Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-249

endless loop on privilege checking

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.4.1
    • Fix Version/s: 1.4.2
    • Component/s: API
    • Labels:
      None

      Description

      Endless loop on privilege checking:

      Scott,

      Well, the problem is that the privilege checking is looking for a group subject object, and that looks at the group name, then it does privilege checking to see if the user can see the group name, and that gets the group subject again, and loops and loops. (stack below... incidentally, the stack part that loops is 22 calls deep... seems a little too complex... )

      I think the issue is that one of your memberships has a via_id of a group which is not world viewable (that should be ok)... just not sure why we haven't seen this before. I don't understand if I am fixing this problem, or masking another problem... I do believe that there shouldn't be a way to have an endless loop though, no matter what the data is.

      I made a tweak which looks like it should work, if you are brave and want to try it out, go for it. Im cc'ing other core team members so they can look and see if they see anything wrong. Im running the unit tests, and they look ok. I committed this to the 1.4 branch...

      ############################
      Add edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter.java (line 41):

      import edu.internet2.middleware.grouper.subj.GrouperSubject;

      ############################
      Change edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter.java (line 124):
      FROM:

      if ( ms.getViaUuid() != null ) {
      try

      { owner = ms.getViaGroup().toSubject(); revoke = false; }

      catch (GroupNotFoundException eGNF)

      { LOG.error(eGNF.getMessage() ); }
      }

      TO:

      if ( ms.getViaUuid() != null ) {
      try {
      //dont have an endless loop checking privs
      GrouperSubject.ignoreGroupAttributeSecurityOnNewSubject(true);
      Group viaGroup = ms.getViaGroup();
      if (LOG.isDebugEnabled()) { //temporary log message to try privilege LOG.debug("finding group subject: " + viaGroup.getAttributesDb().get("name")); }
      owner = viaGroup.toSubject();
      revoke = false;
      }
      catch (GroupNotFoundException eGNF) { LOG.error(eGNF.getMessage() ); }

      finally

      { GrouperSubject.ignoreGroupAttributeSecurityOnNewSubject(false); }

      }

      ##################################
      Change edu.internet2.middleware.grouper.subj.GrouperSubject (line 63):

      FROM:

      // CONSTRUCTORS //
      public GrouperSubject(Group g)
      throws SourceUnavailableException

      { this.id = g.getUuid(); this.name = (String) g.getAttributes().get(GrouperConfig.ATTR_NAME); this.adapter = (GrouperSourceAdapter) SubjectFinder.internal_getGSA(); }

      // protected GrouperSubject(g, sa)

      TO:

      /** during security checks, not doing this causes an endless loop */
      private static final ThreadLocal<Boolean> ignoreGroupAttributeSecurityOnNewSubject = new ThreadLocal<Boolean>();

      /**

      • @param ifIgnore
        */
        public static void ignoreGroupAttributeSecurityOnNewSubject(boolean ifIgnore) { ignoreGroupAttributeSecurityOnNewSubject.set(ifIgnore); }

      // CONSTRUCTORS //
      public GrouperSubject(Group g)
      throws SourceUnavailableException {
      this.id = g.getUuid();
      Boolean ignorePermissions = ignoreGroupAttributeSecurityOnNewSubject.get();
      if (ignorePermissions != null && ignorePermissions)

      { this.name = g.getAttributesDb().get(GrouperConfig.ATTR_NAME); }

      else

      { this.name = (String) g.getAttributes().get(GrouperConfig.ATTR_NAME); }

      this.adapter = (GrouperSourceAdapter) SubjectFinder.internal_getGSA();
      }

      at edu.internet2.middleware.grouper.Group.getAttributes(Group.java:1522)
      at edu.internet2.middleware.grouper.subj.GrouperSubject.<init>(GrouperSubject.java:68)
      at edu.internet2.middleware.grouper.GrouperSourceAdapter.getSubject(GrouperSourceAdapter.java:121)
      at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.find(SourcesXmlResolver.java:131)
      at edu.internet2.middleware.grouper.subj.CachingResolver.find(CachingResolver.java:111)
      at edu.internet2.middleware.grouper.subj.ValidatingResolver.find(ValidatingResolver.java:94)
      at edu.internet2.middleware.grouper.SubjectFinder.findById(SubjectFinder.java:162)
      at edu.internet2.middleware.grouper.Group.toSubject(Group.java:3095)
      at edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter$1.callback(GrouperPrivilegeAdapter.java:126)
      at edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:627)
      at edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter.internal_getPrivs(GrouperPrivilegeAdapter.java:94)
      at edu.internet2.middleware.grouper.GrouperAccessAdapter.getPrivs(GrouperAccessAdapter.java:182)
      at edu.internet2.middleware.grouper.privs.AccessWrapper.getPrivileges(AccessWrapper.java:101)
      at edu.internet2.middleware.grouper.privs.GrouperAllAccessResolver.getPrivileges(GrouperAllAccessResolver.java:89)
      at edu.internet2.middleware.grouper.privs.GrouperSystemAccessResolver.getPrivileges(GrouperSystemAccessResolver.java:98)
      at edu.internet2.middleware.grouper.privs.CachingAccessResolver.getPrivileges(CachingAccessResolver.java:107)
      at edu.internet2.middleware.grouper.privs.CachingAccessResolver.hasPrivilege(CachingAccessResolver.java:176)
      at edu.internet2.middleware.grouper.privs.WheelAccessResolver.hasPrivilege(WheelAccessResolver.java:203)
      at edu.internet2.middleware.grouper.privs.ValidatingAccessResolver.hasPrivilege(ValidatingAccessResolver.java:117)
      at edu.internet2.middleware.grouper.privs.PrivilegeHelper.canView(PrivilegeHelper.java:170)
      at edu.internet2.middleware.grouper.privs.PrivilegeHelper.dispatch(PrivilegeHelper.java:287)
      at edu.internet2.middleware.grouper.Group._canReadField(Group.java:3188)
      at edu.internet2.middleware.grouper.Group.getAttributes(Group.java:1522)
      at edu.internet2.middleware.grouper.subj.GrouperSubject.<init>(GrouperSubject.java:68)
      at edu.internet2.middleware.grouper.GrouperSourceAdapter.getSubject(GrouperSourceAdapter.java:121)
      at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.find(SourcesXmlResolver.java:131)
      at edu.internet2.middleware.grouper.subj.CachingResolver.find(CachingResolver.java:111)
      at edu.internet2.middleware.grouper.subj.ValidatingResolver.find(ValidatingResolver.java:94)
      at edu.internet2.middleware.grouper.SubjectFinder.findById(SubjectFinder.java:162)
      at edu.internet2.middleware.grouper.Group.toSubject(Group.java:3095)
      at edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter$1.callback(GrouperPrivilegeAdapter.java:126)
      at edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:627)
      at edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter.internal_getPrivs(GrouperPrivilegeAdapter.java:94)
      at edu.internet2.middleware.grouper.GrouperAccessAdapter.getPrivs(GrouperAccessAdapter.java:182)
      at edu.internet2.middleware.grouper.privs.AccessWrapper.getPrivileges(AccessWrapper.java:101)
      at edu.internet2.middleware.grouper.privs.GrouperAllAccessResolver.getPrivileges(GrouperAllAccessResolver.java:89)
      at edu.internet2.middleware.grouper.privs.GrouperSystemAccessResolver.getPrivileges(GrouperSystemAccessResolver.java:98)
      at edu.internet2.middleware.grouper.privs.CachingAccessResolver.getPrivileges(CachingAccessResolver.java:107)
      at edu.internet2.middleware.grouper.privs.CachingAccessResolver.hasPrivilege(CachingAccessResolver.java:176)
      at edu.internet2.middleware.grouper.privs.WheelAccessResolver.hasPrivilege(WheelAccessResolver.java:203)
      at edu.internet2.middleware.grouper.privs.ValidatingAccessResolver.hasPrivilege(ValidatingAccessResolver.java:117)
      at edu.internet2.middleware.grouper.privs.PrivilegeHelper.canView(PrivilegeHelper.java:170)
      at edu.internet2.middleware.grouper.privs.PrivilegeHelper.dispatch(PrivilegeHelper.java:287)
      at edu.internet2.middleware.grouper.Group._canReadField(Group.java:3188)
      at edu.internet2.middleware.grouper.Group.getAttributes(Group.java:1522)
      at edu.internet2.middleware.grouper.subj.GrouperSubject.<init>(GrouperSubject.java:68)
      at edu.internet2.middleware.grouper.GrouperSourceAdapter.getSubject(GrouperSourceAdapter.java:121)
      at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.find(SourcesXmlResolver.java:131)
      at edu.internet2.middleware.grouper.subj.CachingResolver.find(CachingResolver.java:111)
      at edu.internet2.middleware.grouper.subj.ValidatingResolver.find(ValidatingResolver.java:94)
      at edu.internet2.middleware.grouper.SubjectFinder.findById(SubjectFinder.java:162)
      at edu.internet2.middleware.grouper.Group.toSubject(Group.java:3095)
      at edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter$1.callback(GrouperPrivilegeAdapter.java:126)
      at edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:627)
      at edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter.internal_getPrivs(GrouperPrivilegeAdapter.java:94)
      at edu.internet2.middleware.grouper.GrouperAccessAdapter.getPrivs(GrouperAccessAdapter.java:182)
      at edu.internet2.middleware.grouper.privs.AccessWrapper.getPrivileges(AccessWrapper.java:101)
      at edu.internet2.middleware.grouper.privs.GrouperAllAccessResolver.getPrivileges(GrouperAllAccessResolver.java:89)
      at edu.internet2.middleware.grouper.privs.GrouperSystemAccessResolver.getPrivileges(GrouperSystemAccessResolver.java:98)
      at edu.internet2.middleware.grouper.privs.CachingAccessResolver.getPrivileges(CachingAccessResolver.java:107)
      at edu.internet2.middleware.grouper.privs.CachingAccessResolver.hasPrivilege(CachingAccessResolver.java:176)
      at edu.internet2.middleware.grouper.privs.WheelAccessResolver.hasPrivilege(WheelAccessResolver.java:203)
      at edu.internet2.middleware.grouper.privs.ValidatingAccessResolver.hasPrivilege(ValidatingAccessResolver.java:117)
      at edu.internet2.middleware.grouper.privs.PrivilegeHelper.canView(PrivilegeHelper.java:170)
      at edu.internet2.middleware.grouper.privs.PrivilegeHelper.dispatch(PrivilegeHelper.java:287)
      at edu.internet2.middleware.grouper.Group._canReadField(Group.java:3188)
      at edu.internet2.middleware.grouper.Group.getAttributes(Group.java:1522)
      at edu.internet2.middleware.grouper.subj.GrouperSubject.<init>(GrouperSubject.java:68)
      at edu.internet2.middleware.grouper.GrouperSourceAdapter.getSubject(GrouperSourceAdapter.java:121)
      at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.find(SourcesXmlResolver.java:131)
      at edu.internet2.middleware.grouper.subj.CachingResolver.find(CachingResolver.java:111)
      at edu.internet2.middleware.grouper.subj.ValidatingResolver.find(ValidatingResolver.java:94)
      at edu.internet2.middleware.grouper.SubjectFinder.findById(SubjectFinder.java:162)
      at edu.internet2.middleware.grouper.Group.toSubject(Group.java:3095)
      at edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter$1.callback(GrouperPrivilegeAdapter.java:126)
      at edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:627)
      at edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter.internal_getPrivs(GrouperPrivilegeAdapter.java:94)
      at edu.internet2.middleware.grouper.GrouperAccessAdapter.getPrivs(GrouperAccessAdapter.java:182)
      at edu.internet2.middleware.grouper.privs.AccessWrapper.getPrivileges(AccessWrapper.java:101)
      at edu.internet2.middleware.grouper.privs.GrouperAllAccessResolver.getPrivileges(GrouperAllAccessResolver.java:89)
      at edu.internet2.middleware.grouper.privs.GrouperSystemAccessResolver.getPrivileges(GrouperSystemAccessResolver.java:98)
      at edu.internet2.middleware.grouper.privs.CachingAccessResolver.getPrivileges(CachingAccessResolver.java:107)
      at edu.internet2.middleware.grouper.privs.CachingAccessResolver.hasPrivilege(CachingAccessResolver.java:176)
      at edu.internet2.middleware.grouper.privs.WheelAccessResolver.hasPrivilege(WheelAccessResolver.java:203)
      at edu.internet2.middleware.grouper.privs.ValidatingAccessResolver.hasPrivilege(ValidatingAccessResolver.java:117)
      at edu.internet2.middleware.grouper.privs.PrivilegeHelper.canView(PrivilegeHelper.java:170)
      at edu.internet2.middleware.grouper.privs.PrivilegeHelper.dispatch(PrivilegeHelper.java:287)
      at edu.internet2.middleware.grouper.Group._canReadField(Group.java:3188)
      at edu.internet2.middleware.grouper.Group.getAttributes(Group.java:1522)
      at edu.internet2.middleware.grouper.subj.GrouperSubject.<init>(GrouperSubject.java:68)
      at edu.internet2.middleware.grouper.GrouperSourceAdapter.getSubject(GrouperSourceAdapter.java:121)
      at edu.internet2.middleware.grouper.subj.SourcesXmlResolver.find(SourcesXmlResolver.java:131)
      at edu.internet2.middleware.grouper.subj.CachingResolver.find(CachingResolver.java:111)
      at edu.internet2.middleware.grouper.subj.ValidatingResolver.find(ValidatingResolver.java:94)
      at edu.internet2.middleware.grouper.SubjectFinder.findById(SubjectFinder.java:162)
      at edu.internet2.middleware.grouper.Group.toSubject(Group.java:3095)
      at edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter$1.callback(GrouperPrivilegeAdapter.java:126)
      at edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:627)
      at edu.internet2.middleware.grouper.privs.GrouperPrivilegeAdapter.internal_getPrivs(GrouperPrivilegeAdapter.java:94)
      at edu.internet2.middleware.grouper.GrouperAccessAdapter.getPrivs(GrouperAccessAdapter.java:182)
      at edu.internet2.middleware.grouper.privs.AccessWrapper.getPrivileges(AccessWrapper.java:101)
      at edu.internet2.middleware.grouper.privs.GrouperAllAccessResolver.getPrivileges(GrouperAllAccessResolver.java:89)
      at edu.internet2.middleware.grouper.privs.GrouperSystemAccessResolver.getPrivileges(GrouperSystemAccessResolver.java:98)
      at edu.internet2.middleware.grouper.privs.CachingAccessResolver.getPrivileges(CachingAccessResolver.java:107)
      at edu.internet2.middleware.grouper.privs.CachingAccessResolver.hasPrivilege(CachingAccessResolver.java:176)

      > ----Original Message----
      > Sent: Thursday, March 19, 2009 1:52 PM
      > To: GW Brown, Information Systems and Computing
      > Cc: Chris Hyzer
      > Subject: Re: [grouper-users] UI error for subject previously in wheel
      > group
      >
      > Hi,
      >
      > > Hi Scott,
      > >
      > > A recursive error trying to determine if the user has read access to
      > a
      > > group attribute which leads to a stack overflow...
      > >
      > > I presume this error persists over a server restart
      >
      > Yes.
      >
      > > and so is probably to do with data (rather than caching). What
      > > happens if the user changes home.do for populateAllGroups.do?
      >
      > Without any changes to the data that worked. That is, the user could
      > load the page populateAllGroups.do.
      >
      > >
      > > If it is a problem with a specific group
      >
      > It seems to be a problem related to a specific group.
      >
      > I removed the subject from all groups and then started adding the
      > subject back into groups. After some back and forth I found that when
      > the subject is a member of a particular group the problem presents
      > itself.
      >
      > For my records, the group is:
      >
      > group: name='Communities:LVC:LSC:MOU:PennState:PennStateGroupManagers'
      > displayName='Communities:LVC:LSC:MOU:PennState:PennStateGroupManagers'
      > uuid='e9f3a89e-715d-4c93-aafc-3389e1a8cc60'
      >
      > If I remove the subject from that group there are no problems for the
      > user.
      >
      > Note that if I add myself to that group I have no problems with the
      > UI.
      >
      > What are the next steps?
      >
      > Thanks much,
      >
      > Scott
      >
      > > and the
      > > user isn't a member of lots of groups you could try removing their
      > > memberships and then re-adding them, or, if you work out the ids the
      > > user could go
      > > to: populateGroupSummary.do?groupId=<id> for each group and see if
      > > there is an error. If we can track it down to a single group it
      > > might help us figure out some diagnostic queries to run.
      > >
      > > The alternative is to add some debug logging statements.
      > >
      > > It is definitely a strange one. Can you reproduce it for a different
      > > user?
      > >
      > > Gary
      > >
      > >
      > >
      > > --On 19 March 2009 08:26 -0700 Scott Koranda
      > >
      > >> Hi,
      > >>
      > >> Thanks for your help.
      > >>
      > >> I built a new grouper.jar and restarted Tomcat.
      > >> Attached is a much longer stack trace from the log file.
      > >>
      > >> Cheers,
      > >>
      > >> Scott
      > >>
      > >>> Ok, I look at the message again, and it says:
      > >>>
      > >>> PrivilegeHelper.java 237.
      > >>>
      > >>> Then I look at that line number, and there is some less than ideal
      > >>> error handling:
      > >>>
      > >>> catch (Exception e)

      { > >>> LOG.error("canViewMemberships: " + > >>> e.getMessage()); }

      } return mships;
      > >>>
      > >>> What this means is that the error logged, without the stack (more
      > >>> underlying information), and then the user just gets a result
      > >>> anyways, not really knowing there is a problem (the error doesn't
      > >>> bubble up).
      > >>>
      > >>> Scott, if you can tweak the source and rebuild, to this (note the
      > >>> comma and e):
      > >>>
      > >>> catch (Exception e)

      { > >>> LOG.error("canViewMemberships: " + > >>> e.getMessage(), e ); }

      } return mships;
      > >>>
      > >>> Then let the user hit it again, look in the logs, and hopefully we
      > >>> will have the underlying cause here... sorry if that is
      > >>> painful...
      > >>>
      > >>> I committed this tweak to 1.4 (will propagate in an hour or two to
      > >>> the anonymous cvs)...
      > >>>
      > >>> Gary, can you see if you know of a reason not to rethrow the
      > >>> exception and cause there as an unchecked exception (long term
      > >>> fix)? I think it should not swallow the exception unless there is
      > >>> a good reason.
      > >>>
      > >>> Thanks! Chris
      > >>>
      > >>>
      > >>>
      > >>> > ----Original Message---- From: Scott Koranda
      > >>> > Wednesday, March 18, 2009 5:04 PM To: Chris Hyzer Cc: GW Brown,
      > >>> > Subject: Re: [grouper-users] UI error for subject previously in
      > >>> > wheel group
      > >>> >
      > >>> > Hi,
      > >>> >
      > >>> > > More logs would be nice too.
      > >>> >
      > >>> > I turned up the logging to DEBUG but did not see anything else.
      > >>> > I will try to do that again and have the user access the UI.
      > >>> >
      > >>> > >
      > >>> > > That error says:
      > >>> > >
      > >>> > > Exception in uniqueResult: (class
      > >>> > edu.internet2.middleware.grouper.Member),
      > >>> > ByHqlStatic, query: 'from Member as m where
      > >>> > m.subjectIdDb = :sid and
      > >>> > m.subjectSourceIdDb = :source and m.subjectTypeId = :type'
      > >>> > >
      > >>> > > Which looks like it might mean there are two or more rows in
      > >>> > > your grouper_members table with the same subject_id,
      > >>> > > source_id, and type. I don't know how this is possible since
      > >>> > > I believe there should be a unique index on those cols. Try
      > >>> > > running this query, and see if it returns any rows:
      > >>> > >
      > >>> > > select gm1.SUBJECT_ID, gm2.SUBJECT_ID, gm1.SUBJECT_SOURCE,
      > >>> > > gm2.SUBJECT_SOURCE from grouper_members gm1, grouper_members
      > >>> > > gm2 where gm1.SUBJECT_ID = gm2.SUBJECT_ID and gm1.ID != gm2.ID
      > >>> >
      > >>> > It does not return any rows:
      > >>> >
      > >>> > mysql> SELECT gm1.SUBJECT_ID, gm2.SUBJECT_ID,
      > >>> > gm1.SUBJECT_SOURCE,gm2.SUBJECT_SOURCE FROM grouper_members gm1,
      > >>> > grouper_members gm2 WHERE gm1.SUBJECT_ID = gm2.SUBJECT_ID and
      > >>> > gm1.ID != gm2.ID; Empty set (0.04 sec)
      > >>> >
      > >>> >
      > >>> > >
      > >>> > > And see if there is a unique index on that table for those 3
      > >>> > > cols...
      > >>> >
      > >>> > *************************** 1. row
      > >>> > *************************** Table:
      > >>> > grouper_members Non_unique: 0 Key_name: PRIMARY
      > >>> > Seq_in_index: 1 Column_name: id Collation: A
      > >>> > Cardinality: 940 Sub_part: NULL Packed: NULL
      > >>> > Null: Index_type: BTREE Comment:
      > >>> > *************************** 2. row
      > >>> > *************************** Table:
      > >>> > grouper_members Non_unique: 0 Key_name:
      > >>> > member_subjectsourcetype_idx Seq_in_index: 1
      > >>> > Column_name: subject_id Collation: A
      > >>> > Cardinality: 940 Sub_part: NULL Packed: NULL
      > >>> > Null: Index_type: BTREE Comment:
      > >>> > *************************** 3. row
      > >>> > *************************** Table:
      > >>> > grouper_members Non_unique: 0 Key_name:
      > >>> > member_subjectsourcetype_idx Seq_in_index: 2
      > >>> > Column_name: subject_source Collation: A
      > >>> > Cardinality: 940 Sub_part: NULL Packed: NULL
      > >>> > Null: Index_type: BTREE Comment:
      > >>> > *************************** 4. row
      > >>> > *************************** Table:
      > >>> > grouper_members Non_unique: 0 Key_name:
      > >>> > member_subjectsourcetype_idx Seq_in_index: 3
      > >>> > Column_name: subject_type Collation: A
      > >>> > Cardinality: 940 Sub_part: NULL Packed: NULL
      > >>> > Null: Index_type: BTREE Comment:
      > >>> > *************************** 5. row
      > >>> > *************************** Table:
      > >>> > grouper_members Non_unique: 1 Key_name:
      > >>> > member_subjectsource_idx Seq_in_index: 1
      > >>> > Column_name: subject_source Collation: A
      > >>> > Cardinality: 1 Sub_part: NULL Packed: NULL
      > >>> > Null: Index_type: BTREE Comment:
      > >>> > *************************** 6. row
      > >>> > *************************** Table:
      > >>> > grouper_members Non_unique: 1 Key_name:
      > >>> > member_subjectid_idx Seq_in_index: 1
      > >>> > Column_name: subject_id Collation: A
      > >>> > Cardinality: 940 Sub_part: NULL Packed: NULL
      > >>> > Null: Index_type: BTREE Comment:
      > >>> > *************************** 7. row
      > >>> > *************************** Table:
      > >>> > grouper_members Non_unique: 1 Key_name:
      > >>> > member_subjecttype_idx Seq_in_index: 1
      > >>> > Column_name: subject_type 7 rows in set (0.03
      > >>> > sec)
      > >>> >
      > >>> >
      > >>> >
      > >>> > >
      > >>> > > If there is more in the logs then this might be the wrong
      > >>> > > path, but Gary asked me to look at the error message, so I
      > >>> > > did.
      > >>> > >
      > >>> > > Chris
      > >>> > >
      > >>> > >
      > >>> > >
      > >>> > > > ----Original Message---- From: GW Brown, Information
      > >>> > > > Sent:
      > >>> > > > Wednesday, March 18, 2009 3:31 PM To: Scott Koranda;
      > >>> > > > Subject: Re: [grouper-users] UI error for subject previously
      > >>> > > > in wheel group
      > >>> > > >
      > >>> > > > Hi Scott,
      > >>> > > >
      > >>> > > > You can send me the actual HTML and I'll take a look.
      > >>> > > >
      > >>> > > > Does the problem persist if the ui webapp is restarted?
      > >>> > > >
      > >>> > > > I had a quick go at removing someone from the wheel group
      > >>> > > > but can't see any problems.
      > >>> > > > May be Chris can see something in the error?
      > >>> > > >
      > >>> > > > Gary
      > >>> > > >
      > >>> > > > --On 18 March 2009 12:14 -0700 Scott Koranda
      > >>> > > > wrote:
      > >>> > > >
      > >>> > > > > Hi,
      > >>> > > > >
      > >>> > > > > We are running the Grouper UI from 1.4.1.
      > >>> > > > >
      > >>> > > > > I had a subject that I had added to our etc:sysadmingroup.
      > >>> > > > > That is our 'wheel'
      > >>> > > > > group, i.e. in grouper.properties we have
      > >>> > > > >
      > >>> > > > > groups.wheel.use = true
      > >>> > > > > groups.wheel.group = etc:sysadmingroup
      > >>> > > > >
      > >>> > > > > Later I removed that subject from that wheel group.
      > >>> > > > >
      > >>> > > > > Now when the user browses to the UI after a long pause he
      > >>> > > > > sees only the words "My memberships" and nothing else. I
      > >>> > > > > have the actual HTML delivered to the browser and can post
      > >>> > > > > it if that would help.
      > >>> > > > >
      > >>> > > > > Note that this happens with whatever browser the user
      > >>> > > > > uses. It is not browser related.
      > >>> > > > >
      > >>> > > > > The only suspicious thing I see in the logs is this:
      > >>> > > > >
      > >>> > > > > 2009-03-18 14:05:35,159: [TP-Processor6] ERROR
      > >>> > > > > PrivilegeHelper.canViewMemberships(237) -
      > >>> > > > > canViewMemberships: Problem
      > >>> > > > in
      > >>> > > > > HibernateSession: HibernateSession:
      > >>> > > > > isNew: true, isReadonly: true,
      > >>> > > > > grouperTransactionType: READONLY_NEW, Exception in
      > >>> > > > > uniqueResult: (class
      > >>> > > > edu.internet2.middleware.grouper.Memb
      > >>> > > > > er), ByHqlStatic, query: 'from Member as
      > >>> > > > > m where m.subjectIdDb = :sid and
      > >>> > > > > m.subjectSourceIdDb = :source and m.subjectTypeId =
      > >>> > > > > :type', cacheable:
      > >>> > > > > true, cacheRegion:
      > >>> > > > > edu.internet2.middleware.groupe
      > >>> > > > > r.internal.dao.hib3.Hib3MemberDAO.FindBySubject,
      > >>> > > > > tx type: nullBind var[ 0]: 'Param (class
      > >>> > > > > java.lang.String): 'sid'->'GrouperAll', Bind var[1]:
      > >>> > > > > 'Param (class
      > >>> > > > > java.lang.String):
      > >>> > > > > 'type'->'application'Bind var[2]: 'Par am (class
      > >>> > > > > java.lang.String):
      > >>> > > > > 'source'->'g:isa',
      > >>> > > > >
      > >>> > > > > Any ideas on how I can workaround this problem for this
      > >>> > > > > user?
      > >>> > > > >
      > >>> > > > > All other users/subjects are having no problems browsing
      > >>> > > > > the UI.
      > >>> > > > >
      > >>> > > > > Thanks,
      > >>> > > > >
      > >>> > > > > Scott
      > >>> > > >
      > >>> > > >
      > >>> > > >
      > >>> > > > ---------------------- GW Brown, Information Systems and
      > >
      > >
      > >
      > > ---------------------- GW Brown, Information Systems and Computing

        Smart Checklist

          Attachments

            Activity

              People

              Assignee:
              chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
              Reporter:
              chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: