[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true - seam-issues

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[jbossseam-issues] [JBoss JIRA]...

Kenneth Christensen (JIRA)

Tuesday, 3 June 2008 Tue, 3 Jun '08

4:09 a.m.

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Priority: Critical I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

Show replies by date

Kenneth Christensen (JIRA)

Tuesday, 3 June Tue, 3 Jun

4:13 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=all ] Kenneth Christensen updated JBSEAM-3064: ---------------------------------------- Attachment: testcase1-RuleBasedIdentity.zip

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Priority: Critical Attachments: testcase1-RuleBasedIdentity.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

-- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

Kenneth Christensen (JIRA)

4:15 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=all ] Kenneth Christensen updated JBSEAM-3064: ---------------------------------------- Attachment: testcase2-RuleTest.zip

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Kenneth Christensen (JIRA)

4:15 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=all ] Kenneth Christensen updated JBSEAM-3064: ---------------------------------------- Attachment: security.drl

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Kenneth Christensen (JIRA)

5:43 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415268 ] Kenneth Christensen commented on JBSEAM-3064: --------------------------------------------- I run another test (see attached file: testcase3-RuleTest-v2.zip) where RuleBasedIdentity.hasPermission() gets called up to 6 times. I don't get any AuthorizationExceptions this time! It really looks like Drools or RuleBasedIdentity have some stability issues under heavy load. @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } } } } } return result; } }

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.1.GA, 2.0.2.GA, 2.0.2.SP1 Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Kenneth Christensen (JIRA)

5:45 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=all ] Kenneth Christensen updated JBSEAM-3064: ---------------------------------------- Attachment: testcase3-RuleTest-v2.zip

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.1.GA, 2.0.2.GA, 2.0.2.SP1 Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Kenneth Christensen (JIRA)

5:13 p.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415481 ] Kenneth Christensen commented on JBSEAM-3064: --------------------------------------------- Another exception: javax.faces.FacesException: javax.el.ELException: /xhtml/template/topMenu.jspx @67,70 rendered="#{s:hasPermission('LMS', null, null)}": java.lang.NullPointerException at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:373) at org.ajax4jsf.renderkit.AjaxChildrenRenderer.encodeAjaxComponent(AjaxChildrenRenderer.java:94) at org.ajax4jsf.renderkit.AjaxChildrenRenderer.encodeAjaxChildren(AjaxChildrenRenderer.java:86) at org.ajax4jsf.renderkit.AjaxChildrenRenderer.encodeAjaxComponent(AjaxChildrenRenderer.java:134) at org.ajax4jsf.renderkit.AjaxChildrenRenderer.encodeAjaxChildren(AjaxChildrenRenderer.java:86) at org.ajax4jsf.renderkit.AjaxChildrenRenderer.encodeAjaxComponent(AjaxChildrenRenderer.java:134) at org.ajax4jsf.renderkit.AjaxContainerRenderer.encodeAjax(AjaxContainerRenderer.java:122) at org.ajax4jsf.component.AjaxViewRoot.encodeAjax(AjaxViewRoot.java:553) at org.ajax4jsf.component.AjaxViewRoot$4.invokeRoot(AjaxViewRoot.java:384) at org.ajax4jsf.context.JsfOneOneInvoker.invokeOnRegionOrRoot(JsfOneOneInvoker.java:56) at org.ajax4jsf.context.AjaxContextImpl.invokeOnRegionOrRoot(AjaxContextImpl.java:170) at org.ajax4jsf.component.AjaxViewRoot.encodeChildren(AjaxViewRoot.java:401) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:886) at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:592) at org.ajax4jsf.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:108) at org.ajax4jsf.application.AjaxViewHandler.renderView(AjaxViewHandler.java:216) at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:106) at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251) at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:42) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:85) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:141) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:281) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:60) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:613) Caused by: javax.el.ELException: /xhtml/template/topMenu.jspx @67,70 rendered="#{s:hasPermission('LMS', null, null)}": java.lang.NullPointerException at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:76) at javax.faces.component.UIComponentBase.isRendered(UIComponentBase.java:370) ... 54 more Caused by: java.lang.NullPointerException at org.drools.util.JavaIteratorAdapter.setNext(JavaIteratorAdapter.java:72) at org.drools.util.JavaIteratorAdapter.<init>(JavaIteratorAdapter.java:37) at org.drools.common.AbstractWorkingMemory.iterateObjects(AbstractWorkingMemory.java:611) at org.jboss.seam.security.RuleBasedIdentity.synchronizeContext(RuleBasedIdentity.java:235) at org.jboss.seam.security.RuleBasedIdentity.hasPermission(RuleBasedIdentity.java:121)

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.1.GA, 2.0.2.GA, 2.0.2.SP1 Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Shane Bryzak (JIRA)

7:12 p.m.

New subject: [jbossseam-issues] [JBoss JIRA] Assigned: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=all ] Shane Bryzak reassigned JBSEAM-3064: ------------------------------------ Assignee: Shane Bryzak

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.1.GA, 2.0.2.GA, 2.0.2.SP1 Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Assigned To: Shane Bryzak Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Shane Bryzak (JIRA)

7:23 p.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415487 ] Shane Bryzak commented on JBSEAM-3064: -------------------------------------- I've added some more synchronization to RuleBasedIdentity in the Seam_2_0 branch, I'm hoping that this will fix your address. Could you please retry your tests against these changes? It would also be great if you could try your tests against trunk also, as the security architecture has changed drastically.

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.1.GA, 2.0.2.GA, 2.0.2.SP1 Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Assigned To: Shane Bryzak Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Shane Bryzak (JIRA)

7:27 p.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415489 ] Shane Bryzak commented on JBSEAM-3064: -------------------------------------- Also, just a question about your load tests - is your tool simulating separate sessions for each thread, or are they all running within the same session? This could have a significant performance impact, as threads contend for session-scoped resource locks.

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.1.GA, 2.0.2.GA, 2.0.2.SP1 Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Assigned To: Shane Bryzak Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Kenneth Christensen (JIRA)

Wednesday, 4 June Wed, 4 Jun

1:03 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415498 ] Kenneth Christensen commented on JBSEAM-3064: --------------------------------------------- "is your tool simulating separate sessions for each thread?" Each thread have its own session. "I've added some more synchronization to RuleBasedIdentity in the Seam_2_0 branch, I'm hoping that this will fix your address." Me too :-) "Could you please retry your tests against these changes?" Yes.

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.1.GA, 2.0.2.GA, 2.0.2.SP1 Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Assigned To: Shane Bryzak Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Kenneth Christensen (JIRA)

10:58 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415609 ] Kenneth Christensen commented on JBSEAM-3064: --------------------------------------------- Nope, that didn't help :-( BTW: I have already tried to 'synchronized' hasPermission() earlier. Sorry I didn't mention it.

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Assigned To: Shane Bryzak Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Kenneth Christensen (JIRA)

11:05 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415610 ] Kenneth Christensen commented on JBSEAM-3064: --------------------------------------------- I have tried to upgrade Drools to version 4.0.7, but I get an exception: org.jboss.seam.InstantiationException: Could not instantiate Seam component: org.jboss.seam.security.identity at org.jboss.seam.Component.newInstance(Component.java:1986) at org.jboss.seam.contexts.Contexts.startup(Contexts.java:304) at org.jboss.seam.contexts.Contexts.startup(Contexts.java:278) at org.jboss.seam.contexts.Lifecycle.beginSession(Lifecycle.java:191) at org.jboss.seam.contexts.ServletLifecycle.beginSession(ServletLifecycle.java:124) at org.jboss.seam.servlet.SeamListener.sessionCreated(SeamListener.java:44) at org.apache.catalina.session.StandardSession.tellNew(StandardSession.java:397) at org.apache.catalina.session.StandardSession.setId(StandardSession.java:369) at org.apache.catalina.session.ManagerBase.createSession(ManagerBase.java:828) at org.apache.catalina.session.StandardManager.createSession(StandardManager.java:291) at org.apache.catalina.connector.Request.doGetSession(Request.java:2310) at org.apache.catalina.connector.Request.getSession(Request.java:2075) at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:833) at com.sun.faces.context.SessionMap.getSession(ExternalContextImpl.java:1002) at com.sun.faces.context.SessionMap.get(ExternalContextImpl.java:962) at org.jboss.seam.contexts.BasicContext.get(BasicContext.java:48) at org.jboss.seam.Component.getInstance(Component.java:1854) at org.jboss.seam.Component.getInstance(Component.java:1832) at org.jboss.seam.web.Session.getInstance(Session.java:122) at org.jboss.seam.contexts.FacesLifecycle.beginRequest(FacesLifecycle.java:54) at org.jboss.seam.jsf.SeamPhaseListener.beforeRestoreView(SeamPhaseListener.java:377) at org.jboss.seam.jsf.SeamPhaseListener.beforeServletPhase(SeamPhaseListener.java:137) at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:114) at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:222) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:244) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:42) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:85) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:141) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:281) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:60) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:613) Caused by: org.jboss.seam.InstantiationException: Could not instantiate Seam component: securityRules at org.jboss.seam.Component.newInstance(Component.java:1986) at org.jboss.seam.Component.getInstance(Component.java:1876) at org.jboss.seam.Component.getInstance(Component.java:1843) at org.jboss.seam.Namespace.getComponentInstance(Namespace.java:55) at org.jboss.seam.Namespace.getComponentInstance(Namespace.java:50) at org.jboss.seam.el.SeamELResolver.resolveBase(SeamELResolver.java:166) at org.jboss.seam.el.SeamELResolver.getValue(SeamELResolver.java:53) at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:53) at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:64) at org.jboss.el.parser.AstIdentifier.getValue(AstIdentifier.java:44) at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186) at org.jboss.seam.core.Expressions$1.getValue(Expressions.java:111) at org.jboss.seam.Component$ELInitialValue.getValue(Component.java:2370) at org.jboss.seam.Component.initialize(Component.java:1392) at org.jboss.seam.Component.instantiateJavaBean(Component.java:1318) at org.jboss.seam.Component.instantiate(Component.java:1271) at org.jboss.seam.Component.newInstance(Component.java:1970) ... 60 more Caused by: java.lang.NullPointerException at org.drools.rule.ReturnValueRestriction.equals(ReturnValueRestriction.java:245) at org.drools.rule.ReturnValueConstraint.equals(ReturnValueConstraint.java:85) at org.drools.reteoo.AlphaNode.equals(AlphaNode.java:268) at org.drools.reteoo.builder.BuildUtils.attachNode(BuildUtils.java:109) at org.drools.reteoo.builder.PatternBuilder.attachAlphaNodes(PatternBuilder.java:194) at org.drools.reteoo.builder.PatternBuilder.attachPattern(PatternBuilder.java:88) at org.drools.reteoo.builder.PatternBuilder.build(PatternBuilder.java:60) at org.drools.reteoo.builder.GroupElementBuilder$AndBuilder.build(GroupElementBuilder.java:111) at org.drools.reteoo.builder.GroupElementBuilder.build(GroupElementBuilder.java:69) at org.drools.reteoo.builder.ReteooRuleBuilder.addSubRule(ReteooRuleBuilder.java:149) at org.drools.reteoo.builder.ReteooRuleBuilder.addRule(ReteooRuleBuilder.java:122) at org.drools.reteoo.ReteooBuilder.addRule(ReteooBuilder.java:117) at org.drools.reteoo.ReteooRuleBase.addRule(ReteooRuleBase.java:266) at org.drools.common.AbstractRuleBase.addRule(AbstractRuleBase.java:542) at org.drools.common.AbstractRuleBase.addPackage(AbstractRuleBase.java:436) at org.jboss.seam.drools.RuleBase.compileRuleBase(RuleBase.java:87) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.seam.util.Reflections.invoke(Reflections.java:21) at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:125) at org.jboss.seam.Component.callComponentMethod(Component.java:2092) at org.jboss.seam.Component.callCreateMethod(Component.java:2015) at org.jboss.seam.Component.newInstance(Component.java:1976) ... 76 more 18:01:13,353 ERROR [SeamPhaseListener] uncaught exception org.jboss.seam.InstantiationException: Could not instantiate Seam component: org.jboss.seam.security.identity at org.jboss.seam.Component.newInstance(Component.java:1986) at org.jboss.seam.Component.getInstance(Component.java:1876) at org.jboss.seam.Component.getInstance(Component.java:1843) at org.jboss.seam.Namespace.getComponentInstance(Namespace.java:55) at org.jboss.seam.Namespace.getComponentInstance(Namespace.java:50) at org.jboss.seam.el.SeamELResolver.resolveBase(SeamELResolver.java:177) at org.jboss.seam.el.SeamELResolver.getValue(SeamELResolver.java:53) at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:53) at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:64) at org.jboss.el.parser.AstIdentifier.getValue(AstIdentifier.java:44) at org.jboss.el.parser.AstValue.getValue(AstValue.java:63) at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186) at org.jboss.seam.core.Expressions$1.getValue(Expressions.java:111) at org.jboss.seam.navigation.Action.isExecutable(Action.java:20) at org.jboss.seam.navigation.Page.preRender(Page.java:255) at org.jboss.seam.navigation.Pages.preRender(Pages.java:316) at org.jboss.seam.jsf.SeamPhaseListener.preRenderPage(SeamPhaseListener.java:560) at org.jboss.seam.jsf.SeamPhaseListener.beforeRenderResponse(SeamPhaseListener.java:471) at org.jboss.seam.jsf.SeamPhaseListener.beforeServletPhase(SeamPhaseListener.java:144) at org.jboss.seam.jsf.SeamPhaseListener.beforePhase(SeamPhaseListener.java:114) at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:222) at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:42) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:85) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:141) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:281) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:60) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:179) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:613) Caused by: org.jboss.seam.InstantiationException: Could not instantiate Seam component: securityRules at org.jboss.seam.Component.newInstance(Component.java:1986) at org.jboss.seam.Component.getInstance(Component.java:1876) at org.jboss.seam.Component.getInstance(Component.java:1843) at org.jboss.seam.Namespace.getComponentInstance(Namespace.java:55) at org.jboss.seam.Namespace.getComponentInstance(Namespace.java:50) at org.jboss.seam.el.SeamELResolver.resolveBase(SeamELResolver.java:166) at org.jboss.seam.el.SeamELResolver.getValue(SeamELResolver.java:53) at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:53) at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:64) at org.jboss.el.parser.AstIdentifier.getValue(AstIdentifier.java:44) at org.jboss.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:186) at org.jboss.seam.core.Expressions$1.getValue(Expressions.java:111) at org.jboss.seam.Component$ELInitialValue.getValue(Component.java:2370) at org.jboss.seam.Component.initialize(Component.java:1392) at org.jboss.seam.Component.instantiateJavaBean(Component.java:1318) at org.jboss.seam.Component.instantiate(Component.java:1271) at org.jboss.seam.Component.newInstance(Component.java:1970) ... 57 more Caused by: java.lang.NullPointerException at org.drools.rule.ReturnValueRestriction.equals(ReturnValueRestriction.java:245) at org.drools.rule.ReturnValueConstraint.equals(ReturnValueConstraint.java:85) at org.drools.reteoo.AlphaNode.equals(AlphaNode.java:268) at org.drools.reteoo.builder.BuildUtils.attachNode(BuildUtils.java:109) at org.drools.reteoo.builder.PatternBuilder.attachAlphaNodes(PatternBuilder.java:194) at org.drools.reteoo.builder.PatternBuilder.attachPattern(PatternBuilder.java:88) at org.drools.reteoo.builder.PatternBuilder.build(PatternBuilder.java:60) at org.drools.reteoo.builder.GroupElementBuilder$AndBuilder.build(GroupElementBuilder.java:111) at org.drools.reteoo.builder.GroupElementBuilder.build(GroupElementBuilder.java:69) at org.drools.reteoo.builder.ReteooRuleBuilder.addSubRule(ReteooRuleBuilder.java:149) at org.drools.reteoo.builder.ReteooRuleBuilder.addRule(ReteooRuleBuilder.java:122) at org.drools.reteoo.ReteooBuilder.addRule(ReteooBuilder.java:117) at org.drools.reteoo.ReteooRuleBase.addRule(ReteooRuleBase.java:266) at org.drools.common.AbstractRuleBase.addRule(AbstractRuleBase.java:542) at org.drools.common.AbstractRuleBase.addPackage(AbstractRuleBase.java:436) at org.jboss.seam.drools.RuleBase.compileRuleBase(RuleBase.java:87) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.seam.util.Reflections.invoke(Reflections.java:21) at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:125) at org.jboss.seam.Component.callComponentMethod(Component.java:2092) at org.jboss.seam.Component.callCreateMethod(Component.java:2015) at org.jboss.seam.Component.newInstance(Component.java:1976) ... 73 more

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Assigned To: Shane Bryzak Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Kenneth Christensen (JIRA)

11:51 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415619 ] Kenneth Christensen commented on JBSEAM-3064: --------------------------------------------- BTW: I can recommend JBoss/Red Hat to buy Web Performance Suite from Web Performance Incorporated (http://www.webperformanceinc.com/) - in my opinion the best Load Testing software for JBoss Seam, JSF, AJAX webapplications :-)

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Assigned To: Shane Bryzak Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Kenneth Christensen (JIRA)

Friday, 6 June Fri, 6 Jun

1:59 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415826 ] Kenneth Christensen commented on JBSEAM-3064: --------------------------------------------- This was a really hard one...... I have a solution to this problem :-) Solution: 1. Upgrade to Drools 4.0.7 - drools-compiler-4.0.7 - drools-core-4.0.7 - mvel-1.3.1-java1.4 2. synchronizeContext() call in hasPermission() must be included in the synchronized block - your fix in the Seam_2_0 branch works fine. 3. hasRole() must include a synchronized block, e.g. public boolean hasRole(String role) { if (securityContext != null) { synchronized (securityContext) { Iterator<Role> iter = securityContext.iterateObjects(new ClassObjectFilter(Role.class)); while (iter.hasNext()) { Role r = iter.next(); if (r.getName().equals(role)) return true; } } } return super.hasRole(role); } I have Load Tested above solution for more than 5 hours and no exceptions are thrown with this solution. Solution explanation: 1. AuthorizationExceptions are thrown if solution only consist of 2. & 3. - therefore we need Drools 4.0.7. I had some problems upgrading to Drools 4.0.7 because of my security rules! Drools 4.0.3 and 4.0.7 accepts: rule UploadSystemDocuments no-loop activation-group "permissions" when c: PermissionCheck(name == "UPLOAD_DOCUMENTS", action == (DocumentType.SYSTEM.extendedName())) Role(name == (RoleType.ADMINISTRATOR.name())) then c.grant(); end; But only Drools 4.0.3 accepts: rule UploadUserDocuments no-loop activation-group "permissions" when c: PermissionCheck(name == "UPLOAD_DOCUMENTS", action == (DocumentType.USER.extendedName())) Role(name == (RoleType.ADMINISTRATOR.name())) or Role(name == (RoleType.CUSTOMER.name())) or Role(name == (RoleType.SUPERCUSTOMER.name())) then c.grant(); end; Drools 4.0.7 don't like 'action == (DocumentType.USER.extendedName())' and multiple OR's - weird! I had to change my security rules before Drools 4.0.7 would accept my rules. 2. AuthorizationExceptions are thrown if the synchronizeContext() call is not inside the synchronized block. 3. NullPointerExceptions are thrown if hasRole() don't include a synchronized block. Would it be possible to include this fix in the Seam 2.0.3.XX release?

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Assigned To: Shane Bryzak Priority: Critical Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Shane Bryzak (JIRA)

2:44 a.m.

New subject: [jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=all ] Shane Bryzak closed JBSEAM-3064. -------------------------------- Fix Version/s: 2.0.3.CR1 Resolution: Done Thanks for the work you did on this Kenneth. I've made the changes you recommended, can you please check against the Seam-2_0 branch and let me know if it fixes your load testing issues.

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Assigned To: Shane Bryzak Priority: Critical Fix For: 2.0.3.CR1 Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

Kenneth Christensen (JIRA)

2:02 p.m.

New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true

[ http://jira.jboss.com/jira/browse/JBSEAM-3064?page=comments#action_12415905 ] Kenneth Christensen commented on JBSEAM-3064: --------------------------------------------- Yep, it works now. Thanks :-)

...

AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true --------------------------------------------------------------------------------------------------------------------- Key: JBSEAM-3064 URL: http://jira.jboss.com/jira/browse/JBSEAM-3064 Project: Seam Issue Type: Bug Components: Security Affects Versions: 2.0.2.SP1, 2.0.2.GA, 2.0.1.GA Environment: Mac OS X 10.5.3 JDK 1.5.0_13-b05-237 JBoss 4.2.2.GA JBoss Seam 2.0.1.GA Drools 4.0.3 Reporter: Kenneth Christensen Assigned To: Shane Bryzak Priority: Critical Fix For: 2.0.3.CR1 Attachments: security.drl, testcase1-RuleBasedIdentity.zip, testcase2-RuleTest.zip, testcase3-RuleTest-v2.zip I'm getting random AuthorizationExceptions when I Load Testing (with Web Performance Suite 3.5) my application (JBoss AS 4.2.2.GA, Drools 4.0.3, JBoss Seam 2.0.1.GA, RichFaces 3.1.4.GA and JSF 1.2). And it looks like RuleBasedIdentity.hasPermission() is the problem, or more likely securityContext.fireAllRules() used by RuleBasedIdentity.hasPermission(). I have run two testcases (see attached files), where all RuleBasedIdentity.hasPermission() should return true. But under heavy load (lots of threads and 90% - 100% CPU) RuleBasedIdentity.hasPermission() returns false because securityContext.fireAllRules() don't call PermissionCheck.grant(). But now its getting really weird :-) If I override RuleBasedIdentity.hasPermission() with: @Name("org.jboss.seam.security.identity") @Scope(SESSION) @BypassInterceptors @Install(precedence=Install.APPLICATION, classDependencies="org.drools.WorkingMemory") @Startup public class RuleTest extends RuleBasedIdentity { @Override public boolean hasPermission(String name, String action, Object... arg) { boolean result = super.hasPermission(name, action, arg); if (!result) { // Are we sure, if result == false? One more time. result = super.hasPermission(name, action, arg); } return result; } } then about 95%-99% of the time RuleTest.hasPermission() will return the expected result, i.e. true.

6062

days inactive

6065

days old

seam-issues@lists.jboss.org

Manage subscription

16 comments

2 participants

tags (0)

participants (2)

Kenneth Christensen (JIRA)
Shane Bryzak (JIRA)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3064) AuthorizationException when Load Testing - RuleBasedIdentity.hasPermission() returns false when it should return true