search

payara / Payara

Payara Server is an open source middleware platform that supports reliable and secure deployments of Java EE (Jakarta EE) and MicroProfile applications in any environment: on premise, in the cloud or hybrid.
http://www.payara.fish
Other
883 stars 306 forks source link

On multiple deployment @RolesAllowed throwing 401/FISH-6922 #6086

Open thinkgear opened 1 year ago

thinkgear commented 1 year ago

Brief Summary

I am using the latest version of Payara 5.2022.4

I have enabled the monitoring console on the server. So __monitoringconsole app is deployed.

Now when I deploy my war app with @RolesAllowed annotation set on resources, and the below payara-web.xml, everything works fine the first time but raises 401 exception with the below log when I restart the domain/server.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE payara-web-app PUBLIC "-//Payara.fish//DTD Payara Server 4 Servlet 3.0//EN"
        "https://raw.githubusercontent.com/payara/Payara-Documentation/master/docs/modules/ROOT/pages/Appendix/Schemas/payara-web-app_4.dtd">

<payara-web-app>

    <context-root>/</context-root>

    <!-- disable default security @RolesAllowed on payara for realm -->
    <jaxrs-roles-allowed-enabled>false</jaxrs-roles-allowed-enabled>

</payara-web-app>

If I disable monitoring console, everything works fine on restart server also. I don't know why this weird issue.

Maybe this could be the issue: https://github.com/payara/Payara/issues/2841#issuecomment-795114867

Expected Outcome

@RolesAllowed annotation should work as expected and should not raise 401 on domain/server restart.

Current Outcome

[2022-11-29T08:36:23.661+0000] [Payara 5.2022.4] [WARNING] [] [javax.enterprise.system.container.web.com.sun.web.security] [tid: _ThreadID=68 _ThreadName=http-thread-pool::http-listener-1(2)] [timeMillis: 1669710983661] [levelValue: 900] [[
  WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Failed file login for .]]

Request to resource returns 401 unauthorized and the above log in server.log

Reproducer

Enable monitoring console in domain. Deploy a war with @RolesAllowed enabled. Set jaxrs-roles-allowed-enabled to false in payara-web.xml. Access the resource after restarting the server.

Operating System

Ubuntu 22.04

JDK Version

Zulu JDK 1.8.0_352-b08

Payara Distribution

Payara Server Web Profile

thinkgear commented 1 year ago

Any update on this issue?

felixif commented 1 year ago

Hello @thinkgear,

Yes, I managed to reproduce the error on the latest Payara version. It seems to be consistent across multiple environments. I have escalated the issue to the Platform development team, issue identifier: FISH-6922. Apologies for the delay in my response.

thinkgear commented 1 year ago

Thanks for the update @felixif. Hoping for an early resolution.