[ http://issues.apache.org/jira/browse/GERONIMO-1480?page=all ] Jeff Genender reopened GERONIMO-1480: -------------------------------------
Change fix version > Cross context include does not set jacc contextID for 2nd web app. (Tomcat > only) > -------------------------------------------------------------------------------- > > Key: GERONIMO-1480 > URL: http://issues.apache.org/jira/browse/GERONIMO-1480 > Project: Geronimo > Type: Bug > Components: Tomcat > Versions: 1.0.1, 1.1 > Reporter: David Jencks > Assignee: Jeff Genender > Priority: Blocker > Fix For: 1.1, 1.0.1 > > If you do a cross context include from web app A to web app B, the jacc > contextID fetched from PolicyContext when you evaluate isUserInRole in web > app B is the contextID for A, not B. > Presumably the cross context dispatch does not go through the > PolicyContextValve for B. Here's a thread trace that demonstrates this, with > a couple annotations. > [EMAIL PROTECTED] daemon prio=5, in group "main", status: RUNNING > implies():80, GeronimoPolicy.java > implies():46, JaasPolicyCoordinator.java > implies():189, ProtectionDomain.java > checkPermission():254, AccessControlContext.java > hasRole():248, TomcatGeronimoRealm.java > isUserInRole():2128, Request.java > isUserInRole():761, RequestFacade.java > isUserInRole():163, HttpServletRequestWrapper.java > isUserInRole():163, HttpServletRequestWrapper.java > isUserInRole():163, HttpServletRequestWrapper.java > isUserInRole():163, HttpServletRequestWrapper.java > isUserInRole():265, PortletRequestImpl.java > _jspService():46, roles.jsp > service():97, HttpJspBase.java > service():688, HttpServlet.java > service():322, JspServletWrapper.java > serviceJspFile():314, JspServlet.java > service():264, JspServlet.java > service():688, HttpServlet.java > internalDoFilter():252, ApplicationFilterChain.java > doFilter():173, ApplicationFilterChain.java > invoke():672, ApplicationDispatcher.java > doInclude():574, ApplicationDispatcher.java > include():499, ApplicationDispatcher.java > include():72, JetspeedRequestDispatcher.java > doView():363, GenericServletPortlet.java > doDispatch():250, GenericPortlet.java > render():178, GenericPortlet.java > render():102, JetspeedPortletInstance.java > THIS IS WEB APP B > doGet():230, JetspeedContainerServlet.java > service():595, HttpServlet.java > service():688, HttpServlet.java > internalDoFilter():252, ApplicationFilterChain.java > doFilter():173, ApplicationFilterChain.java > invoke():672, ApplicationDispatcher.java > doInclude():574, ApplicationDispatcher.java > include():499, ApplicationDispatcher.java > THIS IS A INCLUDING B > invoke():213, ServletPortletInvoker.java > render():125, ServletPortletInvoker.java > renderPortlet():119, PortletContainerImpl.java > renderPortlet():120, JetspeedPortletContainerWrapper.java > execute():120, RenderingJobImpl.java > renderNow():110, PortletRendererImpl.java > aggregateAndRender():199, PageAggregatorImpl.java > aggregateAndRender():182, PageAggregatorImpl.java > build():106, PageAggregatorImpl.java > invoke():48, AggregatorValve.java > invokeNext():166, JetspeedPipeline.java > invoke():132, ActionValveImpl.java > invokeNext():166, JetspeedPipeline.java > invoke():76, ContainerValve.java > invokeNext():166, JetspeedPipeline.java > invoke():100, DecorationValve.java > invokeNext():166, JetspeedPipeline.java > invoke():179, ProfilerValveImpl.java > invokeNext():166, JetspeedPipeline.java > invoke():143, LoginValidationValveImpl.java > invokeNext():166, JetspeedPipeline.java > invoke():148, PasswordCredentialValveImpl.java > invokeNext():166, JetspeedPipeline.java > invoke():168, LocalizationValveImpl.java > invokeNext():166, JetspeedPipeline.java > run():117, AbstractSecurityValve.java > doPrivileged():-1, AccessController.java > doAsPrivileged():437, Subject.java > invoke():111, AbstractSecurityValve.java > invokeNext():166, JetspeedPipeline.java > invoke():55, PortalURLValveImpl.java > invokeNext():166, JetspeedPipeline.java > invoke():128, CapabilityValveImpl.java > invokeNext():166, JetspeedPipeline.java > invoke():145, JetspeedPipeline.java > service():231, JetspeedEngine.java > THIS IS WEB APP A: > doGet():226, JetspeedServlet.java > service():595, HttpServlet.java > service():688, HttpServlet.java > internalDoFilter():252, ApplicationFilterChain.java > doFilter():173, ApplicationFilterChain.java > invoke():672, ApplicationDispatcher.java > processRequest():463, ApplicationDispatcher.java > doForward():398, ApplicationDispatcher.java > forward():301, ApplicationDispatcher.java > doForward():693, PageContextImpl.java > forward():660, PageContextImpl.java > _jspService():16, index.jsp > service():97, HttpJspBase.java > service():688, HttpServlet.java > service():322, JspServletWrapper.java > serviceJspFile():314, JspServlet.java > service():264, JspServlet.java > service():688, HttpServlet.java > internalDoFilter():252, ApplicationFilterChain.java > doFilter():173, ApplicationFilterChain.java > invoke():213, StandardWrapperValve.java > invoke():178, StandardContextValve.java > invoke():52, DefaultSubjectValve.java > invoke():432, AuthenticatorBase.java > invoke():262, GeronimoStandardContext.java > invoke():52, PolicyContextValve.java > invoke():53, TransactionContextValve.java > invoke():47, ComponentContextValve.java > invoke():60, InstanceContextValve.java > invoke():126, StandardHostValve.java > invoke():105, ErrorReportValve.java > invoke():107, StandardEngineValve.java > invoke():541, AccessLogValve.java > service():148, CoyoteAdapter.java > process():868, Http11Processor.java > processConnection():663, Http11BaseProtocol.java > processSocket():527, PoolTcpEndpoint.java > runIt():80, LeaderFollowerWorkerThread.java > run():684, ThreadPool.java > run():552, Thread.java > This demonstrates that cross context dispatch should not be used on > geronimo-tomcat until this and related problems are fixed. Aside from the > wrong security permissions being applied, the jndi context is wrong. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira