips: that's a known
(03:10:51 PM) ips: was that an oversight or something you chose not to address for some reason?
(03:10:58 PM) jshaughn1: I'm not sure we really want to do anything about that
(03:11:17 PM) jshaughn1: yeah, it didn't seem worthwhile to worry about that
(03:11:27 PM) jshaughn1: it's true they can get a lazy exception
(03:11:38 PM) jshaughn1: if they try to nav to a place they can't get to
(03:11:39 PM) ips: yeah, it seems you could deal with it either by including another boolean in the ancestry field (eg - authorizedToView)
(03:11:52 PM) ips: or making some extra calls to the server from coregui
(03:12:02 PM) jshaughn1: it's more a matter of having to take that hit
(03:12:21 PM) jshaughn1: for what I perceive is little gain
(03:12:32 PM) mazz: wouldn't that require additional server-side access to determine that?
(03:12:34 PM) ips: the former would suck because you'd have to worry about refreshing that boolean whenever perms got changed
(03:12:43 PM) jshaughn1: yes, ips
(03:12:51 PM) jshaughn1: so, that leads to the next topic
(03:13:06 PM) ips: and the latter would suck for the usual hassle of making multiple async calls
(03:13:10 PM) jshaughn1: in my mind we would perhaps be able to do this efficiently if/when we flatten permissions
(03:13:32 PM) jshaughn1: pre-computing the permission matrix would make it potentially feasible
(03:14:05 PM) jshaughn1: I'm pretty much pro-flattening the user-resource-perm mappings
(03:14:09 PM) ips: like in a bitmap as a field on Resource?
(03:14:46 PM) jshaughn1: probably not that, more like as a straight relational representation that would make for easy efficient joins
(03:15:03 PM) ips: well i guess they would be different per Role
(03:15:14 PM) jshaughn1: no, I think it would be the union
(03:15:44 PM) jshaughn1: basically flattening todays role-group-resource-user perm joins
(03:16:12 PM) jshaughn1: and keeping it up to date on perm and inventory changes
(03:17:38 PM) jshaughn1: and then, perhaps, updating the ancestry pre-compute stuff to maybe do the perm checking in advance, not sure.
(03:18:10 PM) jshaughn1: not sure about tying the two precomputes together or not
(03:18:24 PM) ips: besides the ancestry use case, what other advantages would there be?
(03:18:34 PM) ips: just the improved perf of not having to do those joins?
(03:21:39 PM) pilhuhn: jshaughn1 +1
(03:21:52 PM) jshaughn1: ips - yes
(03:21:53 PM) pilhuhn: ips we are doing those crappy joins on basically every server call


I noticed another related issue where when you to try to view a Resource you don't have authz to view, you get a nasty uncaught server exception error. This is one I think we should fix. See https://bugzilla.redhat.com/show_bug.cgi?id=730112.
Comment 3 Sunil Kondkar 2011-08-12 07:44:21 EDT
Verified on build#279 (Version: 4.1.0-SNAPSHOT Build Number: fb70d80)

When the authorized user clicks on the resource name link in Inventory tab of the group or clicks on the resource name link in 'Inventory'->Resources->Servers->resource name link, the resource tree is rendered and there is no error in server log.

Marking as verified.
Comment 4 Mike Foley 2012-02-07 14:28:45 EST
changing status of VERIFIED BZs for JON 2.4.2 and JON 3.0 to CLOSED/CURRENTRELEASE

Note You need to log in before you can comment on or make changes to this bug.