Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-6305

LoginAdminWhitelist configuration is applied too late

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: JCR Base 2.4.2
    • Fix Version/s: None
    • Component/s: JCR
    • Labels:
      None

      Description

      I've been getting some local failures with the launchpad/testing module, and I noticed that the org.apache.sling.junit.scriptable bundle was not whitelisted for loginAdministrative:

      19.11.2016 10:40:54.063 *ERROR* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService)] org.apache.sling.junit.scriptable [org.apache.sling.junit.scriptable.ScriptableTestsProvider(204)] The activate method has thrown an exception (javax.jcr.LoginException: Bundle org.apache.sling.junit.scriptable is NOT whitelisted)
      javax.jcr.LoginException: Bundle org.apache.sling.junit.scriptable is NOT whitelisted

      The configuration was correct, so I added a little debug information in the org.apache.sling.jcr.base bundle to print the whitelist regexp in the same line as the whitelisted bundles. I noticed then that the component is activated several times, with only the last one actually setting the configuration

      19.11.2016 10:40:51.630 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.plugins.segment.SegmentNodeStoreService)] org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, org.apache.sling.extensions.webconsolesecurityprovider, org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, org.apache.sling.resourceresolver, org.apache.sling.servlets.post, org.apache.sling.servlets.resolver], whitelistRegexp=null
      19.11.2016 10:40:55.150 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl)] org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, org.apache.sling.extensions.webconsolesecurityprovider, org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, org.apache.sling.resourceresolver, org.apache.sling.servlets.post, org.apache.sling.servlets.resolver], whitelistRegexp=null
      19.11.2016 10:40:56.200 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.security.user.UserConfigurationImpl)] org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, org.apache.sling.extensions.webconsolesecurityprovider, org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, org.apache.sling.resourceresolver, org.apache.sling.servlets.post, org.apache.sling.servlets.resolver], whitelistRegexp=null
      19.11.2016 10:40:57.190 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider)] org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, org.apache.sling.extensions.webconsolesecurityprovider, org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, org.apache.sling.resourceresolver, org.apache.sling.servlets.post, org.apache.sling.servlets.resolver], whitelistRegexp=null
      19.11.2016 10:40:57.692 *INFO* [CM Event Dispatcher (Fire ConfigurationEvent: pid=org.apache.sling.jcr.base.internal.LoginAdminWhitelist)] org.apache.sling.jcr.base.internal.LoginAdminWhitelist bypassWhitelist=false, whitelisted BSNs(17)=[org.apache.sling.discovery.base, org.apache.sling.discovery.commons, org.apache.sling.discovery.oak, org.apache.sling.extensions.webconsolesecurityprovider, org.apache.sling.i18n, org.apache.sling.installer.provider.jcr, org.apache.sling.jcr.base, org.apache.sling.jcr.contentloader, org.apache.sling.jcr.davex, org.apache.sling.jcr.jackrabbit.usermanager, org.apache.sling.jcr.oak.server, org.apache.sling.jcr.repoinit, org.apache.sling.jcr.resource, org.apache.sling.jcr.webconsole, org.apache.sling.resourceresolver, org.apache.sling.servlets.post, org.apache.sling.servlets.resolver], whitelistRegexp=org.apache.sling.(launchpad|junit).*

      With the error appearing at 10:40:54. and the correct configuration being applied at 10:40:57, it's clear that the configuration should've been applied much earlier.

      Julian Sedding - what are your thoughts on this?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                rombert Robert Munteanu
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: