Closed glassfishrobot closed 11 years ago
glassfishrobot
commented
6 years ago glassfishrobot
commented
11 years ago @glassfishrobot Commented @tjquinno said: A few more details about this...
At least part of this problem is because the domain.xml configuration does not contain the element for <audit-module name="default"...> in the
The 3.1.2.2 domain.xml contained it. I've opened a separate issue for that problem which is now blocking this one.
Part of the test's "setup" target tries to run
set server-config.security-service.audit-module.default.property.auditOn=true
but the
...
<configs>
<config name="server-config>
...
<security-service>
...
<audit-module name="default"...>is not in domain.xml so the test reports
[exec] Command set failed. [exec] remote failure: No configuration found for server-config.security-service.audit-module.default.property.auditOn
In 3.1.2.2 there was an explicit section for this "default" audit-module, present but disabled.
That's the topic of the other issue I opened #20160
glassfishrobot
commented
11 years ago @glassfishrobot Commented @tjquinno said: I am reassigning this to the web container team.
I have a fix in my workspace for the related issue #20160 but that does not fix the failing test.
The output Sonia is seeing is the same that I saw. The test finds the auditing messages as expected for authentication, EJB invocation, web services invocation, and start-up and shutdown. It's just the web invocation notifications that are not recorded as the test expects. That implies that the audit class is being plugged in correctly but there is something specific to the web invocations that is skipping the auditing.
I even enabled the default auditor using
asadmin set server-config.security-service.audit-module.default.property.auditOn=true asadmin set server-config.security-service.audit-enabled=true
and a breakpoint at the com.sun.enterprise.security.ee.Audit#webInvocation method was never reached, even though a breakpoint at (for example) serverShutdown was.
glassfishrobot
commented
11 years ago @glassfishrobot Commented @shingwaichan said: There is a mismatch in security auditing code. In AuditManager and AuditModule, we have webInvocation(String user, Object req, String type, boolean success); In Audit, we have webInvocation(String user, HttpServletRequest req, String type, boolean success);
In v3, we have always HttpServletRequest in the second argument. And SQE is implementing the latter method. This explains why it is not invoked.
This changes is introduced in svn 48354 with the following comments: "Cleaning up security/core by moving EE specific classes to core-ee. Pre-Req for integrating security/core into nucleus. Ran QL".
glassfishrobot
commented
11 years ago @glassfishrobot Commented @shingwaichan said: The AuditModule and AuditModule have moved to nucleus/security/core which does not depend on javax.servlet-api in this moment.
glassfishrobot
commented
11 years ago @glassfishrobot Commented @tjquinno said: If I understand correctly, the change in rev. 48354 changed the type of the second argument in AuditModule#webInvocation from HttpServletRequest to Object (because a subsequent change moved AuditModule (and AuditManager) from appserver into nucleus where HttpServletRequest would not be available).
The SQE class sqe/apserver-sqe/pe/security/auditmodule/simple/src/SQEPluggableAuditModule.java which extends AuditModule did (and still does) contain this method
public void webInvocation(String user, HttpServletRequest req, String type, boolean status)
which used to override the same-named method in AuditModule but no longer does because of the change in the signature of the method in AuditModule.
So it seems that the fix for this is for the SQE test class to:
1. change the signature of its method to
public void webInvocation(String user, Object req, String type, boolean status)
then check and cast the type of "req" to HttpServletRequest, and
2. add @Override to the methods that it overrides from AuditModule so that any changes like this in the future would result in errors when compiling the test class rather than runtime errors that are harder to track down.
So I have changed the component to "test" and reassigned this to Sonia.
glassfishrobot
commented
11 years ago @glassfishrobot Commented @shingwaichan said: In v3 and possibly earlier, com.sun.appserv.security.AuditModule is a public interface. See for instance, http://docs.oracle.com/cd/E19355-01/820-4282/beabw/index.html . Users create their own audit class by extending AuditModule. With the new interface change, it will introduce a backward incompatibility here for user.
glassfishrobot
commented
11 years ago @glassfishrobot Commented @tjquinno said: Looks like this one's coming back to me.
glassfishrobot
commented
11 years ago @glassfishrobot Commented @tjquinno said:
What is the impact on the customer of the bug? Regression. A published API has changed, breaking compatibility. At least one SQE test fails that tests the public API fails.
What is the cost/risk of fixing the bug? The fix is conceptually simple but moderate in practice. We have had to move the publicly documented classes from nucleus into an appserver module (to restore the broken API which depends on the servlet-api module). But some of the behavior had to remain in nucleus, and this required new base classes in nucleus which the moved classes could extend, changes in nucleus so references to the moved classes became references to the new base classes, a new service in the app server that extends a nucleus service, and changing some injection sites in the app server to inject this new app server service instead of the nucleus service.
Is there an impact on documentation or message strings? The current documentation does not identify which module a user needs to build against when extending one of the published classes, but it should so there probably should be a doc change – not because of the fix but because the earlier doc was incomplete anyway.
Which tests should QA (re)run to verify the fix did not destabilize GlassFish? SQE tests.
Which is the targeted build of 4.0 for this fix? b85
If this an integration of a new version of a component from another project, what are the changes that are being brought in? n/a
glassfishrobot
commented
11 years ago @glassfishrobot Commented @tjquinno said: I would have attached this as a separate document if I could, so I'm just including it as a long comment instead. This is a description of the underlying problem and the solution approach I sent to the reviewers.
General problem:
In 2011, in the early days of GlassFish 4.0, a lot of work went into separating nucleus-only code from app server code.
One class affected was the abstract class com.sun.appserv.security.AuditModule. In GF 3.x this class's webInvocation method accepted an argument of type HttpServletRequest. Because no nucleus module should depend on the servlet API module (which defines HttpServletRequest) that argument was changed to be of type Object as part of the nucleus/appserver separation.
This allowed the nucleus module to compile without depending on the servlet API module, but it also changed the public interface and therefore broke backward compatibility. These changes correct that.
How Auditing Works (basically) Today
Nucleus contains the AuditManager class (a @Service) which records what AuditModules are configured. Both nucleus and EE components @Inject AuditManager and then invoke its methods to report audited events. AuditManager then broadcasts the events to the registered AuditModules.
General idea of the solution
Restoring the AuditModule API to its published form requires moving it to an appserver module that depends on the servlet-api module, and that means that AuditManager (in nucleus) would not see it. So we need to do more.
Basically we need to:
1. Move the package com.sun.appserv.security and all its classes (they are all publicly documented) from nucleus/security/core to appserver/common/glassfish-api-ee.
2. Nucleus still needs to refer to at least some methods on each of those classes, so create new base classes for each in nucleus/security/core (which the com.sun.appserv.security classes extend) and have nucleus refer to the base classes.
Conceptually, that's all. The details are quite a bit more involved. Here are the details:
1. Move the publicly-documented classes.
a. Move the com.sun.appserv.security package (and its classes) from nucleus/security/core to appserver/common/glassfish-api-ee, adjusting both osgi.properties files accordingly. The other classes in that package (AppservCertificateLoginModule, AppservPasswordLoginModule, AppservRealm, and ProgrammaticLoginPermission) are not EE-specific but they are also publicly documented as being in that package so they move too to avoid split packages. b. For each class AppservX in com.sun.appserv.security create a nucleus counterpart BaseX in nucleus/security/core in package com.sun.enterprise.security and have AppservX extend BaseX. (The base class for ProgrammaticLoginPermission is BaseProgrammaticLoginPermission.) In each case move any non-EE methods to the base class. c. Change all nucleus code that refers to any moved class so it refers to the base class instead. This preserves the effective public API of each of the com.sun.appserv.security classes.
2. Deal with the AuditManager class. Nucleus and app server code used to @Inject the AuditManager class.
a. Convert AuditManager to a @Contract interface that specifies only nucleus-related methods. b. Put the nucleus-related code from the old AuditManager class into the nucleus @Service BaseAuditManager which implements the new AuditManager interface. c. Put the EE-specific code from the old AuditManager class into the new app server @Service AppServerAuditManager which extends BaseAuditManager (and therefore also implements AuditManager) and has a higher @Rank than BaseAuditManager. At runtime hk2 will prefer the app server AuditManager implementation and inject it at "@Inject AuditManager" sites as well as at "@Inject AppServerAuditManager" sites in app server modules. d. Nucleus code that currently uses AuditManager uses BaseAuditManager instead. e. Change app server code that used to inject AuditModule to inject @AppServerAuditManager so it can invoke the EE-specific methods.
Modules affected:
appserver/common/glassfish-ee-api This module now hosts the com.sun.appserv.security package which used to reside in main/nucleus/security/core. The classes simply extend their new nucleus superclasses which are now in nucleus/security/core but in package com.sun.enterprise.security. Updated osgi.bundle accordingly.
appserver/ejb/ejb-container Change old references to AuditManager to AppServerAuditManager instead.
appserver/security/core-ee Added the com.sun.enterprise.security.ee.audit package to host AppServerAuditManager. Updated osgi.bundle accordingly.
appserver/security/webservices.security Change old references to AuditManager to AppServerAuditManager.
nuclues/security/core The com.sun.appserv.security package is gone, moved to appserver/common/glassfish-ee-api. New classes in the com.sun.enterprise.security package are the base superclasses for those moved classes. Change previous references to the moved classes to their new base class counterparts.
Here is the list of svn changes that make up this change:
A main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservRealm.java A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservPasswordLoginModule.java A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservCertificateLoginModule.java A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/ProgrammaticLoginPermission.java A + main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AuditModule.java M main/appserver/common/glassfish-ee-api/osgi.bundle M main/appserver/common/glassfish-ee-api/pom.xml M main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java M main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/factory/EJBSecurityManagerFactory.java A main/appserver/security/core-ee/src/main/java/com/sun/appserv A main/appserver/security/core-ee/src/main/java/com/sun/appserv/security A main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit A + main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/LocalStrings.properties A + main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/AppServerAuditManager.java M main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/web/integration/WebSecurityManager.java M main/appserver/security/core-ee/osgi.bundle M main/appserver/security/core-ee/pom.xml M main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/WebServiceSecurity.java M main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/SecurityServiceImpl.java M main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/jmac/provider/config/PipeHelper.java D main/nucleus/security/core/src/main/java/com/sun/appserv/security D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AppservRealm.java D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AppservCertificateLoginModule.java D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AppservPasswordLoginModule.java D main/nucleus/security/core/src/main/java/com/sun/appserv/security/ProgrammaticLoginPermission.java D main/nucleus/security/core/src/main/java/com/sun/appserv/security/AuditModule.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseAuditModule.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseCertificateLoginModule.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/realm/IASRealm.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/PasswordLoginModule.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/LoginContextDriver.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseProgrammaticLoginPermission.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/LocalStrings.properties M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/AuditManager.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/BaseAuditManager.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityLifecycle.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseRealm.java A + main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BasePasswordLoginModule.java M main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityConfigListener.java M main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/realm/IASRealm.java M main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/login/PasswordLoginModule.java A main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit A + main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit/LocalStrings.properties M main/nucleus/security/core/osgi.bundle
glassfishrobot
commented
11 years ago @glassfishrobot Commented @tjquinno said: Fix checked in:
Project: glassfish Repository: svn Revision: 61370 Author: tjquinn Date: 2013-04-11 18:42:02 UTC Link:
Fix for #19943 tests failed in GF4.0")
In 2011, in the early days of GlassFish 4.0, a lot of work went into separating nucleus-only code from app server code.
One class affected was the abstract class com.sun.appserv.security.AuditModule. In GF 3.x this class's webInvocation method accepted an argument of type HttpServletRequest. Because no nucleus module should depend on the servlet API module (which defines HttpServletRequest) that argument was changed to be of type Object as part of the nucleus/appserver separation.
This allowed the nucleus module to compile without depending on the servlet API module, but it also changed the public interface and therefore broke backward compatibility. These changes correct that by, basically, moving the com.sun.appserv.security package from the nucleus/security/core module into appserver/common/glassfish-api-ee, but there is much more to it than that. Please see the issue where I've described in detail everything that's going on with this checkin.
Approved: Michael Chen Reviewed: Jeff T (security changes), Marina (ejb changes), Romain (pom.xml and osgi.bundle changes) Passed QL, the SQE test which failed before these changes, GlassFish admin dev tests, ejb dev tests, deploymenet dev tests
61370
trunk/main/nucleus/security/core/osgi.bundle trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/realm/IASRealm.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/LoginContextDriver.java trunk/main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/WebServiceSecurity.java trunk/main/appserver/security/core-ee/osgi.bundle trunk/main/appserver/common/glassfish-ee-api/pom.xml trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/auth/login/PasswordLoginModule.java trunk/main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/application/EJBSecurityManager.java trunk/main/appserver/ejb/ejb-container/src/main/java/org/glassfish/ejb/security/factory/EJBSecurityManagerFactory.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/AuditManager.java trunk/main/appserver/security/core-ee/pom.xml trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityConfigListener.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/SecurityLifecycle.java trunk/main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/login/PasswordLoginModule.java trunk/main/appserver/common/glassfish-ee-api/osgi.bundle trunk/main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/jmac/provider/config/PipeHelper.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/LocalStrings.properties trunk/main/appserver/security/webservices.security/src/main/java/com/sun/enterprise/security/webservices/SecurityServiceImpl.java trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/web/integration/WebSecurityManager.java trunk/main/nucleus/security/core/src/main/java/com/iplanet/ias/security/auth/realm/IASRealm.java
trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseRealm.java trunk/main/appserver/security/core-ee/src/main/java/com/sun/appserv trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseProgrammaticLoginPermission.java trunk/main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit trunk/main/nucleus/security/core/src/main/resources/com/sun/enterprise/security/audit/LocalStrings.properties trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/LocalStrings.properties trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BasePasswordLoginModule.java trunk/main/appserver/security/core-ee/src/main/java/com/sun/appserv/security trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservPasswordLoginModule.java trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservCertificateLoginModule.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseAuditModule.java trunk/main/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/audit/AppServerAuditManager.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/BaseCertificateLoginModule.java trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/audit/BaseAuditManager.java trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AppservRealm.java trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/AuditModule.java trunk/main/appserver/common/glassfish-ee-api/src/main/java/com/sun/appserv/security/ProgrammaticLoginPermission.java
glassfishrobot
commented
11 years ago @glassfishrobot Commented Issue-Links: depends on GLASSFISH-20160
glassfishrobot
commented
7 years ago @glassfishrobot Commented This issue was imported from java.net JIRA GLASSFISH-19943
glassfishrobot
commented
11 years ago @glassfishrobot Commented Reported by sonialiu
glassfishrobot
commented
11 years ago @glassfishrobot Commented Marked as fixed on Thursday, April 11th 2013, 11:48:45 am
There are 4 tests failed in Audit module. Steps to reproduce the bug:
1. Install GF4.0, start domain 2. Checkout SQE workspace: cvs co appserver-sqe/bootstrap.xml (CVSROOT: :pserver:@sunsw.us.oracle.com:/m/jws
cd appserver-sqe
ant -f bootstrap.xml co-security
3.set following env. variables
S1AS_HOME , for example: /export/sonia/v4/glassfish4/glassfish
SPS_HOME , for example: /export/sonia/appserver-sqe
ANT_HOME , for example: /export/sonia/ant-1.7.1
JAVA_HOME , for example: /export/sonia/jdk1.7.0_04
4. cd /appserver-sqe/, run "ant startDerby" to start derby database
5. cd /appserver-sqe/pe/security/auditmodule/, run "ant v3". The following tests failed
update-j2ee-status-searchstrings:
[java] WS HOME appserver-sqe
[java] ====>isPositive property is true
[java] Check for expected string in actual file
[java] Expected String:SQEPluggableAuditModule::authentication(testuser3,file,true) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::authentication(j2ee,file,false) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::webInvocation(null,null,null,hasUserDataPermission,true) NOT found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::webInvocation(testuser3,BASIC,testuser3,hasResourcePermission,true) NOT found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::webInvocation(null,null,null,hasUserDataPermission,true) NOT found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::webInvocation(j2ee,BASIC,j2ee,hasResourcePermission,false) NOT found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::ejbInvocation(j2ee,MethodPermissionsBean,public abstract com.sun.s1peqe.security.authoriz.methodperms.MethodPermRemote com.sun.s1peqe.security.authoriz.methodperms.MethodPermRemoteHome.create(java.lang.String) throws java.rmi.RemoteException,javax.ejb.CreateException,true) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::ejbInvocation(j2ee,MethodPermissionsBean,public abstract java.lang.String com.sun.s1peqe.security.authoriz.methodperms.MethodPermRemote.authorizedMethod(java.lang.String,int) throws java.rmi.RemoteException,true) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::ejbInvocation(j2ee,MethodPermissionsBean,public abstract java.lang.String com.sun.s1peqe.security.authoriz.methodperms.MethodPermRemote.sayGoodbye() throws java.rmi.RemoteException,false) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::ejbAsWebServiceInvocation(StateTaxIFPort,true) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::webServiceInvocation(/TaxCalWSServlet/statetaxservlet,StateTaxIFPort,true) found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::serverStarted()...invoked after server started found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Expected String:SQEPluggableAuditModule::serverShutdown()...invoked after server shutdown found in file /export/sonia/v4/glassfish4/glassfish/domains/domain1/logs/sqeaudit.log
[java] Generating report at /export/sonia/appserver-sqe/test_results.xml
[java]
[java]
[java] -----------------------------------------
[java] - Audit ejbAsWebServiceInvocation callback-ejbws: PASS -
[java] - Audit ejbInvocation callback-authuser-2: PASS -
[java] - Audit authentication callback-validuser: PASS -
[java] - Audit webInvocation callback-authuser-res: FAIL -
[java] - Audit webInvocation callback-unauthuser-data: FAIL -
[java] - Audit webServiceInvocation callback-servletws: PASS -
[java] - Audit webInvocation callback-authuser-data: FAIL -
[java] - Audit webInvocation callback-unauthuser-res: FAIL -
[java] - Audit serverStarted callback-Started: PASS -
[java] - Audit ejbInvocation callback-authuser: PASS -
[java] - Audit authentication callback-invaliduser: PASS -
[java] - Audit serverShutdown callback-Shutdown: PASS -
[java] - Audit ejbInvocation callback-unauthuser: PASS -
[java] -----------------------------------------
[java] Total PASS: 9
[java] Total FAIL: 4
[java] Total DNR: 0
– It seems to me that the audit module is not properly loaded by container, otherwise the audit module will write to the file and messages should be displayed in server.log. These tests were passing in V3.x and failed for GF4.0 only. The test expect to see following messages: PluggableAuditModule Audit webInvocation callback-authuser-data|SQEPluggableAuditModule::webInvocation(null,null,null,hasUserDataPermission,true)| PluggableAuditModule Audit webInvocation callback-authuser-res|SQEPluggableAuditModule::webInvocation(testuser3,BASIC,testuser3,hasResourcePermission,true)| PluggableAuditModule Audit webInvocation callback-unauthuser-data|SQEPluggableAuditModule::webInvocation(null,null,null,hasUserDataPermission,true)| PluggableAuditModule Audit webInvocation callback-unauthuser-res|SQEPluggableAuditModule::webInvocation(j2ee,BASIC,j2ee,hasResourcePermission,false)|
Environment
build 80 OEL5.8