Ram,
Can you enter a JIRA issue for this problem? That way we can track this
issue more formally. I believe it is a recurring issue for the DBPM
under higher load.
We were extending the DBPM to add distributed caching and I noticed that
there were occasional issues with folders and pages being accessed
concurrently not being infused correctly because they were not added to
the OJB cache. I have changed the infusion logic to ensure it is done
before the instances are handed back to OJB. The effects caused by this
bug were no doubt random, but it could explain why security is
occasionally being lost.
We can no doubt work on some diagnostics to help you address this issue.
No doubt, we could strengthen security so that it did the right thing
when folders and pages are not managed correctly: deny access.
Randy
ram.sachin2000 wrote:
Randy,
Yes. I am looking out at the 2.1.3-POSTRELEASE branch.
The load right now on the application is high than before. We are seeing
this issue frequently nowadays when compared to before. (Twice with in past
week).
We are in the process of adding additional diagnostic messages and there is
no change in the page.security information for quite some time.
You mentioned there are some issue with database page manager cache
prompting you to rewrite. Can you let me know what are those issues with
page manager cache and is it anything similar to what we are facing now.
Also are there any issues created in JIRA that are related to the problems
that you fixed?
Thanks once again for your reply.
Thanks,
Ram
I am posting my message again as I am not seeing the one I posted before.
Randy Watler wrote:
Ram,
If you get a chance to try out the 2.1.3-POSTRELEASE branch, that would
be helpful.
How often does this occur? Do you think we could catch this issue after
adding diagnostics to the PageManager component?
Are you editing the PageSecurity information frequently, or is it
generally static?
Randy
ram.sachin2000 wrote:
Randy,
Thanks for the quick reply.
We are using 2.1.3 with psmls stored in database (Database Page Manager)
We are not using profiler to select home pages for different users.
Showing of different home pages to different users based on their roles
are
done using the security constraints declared in the page.security (tables
PAGE_SECURITY, PAGE_SEC_CONSTRAINTS_DEF, PAGE_SEC_CONSTRAINTS_REF,
PAGE_SEC_CONSTRAINT_DEF)
We declare both the grant and deny constraints as documented in
http://portals.apache.org/jetspeed-2/guides/guide-security-declarative-psml.html
and we have multiple home pages that sits on the root folder (/). These
different home pages have different security constraints references to
both
grant and deny permissions.
Here is the synopsis of what really happened
Periodically users are seeing pages that they are not supposed to see.
The
problem tends to correct itself after some time. The constraints are
applied
as mentioned above where we are using both grants and denies.
The following is the snippet from the page.security file
<security-constraints-def name="privilege1-grant">
<security-constraint>
<roles>executive_role</roles>
<permissions>view,edit</permissions>
</security-constraint>
</security-constraints-def>
<security-constraints-def name="privilege1-deny">
<security-constraint>
<roles>executive_role</roles>
</security-constraint>
</security-constraints-def>
<security-constraints-def name="privilege2-grant">
<security-constraint>
<roles>employee_role</roles>
<permissions>view,edit</permissions>
</security-constraint>
</security-constraints-def>
<security-constraints-def name="privilege2-deny">
<security-constraint>
<roles>employee_role</roles>
</security-constraint>
</security-constraints-def>
Here is the snippet from a psml which is having deny permission
<security-constraints>
<security-constraints-ref>privilege1-deny</security-constraints-ref>
<security-constraints-ref>privilege2-grant</security-constraints-ref>
</security-constraints>
Let me know if you need any additional information.
I will take a look at 2.1.3-POSTRELEASE branch.
Thanks
Ram
Randy Watler wrote:
Niruparma,
What version are you running and which page manager are you using?
If you are on 2.1.3, there were some issues with the database page
manager cache. This has been refactored to use ehcache and ported back
to 2.1.3-POSTRELEASE. There are also plans to release a 2.1.4 soon.
Also, if you could pass along some detail on your page and profiler
configurations used to select home pages, that might be helpful as well.
Randy
Nirupama Mallavarupu wrote:
Hi,
We have a production deployment of JetSpeed Portal where we have the
security constraints setup in such a way that each user sees the home
page assigned to his/her role, when they login to the portal. However,
under some unknown circumstances ( the client is unable to pinpoint),
the
security constraints disappear and everyone is able to see all the home
pages. After about half an hour, the security constraints again kick
back in mysteriously ( in the meantime, the client panics and stops
and
restarts the portal, the db servers and everything several times with
no
effect.
Any clues or suggestions as to what could be causing the issue ?
Appreciate any help you can provide!
Thanks!
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
