Hi Reto With revision 1425426 [1] I changed the SolrYard to use AccessController.doPrivileged(..) on every request to the SolrServer. As expected this has solved the problems (see also STANBOL-863 [2]).
However the build will still be unstable as the Issue with the org.apache.stanbol.enhancer.it.BenchmarkTest.testBenchmark(..) still persists. best Rupert [1] http://svn.apache.org/viewvc?rev=1425426&view=rev [2] https://issues.apache.org/jira/browse/STANBOL-863 On Sat, Dec 22, 2012 at 3:44 PM, Reto Bachmann-Gmür <[email protected]> wrote: > Hi Rupert > > thanks for checking. > > In this case the solution is to access the files in a priveleged code > block. Possibly checking for a specific EntityHub-Read permission first. > See http://stanbol.apache.org/development/security.html for an example. > > Cheers, > reto > > On Sat, Dec 22, 2012 at 11:56 AM, Rupert Westenthaler < > [email protected]> wrote: > >> I looked into the EntityhubTests problem >> >> The problem occurs when storing the first Entity at: >> >> Caused by: org.apache.stanbol.entityhub.servicesapi.yard.YardException: >> Exception while adding Document to Solr >> at >> org.apache.stanbol.entityhub.yard.solr.impl.SolrYard.store(SolrYard.java:1170) >> >> >> The root cause is that the SolrCore does not have File read >> permissions in the instanceDir >> >> Caused by: java.security.AccessControlException: access denied >> (java.io.FilePermission >> >> {stanbol-working-dir}/stanbol/indexes/default/entityhub-2012.12.22/data/index.properties >> read) >> at >> java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) >> [..] >> at java.io.File.exists(File.java:731) >> at org.apache.solr.core.SolrCore.getNewIndexDir(SolrCore.java:197) >> >> >> The problem here is that it is not really possible to apply explicit >> read/write permissions to the Solr instanceDir at SolrYard.store(..) >> because this component does not know the directory. The SolrYard can >> also be configured to use an remove SolrServer (via the RESTful >> interface). >> >> Any Idea how to deal with this? >> Rupert >> >> On Fri, Dec 21, 2012 at 8:09 PM, Reto Bachmann-Gmür <[email protected]> >> wrote: >> > Regarding the first problem: The requestes permission is an >> > org.osgi.framework.AdminPermission for the action "context". >> > >> > Now there are 3 options: >> > - Give the user anonymous this permission >> > - Execute this code block as priviledged >> > - perform the request as admin >> > >> > For now I've just added the admin/admin authentication to >> StanbolTestBase. >> > >> > Now I see the following errors: >> > >> > BenchmarkTest >> > >> > <pre> Unable to find resource >> > '/velocity/benchmark-results.html'</pre></p><h3>Caused >> > by:</h3><pre>org.apache.velocity.exception.ResourceNotFoundException: >> > Unable to find resource '/velocity/benchmark-results.html' >> > at >> > >> org.apache.velocity.runtime.resource.ResourceManagerImpl.loadResource(ResourceManagerImpl.java:474) >> > at >> > >> org.apache.velocity.runtime.resource.ResourceManagerImpl.getResource(ResourceManagerImpl.java:352) >> > at >> > >> org.apache.velocity.runtime.RuntimeInstance.getTemplate(RuntimeInstance.java:1533) >> > at >> > >> org.apache.velocity.runtime.RuntimeInstance.getTemplate(RuntimeInstance.java:1514) >> > at >> > >> org.apache.velocity.app.VelocityEngine.getTemplate(VelocityEngine.java:373) >> > at >> > >> org.apache.stanbol.enhancer.benchmark.impl.BenchmarkServlet.doPost(BenchmarkServlet.java:217) >> > >> > There's also a problem in >> org.apache.stanbol.enhancer.it.MultiThreadedTest >> > of unclear reason and multiple response codes are not matched in >> > EntityhubTests. I couldn't find out what exactly is causing these >> problems. >> > >> > Any idea? >> > >> > Cheers, >> > Reto >> > >> > >> > >> > >> > >> > On Fri, Dec 21, 2012 at 3:28 PM, Rupert Westenthaler < >> > [email protected]> wrote: >> > >> >> Maybe it helps. the ServiceTracker that encounters the >> >> "java.security.AccessControlException: access denied" is also tracking >> >> Services of other Classloaders (meaning that open(true) is called) >> >> Maybe tracking Services with other classloaders requires an additional >> >> permission. >> >> >> >> best >> >> Rupert >> >> >> >> On Fri, Dec 21, 2012 at 3:13 PM, Reto Bachmann-Gmür <[email protected]> >> >> wrote: >> >> > Off the top of my head: Bundle.getResource returns null when the user >> >> > doesn't have the required permssion and is thus indistinguishable from >> >> when >> >> > the resource is missing. Maybe we need giving more permission to the >> >> > anonymous user. >> >> > >> >> > Sorry, I have to run, my son and my dog are waiting to get out. >> >> > >> >> > Cheers, >> >> > Reto >> >> > >> >> > On Fri, Dec 21, 2012 at 2:37 PM, Rupert Westenthaler < >> >> > [email protected]> wrote: >> >> > >> >> >> There is also an other exception related to the contenthub >> >> >> >> >> >> 21.12.2012 12:37:24.260 *WARN* [22953412@qtp-5311938-0] >> >> >> org.apache.felix.http.jetty / (java.lang.RuntimeException: >> >> >> freemarker.template.TemplateException: Error reading included file >> >> >> imports/contenthubDescription.ftl) java.lang.RuntimeException: >> >> >> freemarker.template.TemplateException: Error reading included file >> >> >> imports/contenthubDescription.ftl >> >> >> at >> >> >> >> >> >> org.apache.stanbol.commons.ldpathtemplate.LdRenderer.renderPojo(LdRenderer.java:176) >> >> >> at >> >> >> >> >> >> org.apache.stanbol.commons.viewable.mbw.ViewableWriter.writeTo(ViewableWriter.java:66) >> >> >> at >> >> >> >> >> >> org.apache.stanbol.commons.viewable.mbw.ViewableWriter.writeTo(ViewableWriter.java:38) >> >> >> at >> >> >> >> >> >> com.sun.jersey.spi.container.ContainerResponse.write(ContainerResponse.java:306) >> >> >> [..] >> >> >> Caused by: freemarker.template.TemplateException: Error reading >> >> >> included file imports/contenthubDescription.ftl >> >> >> at freemarker.core.Include.accept(Include.java:167) >> >> >> [..] >> >> >> Caused by: java.io.FileNotFoundException: Template >> >> >> imports/contenthubDescription.ftl not found. >> >> >> at >> freemarker.template.Configuration.getTemplate(Configuration.java:580) >> >> >> at >> >> >> >> >> >> freemarker.core.Environment.getTemplateForInclusion(Environment.java:1490) >> >> >> >> >> >> but other than that things look fine >> >> >> >> >> >> The full log is available from >> >> >> >> >> >> >> >> >> https://builds.apache.org/job/stanbol-trunk-1.6/ws/trunk/integration-tests/target/launchdir/stanbol/logs/ >> >> >> until the next build >> >> >> >> >> >> best >> >> >> Rupert >> >> >> >> >> >> On Fri, Dec 21, 2012 at 2:19 PM, Rupert Westenthaler >> >> >> <[email protected]> wrote: >> >> >> > Hi all, >> >> >> > >> >> >> > In the currently running Jenkins build the integration test do hang >> >> >> > because the contenthub in unable to start. When looking at the >> logging >> >> >> > I see >> >> >> > >> >> >> > 21.12.2012 13:11:48.835 *DEBUG* [4832582@qtp-5311938-35] >> >> >> > freemarker.cache Compiling FreeMarker template >> >> >> > "imports/common.ftl"["en_US",utf-8,parsed] from >> >> >> > "bundle://76.0:1/templates/imports/common.ftl" >> >> >> > 21.12.2012 13:11:48.839 *DEBUG* [4832582@qtp-5311938-35] >> >> >> > org.apache.stanbol.commons.security.auth.AuthenticatingFilter >> >> >> > filtering request >> >> >> > 21.12.2012 13:11:48.840 *DEBUG* [4832582@qtp-5311938-35] >> >> >> > org.apache.stanbol.commons.security.auth.AuthenticatingFilter >> >> >> > filtering request >> >> >> > 21.12.2012 13:11:48.841 *INFO* [4832582@qtp-5311938-35] >> >> >> > org.apache.stanbol.commons.solr.RegisteredSolrServerTracker ... in >> >> >> > addingService for IndexReference[server:default,index:contenthub] >> >> >> > (ref: [org.apache.solr.core.SolrCore]) >> >> >> > 21.12.2012 13:11:48.842 *DEBUG* [4832582@qtp-5311938-35] >> >> >> > org.apache.stanbol.commons.security.auth.AuthenticatingFilter >> >> >> > SecurityException: {} java.security.AccessControlException: access >> >> >> > denied (org.osgi.framework.AdminPermission (id=155) context) >> >> >> > at >> >> >> >> >> >> java.security.AccessControlContext.checkPermission(AccessControlContext.java:374) >> >> >> > at >> >> >> >> >> >> java.security.AccessController.checkPermission(AccessController.java:546) >> >> >> > at >> java.lang.SecurityManager.checkPermission(SecurityManager.java:532) >> >> >> > at >> >> >> >> >> >> org.apache.felix.framework.BundleImpl.getBundleContext(BundleImpl.java:206) >> >> >> > at >> >> >> >> >> >> org.apache.felix.framework.util.EventDispatcher.wrapListener(EventDispatcher.java:578) >> >> >> > at >> >> >> >> >> >> org.apache.felix.framework.util.EventDispatcher.removeListener(EventDispatcher.java:347) >> >> >> > at >> >> >> >> org.apache.felix.framework.Felix.removeServiceListener(Felix.java:2768) >> >> >> > at >> >> >> >> >> >> org.apache.felix.framework.BundleContextImpl.removeServiceListener(BundleContextImpl.java:209) >> >> >> > at >> org.osgi.util.tracker.ServiceTracker.close(ServiceTracker.java:391) >> >> >> > at >> >> >> >> >> >> org.apache.stanbol.contenthub.store.solr.manager.SolrCoreManager.getSolrServerFromTracker(SolrCoreManager.java:137) >> >> >> > at >> >> >> >> >> >> org.apache.stanbol.contenthub.store.solr.manager.SolrCoreManager.getServer(SolrCoreManager.java:169) >> >> >> > at >> >> >> >> >> >> org.apache.stanbol.contenthub.search.solr.SolrSearchImpl.search(SolrSearchImpl.java:108) >> >> >> > at >> >> >> >> >> >> org.apache.stanbol.contenthub.web.resources.StoreResource.getView(StoreResource.java:698) >> >> >> > at sun.reflect.GeneratedMethodAccessor69.invoke(Unknown Source) >> >> >> > >> >> >> > Before looking into that in more details I would like to ask if >> >> >> > someone has an Idea why this could happen. >> >> >> > >> >> >> > best >> >> >> > Rupert >> >> >> > >> >> >> > -- >> >> >> > | Rupert Westenthaler [email protected] >> >> >> > | Bodenlehenstraße 11 >> ++43-699-11108907 >> >> >> > | A-5500 Bischofshofen >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> | Rupert Westenthaler [email protected] >> >> >> | Bodenlehenstraße 11 ++43-699-11108907 >> >> >> | A-5500 Bischofshofen >> >> >> >> >> >> >> >> >> >> >> -- >> >> | Rupert Westenthaler [email protected] >> >> | Bodenlehenstraße 11 ++43-699-11108907 >> >> | A-5500 Bischofshofen >> >> >> >> >> >> -- >> | Rupert Westenthaler [email protected] >> | Bodenlehenstraße 11 ++43-699-11108907 >> | A-5500 Bischofshofen >> -- | Rupert Westenthaler [email protected] | Bodenlehenstraße 11 ++43-699-11108907 | A-5500 Bischofshofen
