search

codice / acdebugger

Purpose-built debugger for determining missing OSGi bundle security permissions
Apache License 2.0
7 stars 10 forks source link

AC Debugger throwing an error instead of logging the exception #50

Open Kjames5269 opened 5 years ago

Kjames5269 commented 5 years ago

Description

Running the AC Debugger with the following flags: -c -r -w

AC Debugger: =======================================================================
AC Debugger: AN ERROR OCCURRED WHILE ATTEMPTING TO ANALYZE THE SECURITY EXCEPTION,
AC Debugger: A DOMAIN IN THE CURRENT ACCESS CONTROL CONTEXT (INDEX: 1) CANNOT
AC Debugger: BE CORRELATED TO ONE COMPUTED FROM THE STACK (INDEX: 1)
AC Debugger: PLEASE REPORT AN ISSUE WITH THE FOLLOWING INFORMATION AND INSTRUCTIONS
AC Debugger: ON HOW TO REPRODUCE IT
AC Debugger: =======================================================================
AC Debugger: PERMISSION:
AC Debugger:     java.io.FilePermission "${ddf.home.perm}etc${/}ws-security${/}server${/}signature.properties", "read"
AC Debugger: LOCAL 'i' VARIABLE: 14
AC Debugger: CURRENT DOMAIN: security-servlet-session-expiry >instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32708)>
AC Debugger: ACCESS CONTROL CONTEXT:
AC Debugger:   org.eclipse.jetty.util <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32694)>
AC Debugger:   org.ops4j.pax.web.pax-web-jetty <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32695)>
AC Debugger:   org.ops4j.pax.web.pax-web-runtime <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32696)>
AC Debugger:   org.ops4j.pax.web.pax-web-extender-war <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32697)>
AC Debugger:   bundle-0 <instance of java.security.ProtectionDomain(id=32698)>
AC Debugger:   bundle-0 <instance of java.security.ProtectionDomain(id=32699)>
AC Debugger:   security-core-api <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32700)>
AC Debugger:   security-core-api <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32701)>
AC Debugger:   security-sts-realm <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32702)>
AC Debugger:   com.google.guava <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32703)>
AC Debugger:   org.apache.shiro.core <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32704)>
AC Debugger:   bundle-0 <instance of java.security.ProtectionDomain(id=32705)>
AC Debugger:   security-core-services <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32706)>
AC Debugger:   session-management-impl <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32707)>
AC Debugger:   *security-servlet-session-expiry <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32708)>
AC Debugger:   org.apache.cxf.cxf-core <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32709)>
AC Debugger:   org.apache.cxf.cxf-rt-frontend-jaxrs <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32710)>
AC Debugger:   org.apache.cxf.cxf-rt-transports-http <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32711)>
AC Debugger:   javax.servlet-api <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32712)>
AC Debugger:   org.eclipse.jetty.servlet <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32713)>
AC Debugger:   platform-paxweb-jettyconfig <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32714)>
AC Debugger:   org.eclipse.jetty.websocket.server <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32715)>
AC Debugger:   org.eclipse.jetty.server <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32716)>
AC Debugger:   org.eclipse.jetty.security <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32717)>
AC Debugger:   org.eclipse.jetty.io <instance of org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain(id=32718)>
AC Debugger: COMPUTED CONTEXT:
AC Debugger:   bundle-0
AC Debugger:   security-core-api
AC Debugger:   security-sts-realm
AC Debugger:   com.google.guava
AC Debugger:   org.apache.shiro.core
AC Debugger:   security-core-services
AC Debugger:   session-management-impl
AC Debugger:   *security-servlet-session-expiry
AC Debugger:   org.apache.cxf.cxf-core
AC Debugger:   org.apache.cxf.cxf-rt-frontend-jaxrs
AC Debugger:   org.apache.cxf.cxf-rt-transports-http
AC Debugger:   javax.servlet-api
AC Debugger:   org.eclipse.jetty.servlet
AC Debugger:   platform-paxweb-jettyconfig
AC Debugger:   org.eclipse.jetty.websocket.server
AC Debugger:   org.ops4j.pax.web.pax-web-jetty
AC Debugger:   org.eclipse.jetty.server
AC Debugger:   org.eclipse.jetty.security
AC Debugger:   org.eclipse.jetty.io
AC Debugger:   org.eclipse.jetty.util
AC Debugger: STACK:
AC Debugger:   at bundle-0(java.security.AccessControlContext:472) <instance of java.security.AccessControlContext(id=32690)>
AC Debugger:   at bundle-0(java.security.AccessController:884) <class of java.security.AccessController>
AC Debugger:   at bundle-0(java.lang.SecurityManager:549) <instance of net.sourceforge.prograde.sm.ProGradeJSM(id=33025)>
AC Debugger:   at bundle-0(java.lang.SecurityManager:888) <instance of net.sourceforge.prograde.sm.ProGradeJSM(id=33025)>
AC Debugger:   at bundle-0(java.io.File:814) <instance of java.io.File(id=33027)>
AC Debugger:   at security-core-api(org.codice.ddf.platform.util.properties.PropertiesLoader:234) <class of org.codice.ddf.platform.util.properties.PropertiesLoader>
AC Debugger:   at security-core-api(org.codice.ddf.platform.util.properties.PropertiesLoader$$Lambda$1123.208141702.apply(java.lang.Object, java.lang.Object)+8) <instance of org.codice.ddf.platform.util.properties.PropertiesLoader$$Lambda$1123.208141702(id=33028)>
AC Debugger:   at security-core-api(org.codice.ddf.platform.util.properties.PropertiesLoader:138) <instance of org.codice.ddf.platform.util.properties.PropertiesLoader(id=33029)>
AC Debugger:   at security-core-api(ddf.security.PropertiesLoader:47) <class of ddf.security.PropertiesLoader>
AC Debugger:   at security-sts-realm(ddf.security.realm.sts.AbstractStsRealm:318) <instance of ddf.security.realm.sts.StsRealm(id=33030)>
AC Debugger:   at security-sts-realm(ddf.security.realm.sts.AbstractStsRealm:382) <instance of ddf.security.realm.sts.StsRealm(id=33030)>
AC Debugger:   at security-sts-realm(ddf.security.realm.sts.AbstractStsRealm:250) <instance of ddf.security.realm.sts.StsRealm(id=33030)>
AC Debugger:   at security-sts-realm(ddf.security.realm.sts.AbstractStsRealm$$Lambda$1627.1264017369.call()+12) <instance of ddf.security.realm.sts.AbstractStsRealm$$Lambda$1627.1264017369(id=33031)>
AC Debugger:   at com.google.guava(com.google.common.cache.LocalCache$LocalManualCache$1:4904) <instance of com.google.common.cache.LocalCache$LocalManualCache$1(id=33032)>
AC Debugger:   at com.google.guava(com.google.common.cache.LocalCache$LoadingValueReference:3628) <instance of com.google.common.cache.LocalCache$LoadingValueReference(id=33033)>
AC Debugger:   at com.google.guava(com.google.common.cache.LocalCache$Segment:2336) <instance of com.google.common.cache.LocalCache$Segment(id=33034)>
AC Debugger:   at com.google.guava(com.google.common.cache.LocalCache$Segment:2295) <instance of com.google.common.cache.LocalCache$Segment(id=33034)>
AC Debugger:   at com.google.guava(com.google.common.cache.LocalCache$Segment:2208) <instance of com.google.common.cache.LocalCache$Segment(id=33034)>
AC Debugger:   at com.google.guava(com.google.common.cache.LocalCache:4053) <instance of com.google.common.cache.LocalCache(id=33035)>
AC Debugger:   at com.google.guava(com.google.common.cache.LocalCache$LocalManualCache:4899) <instance of com.google.common.cache.LocalCache$LocalManualCache(id=33036)>
AC Debugger:   at security-sts-realm(ddf.security.realm.sts.AbstractStsRealm:245) <instance of ddf.security.realm.sts.StsRealm(id=33030)>
AC Debugger:   at security-sts-realm(ddf.security.realm.sts.AbstractStsRealm:174) <instance of ddf.security.realm.sts.StsRealm(id=33030)>
AC Debugger:   at org.apache.shiro.core(org.apache.shiro.realm.AuthenticatingRealm:571) <instance of ddf.security.realm.sts.StsRealm(id=33030)>
AC Debugger:   at bundle-0(Proxy9cd4f7ee_6888_435f_a3a8_2334d41d480e.getAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)+58) <instance of Proxy9cd4f7ee_6888_435f_a3a8_2334d41d480e(id=33037)>
AC Debugger:   at org.apache.shiro.core(org.apache.shiro.authc.pam.ModularRealmAuthenticator:219) <instance of org.apache.shiro.authc.pam.ModularRealmAuthenticator(id=33039)>
AC Debugger:   at org.apache.shiro.core(org.apache.shiro.authc.pam.ModularRealmAuthenticator:269) <instance of org.apache.shiro.authc.pam.ModularRealmAuthenticator(id=33039)>
AC Debugger:   at org.apache.shiro.core(org.apache.shiro.authc.AbstractAuthenticator:198) <instance of org.apache.shiro.authc.pam.ModularRealmAuthenticator(id=33039)>
AC Debugger:   at org.apache.shiro.core(org.apache.shiro.mgt.AuthenticatingSecurityManager:106) <instance of org.apache.shiro.mgt.DefaultSecurityManager(id=33040)>
AC Debugger:   at security-core-services(ddf.security.service.impl.SecurityManagerImpl:95) <instance of ddf.security.service.impl.SecurityManagerImpl(id=33041)>
AC Debugger:   at security-core-services(ddf.security.service.impl.SecurityManagerImpl:72) <instance of ddf.security.service.impl.SecurityManagerImpl(id=33041)>
AC Debugger:   at bundle-0(Proxyead7e43a_d2bc_4c97_9087_b9a0c4bc39cc.getSubject(java.lang.Object)+58) <instance of Proxyead7e43a_d2bc_4c97_9087_b9a0c4bc39cc(id=33042)>
AC Debugger:   at session-management-impl(org.codice.ddf.security.session.management.impl.SessionManagementServiceImpl:118) <instance of org.codice.ddf.security.session.management.impl.SessionManagementServiceImpl(id=33043)>
AC Debugger:   at session-management-impl(org.codice.ddf.security.session.management.impl.SessionManagementServiceImpl:75) <instance of org.codice.ddf.security.session.management.impl.SessionManagementServiceImpl(id=33043)>
AC Debugger:   at session-management-impl(org.codice.ddf.security.session.management.impl.SessionManagementServiceImpl$$Lambda$1626.1713190353.accept(java.lang.Object)+20) <instance of org.codice.ddf.security.session.management.impl.SessionManagementServiceImpl$$Lambda$1626.1713190353(id=33044)>
AC Debugger:   at bundle-0(java.util.concurrent.ConcurrentHashMap$KeySetView:4649) <instance of java.util.concurrent.ConcurrentHashMap$KeySetView(id=33045)>
AC Debugger:   at bundle-0(java.util.Collections$UnmodifiableCollection:1080) <instance of java.util.Collections$UnmodifiableSet(id=33047)>
AC Debugger:   at session-management-impl(org.codice.ddf.security.session.management.impl.SessionManagementServiceImpl:72) <instance of org.codice.ddf.security.session.management.impl.SessionManagementServiceImpl(id=33043)>
AC Debugger:   at bundle-0(Proxy69654c2d_f470_447b_a512_580fd27869b0.getRenewal(javax.servlet.http.HttpServletRequest)+58) <instance of Proxy69654c2d_f470_447b_a512_580fd27869b0(id=33049)>
AC Debugger:   at *security-servlet-session-expiry(org.codice.ddf.security.servlet.expiry.SessionManagementEndpoint:43) <instance of org.codice.ddf.security.servlet.expiry.SessionManagementEndpoint(id=33050)>
AC Debugger:   at bundle-0(sun.reflect.NativeMethodAccessorImpl.invoke0(java.lang.reflect.Method, java.lang.Object, java.lang.Object[])+-1) <class of sun.reflect.NativeMethodAccessorImpl>
AC Debugger:   at bundle-0(sun.reflect.NativeMethodAccessorImpl:62) <instance of sun.reflect.NativeMethodAccessorImpl(id=33052)>
AC Debugger:   at bundle-0(sun.reflect.DelegatingMethodAccessorImpl:43) <instance of sun.reflect.DelegatingMethodAccessorImpl(id=33054)>
AC Debugger:   at bundle-0(java.lang.reflect.Method:498) <instance of java.lang.reflect.Method(id=33055)>
AC Debugger:   at org.apache.cxf.cxf-core(org.apache.cxf.service.invoker.AbstractInvoker:179) <instance of org.apache.cxf.jaxrs.JAXRSInvoker(id=33056)>
AC Debugger:   at org.apache.cxf.cxf-core(org.apache.cxf.service.invoker.AbstractInvoker:96) <instance of org.apache.cxf.jaxrs.JAXRSInvoker(id=33056)>
AC Debugger:   at org.apache.cxf.cxf-rt-frontend-jaxrs(org.apache.cxf.jaxrs.JAXRSInvoker:193) <instance of org.apache.cxf.jaxrs.JAXRSInvoker(id=33056)>
AC Debugger:   at org.apache.cxf.cxf-rt-frontend-jaxrs(org.apache.cxf.jaxrs.JAXRSInvoker:103) <instance of org.apache.cxf.jaxrs.JAXRSInvoker(id=33056)>
AC Debugger:   at org.apache.cxf.cxf-core(org.apache.cxf.interceptor.ServiceInvokerInterceptor$1:59) <instance of org.apache.cxf.interceptor.ServiceInvokerInterceptor$1(id=33057)>
AC Debugger:   at org.apache.cxf.cxf-core(org.apache.cxf.interceptor.ServiceInvokerInterceptor:96) <instance of org.apache.cxf.interceptor.ServiceInvokerInterceptor(id=33058)>
AC Debugger:   at org.apache.cxf.cxf-core(org.apache.cxf.phase.PhaseInterceptorChain:308) <instance of org.apache.cxf.phase.PhaseInterceptorChain(id=33059)>
AC Debugger:   at org.apache.cxf.cxf-core(org.apache.cxf.transport.ChainInitiationObserver:121) <instance of org.apache.cxf.transport.ChainInitiationObserver(id=33060)>
AC Debugger:   at org.apache.cxf.cxf-rt-transports-http(org.apache.cxf.transport.http.AbstractHTTPDestination:267) <instance of org.apache.cxf.transport.servlet.ServletDestination(id=33061)>
AC Debugger:   at org.apache.cxf.cxf-rt-transports-http(org.apache.cxf.transport.servlet.ServletController:234) <instance of org.apache.cxf.transport.servlet.ServletController(id=33062)>
AC Debugger:   at org.apache.cxf.cxf-rt-transports-http(org.apache.cxf.transport.servlet.ServletController:208) <instance of org.apache.cxf.transport.servlet.ServletController(id=33062)>
AC Debugger:   at org.apache.cxf.cxf-rt-transports-http(org.apache.cxf.transport.servlet.ServletController:160) <instance of org.apache.cxf.transport.servlet.ServletController(id=33062)>
AC Debugger:   at org.apache.cxf.cxf-rt-transports-http(org.apache.cxf.transport.servlet.CXFNonSpringServlet:216) <instance of org.apache.cxf.transport.servlet.CXFNonSpringServlet(id=33063)>
AC Debugger:   at org.apache.cxf.cxf-rt-transports-http(org.apache.cxf.transport.servlet.AbstractHTTPServlet:301) <instance of org.apache.cxf.transport.servlet.CXFNonSpringServlet(id=33063)>
AC Debugger:   at org.apache.cxf.cxf-rt-transports-http(org.apache.cxf.transport.servlet.AbstractHTTPServlet:225) <instance of org.apache.cxf.transport.servlet.CXFNonSpringServlet(id=33063)>
AC Debugger:   at javax.servlet-api(javax.servlet.http.HttpServlet:687) <instance of org.apache.cxf.transport.servlet.CXFNonSpringServlet(id=33063)>
AC Debugger:   at org.apache.cxf.cxf-rt-transports-http(org.apache.cxf.transport.servlet.AbstractHTTPServlet:276) <instance of org.apache.cxf.transport.servlet.CXFNonSpringServlet(id=33063)>
AC Debugger:   at org.eclipse.jetty.servlet(org.eclipse.jetty.servlet.ServletHolder:865) <instance of org.eclipse.jetty.servlet.ServletHolder(id=33064)>
AC Debugger:   at org.eclipse.jetty.servlet(org.eclipse.jetty.servlet.ServletHandler$CachedChain:1655) <instance of org.eclipse.jetty.servlet.ServletHandler$CachedChain(id=33065)>
AC Debugger:   at platform-paxweb-jettyconfig(org.codice.ddf.pax.web.jetty.SecurityJavaSubjectFilter:60) <instance of org.codice.ddf.pax.web.jetty.SecurityJavaSubjectFilter(id=33066)>
AC Debugger:   at org.eclipse.jetty.servlet(org.eclipse.jetty.servlet.ServletHandler$CachedChain:1642) <instance of org.eclipse.jetty.servlet.ServletHandler$CachedChain(id=33067)>
AC Debugger:   at platform-paxweb-jettyconfig(org.codice.ddf.pax.web.jetty.ResponseFilter:96) <instance of org.codice.ddf.pax.web.jetty.ResponseFilter(id=33068)>
AC Debugger:   at org.eclipse.jetty.servlet(org.eclipse.jetty.servlet.ServletHandler$CachedChain:1642) <instance of org.eclipse.jetty.servlet.ServletHandler$CachedChain(id=33069)>
AC Debugger:   at platform-paxweb-jettyconfig(org.codice.ddf.pax.web.jetty.CsrfFilter:181) <instance of org.codice.ddf.pax.web.jetty.CsrfFilter(id=33070)>
AC Debugger:   at org.eclipse.jetty.servlet(org.eclipse.jetty.servlet.ServletHandler$CachedChain:1642) <instance of org.eclipse.jetty.servlet.ServletHandler$CachedChain(id=33071)>
AC Debugger:   at platform-paxweb-jettyconfig(org.codice.ddf.pax.web.jetty.ClientInfoFilter:72) <instance of org.codice.ddf.pax.web.jetty.ClientInfoFilter(id=33072)>
AC Debugger:   at org.eclipse.jetty.servlet(org.eclipse.jetty.servlet.ServletHandler$CachedChain:1642) <instance of org.eclipse.jetty.servlet.ServletHandler$CachedChain(id=33073)>
AC Debugger:   at org.eclipse.jetty.websocket.server(org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter:215) <instance of org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter(id=33074)>
AC Debugger:   at org.eclipse.jetty.servlet(org.eclipse.jetty.servlet.ServletHandler$CachedChain:1642) <instance of org.eclipse.jetty.servlet.ServletHandler$CachedChain(id=33075)>
AC Debugger:   at org.eclipse.jetty.servlet(org.eclipse.jetty.servlet.ServletHandler:533) <instance of org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler(id=33076)>
AC Debugger:   at org.ops4j.pax.web.pax-web-jetty(org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler:71) <instance of org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler(id=33076)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.handler.ScopedHandler:146) <instance of org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler(id=33076)>
AC Debugger:   at org.eclipse.jetty.security(org.eclipse.jetty.security.SecurityHandler:513) <instance of org.eclipse.jetty.security.ConstraintSecurityHandler(id=33077)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.handler.HandlerWrapper:132) <instance of org.eclipse.jetty.server.session.SessionHandler(id=33078)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.handler.ScopedHandler:257) <instance of org.eclipse.jetty.server.session.SessionHandler(id=33078)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.session.SessionHandler:1595) <instance of org.eclipse.jetty.server.session.SessionHandler(id=33078)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.handler.ScopedHandler:255) <instance of org.ops4j.pax.web.service.jetty.internal.HttpServiceContext(id=33079)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.handler.ContextHandler:1317) <instance of org.ops4j.pax.web.service.jetty.internal.HttpServiceContext(id=33079)>
AC Debugger:   at org.ops4j.pax.web.pax-web-jetty(org.ops4j.pax.web.service.jetty.internal.HttpServiceContext:293) <instance of org.ops4j.pax.web.service.jetty.internal.HttpServiceContext(id=33079)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.handler.ScopedHandler:203) <instance of org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler(id=33076)>
AC Debugger:   at org.eclipse.jetty.servlet(org.eclipse.jetty.servlet.ServletHandler:473) <instance of org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler(id=33076)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.session.SessionHandler:1564) <instance of org.eclipse.jetty.server.session.SessionHandler(id=33078)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.handler.ScopedHandler:201) <instance of org.ops4j.pax.web.service.jetty.internal.HttpServiceContext(id=33079)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.handler.ContextHandler:1219) <instance of org.ops4j.pax.web.service.jetty.internal.HttpServiceContext(id=33079)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.handler.ScopedHandler:144) <instance of org.ops4j.pax.web.service.jetty.internal.HttpServiceContext(id=33079)>
AC Debugger:   at org.ops4j.pax.web.pax-web-jetty(org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection:80) <instance of org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection(id=33080)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.handler.HandlerWrapper:132) <instance of org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper(id=33081)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.Server:531) <instance of org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper(id=33081)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.HttpChannel:352) <instance of org.eclipse.jetty.server.HttpChannelOverHttp(id=33082)>
AC Debugger:   at org.eclipse.jetty.server(org.eclipse.jetty.server.HttpConnection:260) <instance of org.eclipse.jetty.server.HttpConnection(id=33083)>
AC Debugger:   at org.eclipse.jetty.io(org.eclipse.jetty.io.AbstractConnection$ReadCallback:281) <instance of org.eclipse.jetty.io.AbstractConnection$ReadCallback(id=33084)>
AC Debugger:   at org.eclipse.jetty.io(org.eclipse.jetty.io.FillInterest:102) <instance of org.eclipse.jetty.io.AbstractEndPoint$1(id=33085)>
AC Debugger:   at org.eclipse.jetty.io(org.eclipse.jetty.io.ssl.SslConnection:291) <instance of org.eclipse.jetty.io.ssl.SslConnection(id=33086)>
AC Debugger:   at org.eclipse.jetty.io(org.eclipse.jetty.io.ssl.SslConnection$3:151) <instance of org.eclipse.jetty.io.ssl.SslConnection$3(id=33087)>
AC Debugger:   at org.eclipse.jetty.io(org.eclipse.jetty.io.FillInterest:102) <instance of org.eclipse.jetty.io.AbstractEndPoint$1(id=33088)>
AC Debugger:   at org.eclipse.jetty.io(org.eclipse.jetty.io.ChannelEndPoint$2:118) <instance of org.eclipse.jetty.io.ChannelEndPoint$2(id=33089)>
AC Debugger:   at org.eclipse.jetty.util(org.eclipse.jetty.util.thread.strategy.EatWhatYouKill:333) <instance of org.eclipse.jetty.util.thread.strategy.EatWhatYouKill(id=33090)>
AC Debugger:   at org.eclipse.jetty.util(org.eclipse.jetty.util.thread.strategy.EatWhatYouKill:310) <instance of org.eclipse.jetty.util.thread.strategy.EatWhatYouKill(id=33090)>
AC Debugger:   at org.eclipse.jetty.util(org.eclipse.jetty.util.thread.strategy.EatWhatYouKill:168) <instance of org.eclipse.jetty.util.thread.strategy.EatWhatYouKill(id=33090)>
AC Debugger:   at org.eclipse.jetty.util(org.eclipse.jetty.util.thread.strategy.EatWhatYouKill:126) <instance of org.eclipse.jetty.util.thread.strategy.EatWhatYouKill(id=33090)>
AC Debugger:   at org.eclipse.jetty.util(org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread:366) <instance of org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread(id=33091)>
AC Debugger:   at org.eclipse.jetty.util(org.eclipse.jetty.util.thread.QueuedThreadPool:762) <instance of org.eclipse.jetty.util.thread.QueuedThreadPool(id=33092)>
AC Debugger:   at org.eclipse.jetty.util(org.eclipse.jetty.util.thread.QueuedThreadPool$2:680) <instance of org.eclipse.jetty.util.thread.QueuedThreadPool$2(id=33093)>
AC Debugger:   at bundle-0(java.lang.Thread:748) <instance of java.lang.Thread(name='qtp91134330-515', id=32544)>
AC Debugger: =======================================================================
Exception in thread "pool-2-thread-2" java.lang.InternalError: unable to correlate a domain in the access control context with those computed from the stack : security-core-api
    at org.codice.acdebugger.breakpoints.SecurityCheckInformation.getNextContextDomainIndexNotComputedFromStack(SecurityCheckInformation.java:445)
    at org.codice.acdebugger.breakpoints.SecurityCheckInformation.recomputeFromContext(SecurityCheckInformation.java:455)
    at org.codice.acdebugger.breakpoints.SecurityCheckInformation.recompute(SecurityCheckInformation.java:376)
    at org.codice.acdebugger.breakpoints.SecurityCheckInformation.<init>(SecurityCheckInformation.java:136)
    at org.codice.acdebugger.breakpoints.AccessControlContextCheckProcessor.process(AccessControlContextCheckProcessor.java:117)
    at org.codice.acdebugger.breakpoints.AccessControlContextCheckProcessor.process(AccessControlContextCheckProcessor.java:72)
    at org.codice.acdebugger.impl.BreakpointInfo.process(BreakpointInfo.java:49)
    at org.codice.acdebugger.impl.Debugger$EventSetThread.run(Debugger.java:400)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)

Steps to Reproduce

https://codice.atlassian.net/browse/DDF-4416

Expected behavior:

An access control exception to be logged

Actual behavior:

AC Debugger throws a warning

Reproduces how often:

100% of the time

Version

1.8-SNAPSHOT

Additional Information

Any additional information, configuration or data that might be necessary to reproduce the issue.

paouelle commented 5 years ago

The first 6 domains in the access control context comes from the inherited access control context (ACC) on line AccessControlContext.java:572. The rest are from the stack.

The current ACD implementation assumed that combined domains could only appear after all stack domains but that is not the case.

An ACC may have a privileged ACC, if not than the inherited one is retrieved. If that ACC has a combiner, then it is used and we cannot tell how the domain list can get re-organized. Most will add them after stack domains. But a combiner can change the whole thing by adding and/or removing entries if they want.

If no combiner is associated with the privileged ACC (or inherited ACC), then its domains if any are placed first, followed by stack domains which can be optimized (entries removed if they were already added before).

The implementation should be modified such that we get the pure set of stack domains and if we can find that exact list as is (assuming that entries can be skipped if they were already defined before), then that would be our start of stack domain index. Anything before is assumed to be combined and anything after is also assumed to be combined (as we are doing today). We should keep track of each entry in the computed list if it corresponds to a stack entry as only those can have privileges extended.

Further more, there is a miss-conception that when we are computing solutions and analyzing them, we loose all combined domains when in fact there is no guaranty. We should think about recomputing an actual ACC and recompute the whole thing from there by cleaning the retrieved stack list of domains. This definitely requires a bit more work.