Eclipse Community Forums - RDF feed
https://www.eclipse.org/forums/
Eclipse Community Forums[CDO 4.1]Security Manager Problem
https://www.eclipse.org/forums/index.php/mv/msg/364834/889443/#msg_889443
Permission manager and security model is very good feature of CDO4.1. When I try it, I get Timeout Exception. User ID is 'Administrator', Password is '0000'.
[ERROR] Token encryption failed
org.eclipse.emf.cdo.common.util.TransportException: java.util.concurrent.TimeoutException
at org.eclipse.emf.cdo.internal.net4j.protocol.CDOClientProtocol.send(CDOClientProtocol.java:504)
at org.eclipse.emf.cdo.internal.net4j.protocol.CDOClientProtocol.send(CDOClientProtocol.java:529)
at org.eclipse.emf.cdo.internal.net4j.protocol.CDOClientProtocol.loadRevisions(CDOClientProtocol.java:166)
at org.eclipse.emf.cdo.internal.common.revision.CDORevisionManagerImpl.loadRevisions(CDORevisionManagerImpl.java:382)
at org.eclipse.emf.cdo.internal.common.revision.CDORevisionManagerImpl.getRevisions(CDORevisionManagerImpl.java:293)
at org.eclipse.emf.cdo.internal.common.revision.CDORevisionManagerImpl.getRevision(CDORevisionManagerImpl.java:276)
at org.eclipse.emf.cdo.internal.common.revision.CDORevisionManagerImpl.getRevision(CDORevisionManagerImpl.java:269)
at org.eclipse.emf.internal.cdo.view.CDOViewImpl.getRevision(CDOViewImpl.java:697)
at org.eclipse.emf.internal.cdo.view.AbstractCDOView.createObject(AbstractCDOView.java:839)
at org.eclipse.emf.internal.cdo.view.AbstractCDOView.getObject(AbstractCDOView.java:748)
at org.eclipse.emf.internal.cdo.transaction.CDOTransactionImpl.getObject(CDOTransactionImpl.java:1093)
at org.eclipse.emf.internal.cdo.view.AbstractCDOView.convertIDToObject(AbstractCDOView.java:1065)
at org.eclipse.emf.internal.cdo.view.CDOStoreImpl.convertIDToObject(CDOStoreImpl.java:676)
at org.eclipse.emf.internal.cdo.view.CDOStoreImpl.convertToEMF(CDOStoreImpl.java:644)
at org.eclipse.emf.internal.cdo.view.CDOStoreImpl.get(CDOStoreImpl.java:190)
at org.eclipse.emf.ecore.impl.EStoreEObjectImpl$BasicEStoreEList.delegateGet(EStoreEObjectImpl.java:241)
at org.eclipse.emf.common.util.DelegatingEList.get(DelegatingEList.java:230)
at org.eclipse.emf.common.util.AbstractEList$EIterator.doNext(AbstractEList.java:703)
at org.eclipse.emf.common.util.AbstractEList$EIterator.next(AbstractEList.java:690)
at org.eclipse.emf.cdo.security.RealmUtil.findUser(RealmUtil.java:31)
at org.eclipse.emf.cdo.server.internal.security.SecurityManager.getUser(SecurityManager.java:164)
at org.eclipse.emf.cdo.server.internal.security.SecurityManager$UserManager.encrypt(SecurityManager.java:489)
at org.eclipse.emf.cdo.internal.server.SessionManager.encryptToken(SessionManager.java:500)
at org.eclipse.emf.cdo.internal.server.SessionManager.authenticateUser(SessionManager.java:464)
at org.eclipse.emf.cdo.internal.server.SessionManager.openSession(SessionManager.java:232)
at org.eclipse.emf.cdo.server.internal.net4j.protocol.OpenSessionIndication.responding(OpenSessionIndication.java:117)
at org.eclipse.emf.cdo.server.internal.net4j.protocol.CDOServerIndicationWithMonitoring.responding(CDOServerIndicationWithMonitoring.java:170)
at org.eclipse.net4j.signal.IndicationWithMonitoring.responding(IndicationWithMonitoring.java:92)
at org.eclipse.net4j.signal.IndicationWithResponse.doExtendedOutput(IndicationWithResponse.java:98)
at org.eclipse.net4j.signal.Signal.doOutput(Signal.java:298)
at org.eclipse.net4j.signal.IndicationWithResponse.execute(IndicationWithResponse.java:67)
at org.eclipse.net4j.signal.IndicationWithMonitoring.execute(IndicationWithMonitoring.java:65)
at org.eclipse.net4j.signal.Signal.runSync(Signal.java:253)
at org.eclipse.net4j.signal.Signal.run(Signal.java:149)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)Thread-7 [debug.buffer] Obtained Buffer@55[INITIAL]
Caused by: java.util.concurrent.TimeoutException
at org.eclipse.net4j.util.io.IOTimeoutException.createTimeoutException(IOTimeoutException.java:46)
at org.eclipse.net4j.signal.Signal.runSync(Signal.java:257)
at org.eclipse.net4j.signal.SignalProtocol.startSignal(SignalProtocol.java:440)
at org.eclipse.net4j.signal.RequestWithConfirmation.doSend(RequestWithConfirmation.java:89)
at org.eclipse.net4j.signal.RequestWithConfirmation.send(RequestWithConfirmation.java:75)
at org.eclipse.emf.cdo.internal.net4j.protocol.CDOClientProtocol.send(CDOClientProtocol.java:496)
... 36 more
Caused by: org.eclipse.net4j.util.io.IOTimeoutException
at org.eclipse.net4j.buffer.BufferInputStream.ensureBuffer(BufferInputStream.java:204)
at org.eclipse.net4j.buffer.BufferInputStream.read(BufferInputStream.java:116)
at java.io.DataInputStream.readBoolean(DataInputStream.java:225)
at org.eclipse.net4j.util.io.ExtendedDataInput$Delegating.readBoolean(ExtendedDataInput.java:60)
at org.eclipse.emf.cdo.internal.common.protocol.CDODataInputImpl.readCDORevision(CDODataInputImpl.java:401)
at org.eclipse.emf.cdo.internal.common.protocol.CDODataInputImpl.readCDORevision(CDODataInputImpl.java:396)
at org.eclipse.emf.cdo.spi.common.revision.RevisionInfo.readRevision(RevisionInfo.java:218)
at org.eclipse.emf.cdo.spi.common.revision.RevisionInfo.readResult(RevisionInfo.java:157)
at org.eclipse.emf.cdo.internal.net4j.protocol.LoadRevisionsRequest.confirming(LoadRevisionsRequest.java:143)
at org.eclipse.emf.cdo.internal.net4j.protocol.LoadRevisionsRequest.confirming(LoadRevisionsRequest.java:1)
at org.eclipse.emf.cdo.internal.net4j.protocol.CDOClientRequest.confirming(CDOClientRequest.java:90)
at org.eclipse.net4j.signal.RequestWithConfirmation.doExtendedInput(RequestWithConfirmation.java:125)
at org.eclipse.net4j.signal.Signal.doInput(Signal.java:328)
at org.eclipse.net4j.signal.RequestWithConfirmation.doExecute(RequestWithConfirmation.java:105)
at org.eclipse.net4j.signal.SignalActor.execute(SignalActor.java:53)
at org.eclipse.net4j.signal.Signal.runSync(Signal.java:253)
... 40 more
[ERROR] Access denied
java.lang.SecurityException: Access denied
at org.eclipse.emf.cdo.internal.server.SessionManager.authenticateUser(SessionManager.java:471)
at org.eclipse.emf.cdo.internal.server.SessionManager.openSession(SessionManager.java:232)
at org.eclipse.emf.cdo.server.internal.net4j.protocol.OpenSessionIndication.responding(OpenSessionIndication.java:117)
at org.eclipse.emf.cdo.server.internal.net4j.protocol.CDOServerIndicationWithMonitoring.responding(CDOServerIndicationWithMonitoring.java:170)
at org.eclipse.net4j.signal.IndicationWithMonitoring.responding(IndicationWithMonitoring.java:92)
at org.eclipse.net4j.signal.IndicationWithResponse.doExtendedOutput(IndicationWithResponse.java:98)
at org.eclipse.net4j.signal.Signal.doOutput(Signal.java:298)
at org.eclipse.net4j.signal.IndicationWithResponse.execute(IndicationWithResponse.java:67)
at org.eclipse.net4j.signal.IndicationWithMonitoring.execute(IndicationWithMonitoring.java:65)
at org.eclipse.net4j.signal.Signal.runSync(Signal.java:253)
at org.eclipse.net4j.signal.Signal.run(Signal.java:149)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
]]>Xingxiao Lu2012-06-19T08:35:42-00:00Re: [CDO 4.1]Security Manager Problem
https://www.eclipse.org/forums/index.php/mv/msg/364834/889871/#msg_889871
> Hi, Eike
> Permission manager and security model is very good feature of CDO4.1.
Please note that this feature is not fully completed, yet. I wanted toget the needed APIs in so that I can fix the
remaining problems in 4.1 maintenance. The respective bugzilla is still ASSIGNED:
> When I try it, I get Timeout Exception. User ID is 'Administrator', Password is '0000'.
These default credentials are correct. I can't see the causal relation between the "[ERROR] Token encryption failed"
message and the timeout(s). Is it possible that you zip up your workspace and make it available for download to me? You
can send me a private email with the download link if it's confidential. Please also provide me with detailed steps to
make it run.
>
> [ERROR] Token encryption failed
> org.eclipse.emf.cdo.common.util.TransportException: java.util.concurrent.TimeoutException
> at org.eclipse.emf.cdo.internal.net4j.protocol.CDOClientProtocol.send(CDOClientProtocol.java:504)
> at org.eclipse.emf.cdo.internal.net4j.protocol.CDOClientProtocol.send(CDOClientProtocol.java:529)
> at org.eclipse.emf.cdo.internal.net4j.protocol.CDOClientProtocol.loadRevisions(CDOClientProtocol.java:166)
> at org.eclipse.emf.cdo.internal.common.revision.CDORevisionManagerImpl.loadRevisions(CDORevisionManagerImpl.java:382)
> at org.eclipse.emf.cdo.internal.common.revision.CDORevisionManagerImpl.getRevisions(CDORevisionManagerImpl.java:293)
> at org.eclipse.emf.cdo.internal.common.revision.CDORevisionManagerImpl.getRevision(CDORevisionManagerImpl.java:276)
> at org.eclipse.emf.cdo.internal.common.revision.CDORevisionManagerImpl.getRevision(CDORevisionManagerImpl.java:269)
> at org.eclipse.emf.internal.cdo.view.CDOViewImpl.getRevision(CDOViewImpl.java:697)
> at org.eclipse.emf.internal.cdo.view.AbstractCDOView.createObject(AbstractCDOView.java:839)
> at org.eclipse.emf.internal.cdo.view.AbstractCDOView.getObject(AbstractCDOView.java:748)
> at org.eclipse.emf.internal.cdo.transaction.CDOTransactionImpl.getObject(CDOTransactionImpl.java:1093)
> at org.eclipse.emf.internal.cdo.view.AbstractCDOView.convertIDToObject(AbstractCDOView.java:1065)
> at org.eclipse.emf.internal.cdo.view.CDOStoreImpl.convertIDToObject(CDOStoreImpl.java:676)
> at org.eclipse.emf.internal.cdo.view.CDOStoreImpl.convertToEMF(CDOStoreImpl.java:644)
> at org.eclipse.emf.internal.cdo.view.CDOStoreImpl.get(CDOStoreImpl.java:190)
> at org.eclipse.emf.ecore.impl.EStoreEObjectImpl$BasicEStoreEList.delegateGet(EStoreEObjectImpl.java:241)
> at org.eclipse.emf.common.util.DelegatingEList.get(DelegatingEList.java:230)
> at org.eclipse.emf.common.util.AbstractEList$EIterator.doNext(AbstractEList.java:703)
> at org.eclipse.emf.common.util.AbstractEList$EIterator.next(AbstractEList.java:690)
> at org.eclipse.emf.cdo.security.RealmUtil.findUser(RealmUtil.java:31)
> at org.eclipse.emf.cdo.server.internal.security.SecurityManager.getUser(SecurityManager.java:164)
> at org.eclipse.emf.cdo.server.internal.security.SecurityManager$UserManager.encrypt(SecurityManager.java:489)
> at org.eclipse.emf.cdo.internal.server.SessionManager.encryptToken(SessionManager.java:500)
> at org.eclipse.emf.cdo.internal.server.SessionManager.authenticateUser(SessionManager.java:464)
> at org.eclipse.emf.cdo.internal.server.SessionManager.openSession(SessionManager.java:232)
> at org.eclipse.emf.cdo.server.internal.net4j.protocol.OpenSessionIndication.responding(OpenSessionIndication.java:117)
> at
> org.eclipse.emf.cdo.server.internal.net4j.protocol.CDOServerIndicationWithMonitoring.responding(CDOServerIndicationWithMonitoring.java:170)
> at org.eclipse.net4j.signal.IndicationWithMonitoring.responding(IndicationWithMonitoring.java:92)
> at org.eclipse.net4j.signal.IndicationWithResponse.doExtendedOutput(IndicationWithResponse.java:98)
> at org.eclipse.net4j.signal.Signal.doOutput(Signal.java:298)
> at org.eclipse.net4j.signal.IndicationWithResponse.execute(IndicationWithResponse.java:67)
> at org.eclipse.net4j.signal.IndicationWithMonitoring.execute(IndicationWithMonitoring.java:65)
> at org.eclipse.net4j.signal.Signal.runSync(Signal.java:253)
> at org.eclipse.net4j.signal.Signal.run(Signal.java:149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:619)Thread-7 [debug.buffer] Obtained Buffer@55[INITIAL]
>
> Caused by: java.util.concurrent.TimeoutException
> at org.eclipse.net4j.util.io.IOTimeoutException.createTimeoutException(IOTimeoutException.java:46)
> at org.eclipse.net4j.signal.Signal.runSync(Signal.java:257)
> at org.eclipse.net4j.signal.SignalProtocol.startSignal(SignalProtocol.java:440)
> at org.eclipse.net4j.signal.RequestWithConfirmation.doSend(RequestWithConfirmation.java:89)
> at org.eclipse.net4j.signal.RequestWithConfirmation.send(RequestWithConfirmation.java:75)
> at org.eclipse.emf.cdo.internal.net4j.protocol.CDOClientProtocol.send(CDOClientProtocol.java:496)
> ... 36 more
> Caused by: org.eclipse.net4j.util.io.IOTimeoutException
> at org.eclipse.net4j.buffer.BufferInputStream.ensureBuffer(BufferInputStream.java:204)
> at org.eclipse.net4j.buffer.BufferInputStream.read(BufferInputStream.java:116)
> at java.io.DataInputStream.readBoolean(DataInputStream.java:225)
> at org.eclipse.net4j.util.io.ExtendedDataInput$Delegating.readBoolean(ExtendedDataInput.java:60)
> at org.eclipse.emf.cdo.internal.common.protocol.CDODataInputImpl.readCDORevision(CDODataInputImpl.java:401)
> at org.eclipse.emf.cdo.internal.common.protocol.CDODataInputImpl.readCDORevision(CDODataInputImpl.java:396)
> at org.eclipse.emf.cdo.spi.common.revision.RevisionInfo.readRevision(RevisionInfo.java:218)
> at org.eclipse.emf.cdo.spi.common.revision.RevisionInfo.readResult(RevisionInfo.java:157)
> at org.eclipse.emf.cdo.internal.net4j.protocol.LoadRevisionsRequest.confirming(LoadRevisionsRequest.java:143)
> at org.eclipse.emf.cdo.internal.net4j.protocol.LoadRevisionsRequest.confirming(LoadRevisionsRequest.java:1)
> at org.eclipse.emf.cdo.internal.net4j.protocol.CDOClientRequest.confirming(CDOClientRequest.java:90)
> at org.eclipse.net4j.signal.RequestWithConfirmation.doExtendedInput(RequestWithConfirmation.java:125)
> at org.eclipse.net4j.signal.Signal.doInput(Signal.java:328)
> at org.eclipse.net4j.signal.RequestWithConfirmation.doExecute(RequestWithConfirmation.java:105)
> at org.eclipse.net4j.signal.SignalActor.execute(SignalActor.java:53)
> at org.eclipse.net4j.signal.Signal.runSync(Signal.java:253)
> ... 40 more
>
> [ERROR] Access denied
> java.lang.SecurityException: Access denied
> at org.eclipse.emf.cdo.internal.server.SessionManager.authenticateUser(SessionManager.java:471)
> at org.eclipse.emf.cdo.internal.server.SessionManager.openSession(SessionManager.java:232)
> at org.eclipse.emf.cdo.server.internal.net4j.protocol.OpenSessionIndication.responding(OpenSessionIndication.java:117)
> at
> org.eclipse.emf.cdo.server.internal.net4j.protocol.CDOServerIndicationWithMonitoring.responding(CDOServerIndicationWithMonitoring.java:170)
> at org.eclipse.net4j.signal.IndicationWithMonitoring.responding(IndicationWithMonitoring.java:92)
> at org.eclipse.net4j.signal.IndicationWithResponse.doExtendedOutput(IndicationWithResponse.java:98)
> at org.eclipse.net4j.signal.Signal.doOutput(Signal.java:298)
> at org.eclipse.net4j.signal.IndicationWithResponse.execute(IndicationWithResponse.java:67)
> at org.eclipse.net4j.signal.IndicationWithMonitoring.execute(IndicationWithMonitoring.java:65)
> at org.eclipse.net4j.signal.Signal.runSync(Signal.java:253)
> at org.eclipse.net4j.signal.Signal.run(Signal.java:149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:619)
>
>]]>Eike Stepper2012-06-20T05:48:16-00:00Re: [CDO 4.1]Security Manager Problem
https://www.eclipse.org/forums/index.php/mv/msg/364834/889949/#msg_889949
I use the HEAD of CDO GIT repository.
CDOServer: Add 'security' bundles to 'CDOServer' in Run Configuration. Config the securityManager entiry in 'cdo-server.xml'. <securityManager type="default" realmPath="/security"/>
CDOClient: I use 'CDOExplorer'.
Hope this information will give you help.
Thank you for your professional reply.]]>Xingxiao Lu2012-06-20T11:24:05-00:00Re: [CDO 4.1]Security Manager Problem
https://www.eclipse.org/forums/index.php/mv/msg/364834/900426/#msg_900426
i experienced this too. After some debugging i tracked it down to a
deadlock with the transaction in SecurityManager.modify():
In the commit() call, the attached write acces handler is invoked which
tries to resolve the session user via getUser(). If the user is unknown,
the transaction is used to retrieve it from the realm. As this runs in a
separate thread it is blocked by the locked transaction.
When the synchronized block is removed, the deadlock is gone, but you
may experience other problems.
Greetings Joerg.
On 06/20/2012 01:24 PM, Xingxiao Lu wrote:
> Hi, Eike
> I use the HEAD of CDO GIT repository.
> CDOServer: Add 'security' bundles to 'CDOServer' in Run Configuration.
> Config the securityManager entiry in 'cdo-server.xml'. <securityManager
> type="default" realmPath="/security"/>
>
> CDOClient: I use 'CDOExplorer'.
>
> Hope this information will give you help.
>
> Thank you for your professional reply.:)]]>2012-08-07T04:59:47-00:00Re: [CDO 4.1]Security Manager Problem
https://www.eclipse.org/forums/index.php/mv/msg/364834/900498/#msg_900498
Thanks for taking the time to track this down! I'm currently extending the test bed so that we can more easily inject a
security manager from single test cases. I may come back with questions once that's done...
Am 07.08.2012 06:59, schrieb Joerg Pacher:
> Hi Eike,
>
> i experienced this too. After some debugging i tracked it down to a deadlock with the transaction in
> SecurityManager.modify():
>
> {
> synchronized (transaction)
> {
> operation.execute(realm);
>
> try {
> transaction.commit();
> } catch (CommitException ex) {
> throw WrappedException.wrap(ex);
> }
> }
> }
>
> In the commit() call, the attached write acces handler is invoked which tries to resolve the session user via
> getUser(). If the user is unknown, the transaction is used to retrieve it from the realm. As this runs in a separate
> thread it is blocked by the locked transaction.
>
> When the synchronized block is removed, the deadlock is gone, but you may experience other problems.
>
>
> Greetings Joerg.
>
> On 06/20/2012 01:24 PM, Xingxiao Lu wrote:
>> Hi, Eike
>> I use the HEAD of CDO GIT repository.
>> CDOServer: Add 'security' bundles to 'CDOServer' in Run Configuration.
>> Config the securityManager entiry in 'cdo-server.xml'. <securityManager
>> type="default" realmPath="/security"/>
>>
>> CDOClient: I use 'CDOExplorer'.
>>
>> Hope this information will give you help.
>>
>> Thank you for your professional reply.:)
>]]>Eike Stepper2012-08-07T09:58:54-00:00Re: [CDO 4.1]Security Manager Problem
https://www.eclipse.org/forums/index.php/mv/msg/364834/900677/#msg_900677
> Hi Eike,
>
> i experienced this too. After some debugging i tracked it down to a deadlock with the transaction in
> SecurityManager.modify():
>
> {
> synchronized (transaction)
> {
> operation.execute(realm);
>
> try {
> transaction.commit();
> } catch (CommitException ex) {
> throw WrappedException.wrap(ex);
> }
> }
> }
I've solved this by opening a new transaction in ISecurityManager.modify().
I've also added lots of convenience methods to Realm, Directory and ISecurityManager.
And there's an easy test now, which you can use as an example in the future to demo remaining issues:
public class SecurityManagerTest extends AbstractCDOTest
{
private static final String USER_ID = "Stepper";
private static final String PASSWORD = "12345";
public void testCommit() throws Exception
{
ISecurityManager securityManager = startRepository();
securityManager.modify(new ISecurityManager.RealmOperation()
{
public void execute(Realm realm)
{
User user = realm.addUser(USER_ID, PASSWORD);
user.getGroups().add(realm.getGroup("Users"));
user.getRoles().add(realm.getRole("All Objects Writer"));
}
});
>
> In the commit() call, the attached write acces handler is invoked which tries to resolve the session user via
> getUser(). If the user is unknown, the transaction is used to retrieve it from the realm. As this runs in a separate
> thread it is blocked by the locked transaction.
>
> When the synchronized block is removed, the deadlock is gone, but you may experience other problems.
>
>
> Greetings Joerg.
>
> On 06/20/2012 01:24 PM, Xingxiao Lu wrote:
>> Hi, Eike
>> I use the HEAD of CDO GIT repository.
>> CDOServer: Add 'security' bundles to 'CDOServer' in Run Configuration.
>> Config the securityManager entiry in 'cdo-server.xml'. <securityManager
>> type="default" realmPath="/security"/>
>>
>> CDOClient: I use 'CDOExplorer'.
>>
>> Hope this information will give you help.
>>
>> Thank you for your professional reply.:)
>]]>Eike Stepper2012-08-08T07:08:36-00:00