Bug 208376 - Need better info message when enable-secure-admin needed on remote server
Need better info message when enable-secure-admin needed on remote server
Status: VERIFIED FIXED
Product: serverplugins
Classification: Unclassified
Component: GlassFish
7.2
PC Windows XP
: P3 (vote)
: 7.3
Assigned To: TomasKraus
issues@serverplugins
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-14 09:45 UTC by Jiri Skrivanek
Modified: 2012-10-30 02:35 UTC (History)
1 user (show)

See Also:
Issue Type: DEFECT
:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jiri Skrivanek 2012-02-14 09:45:40 UTC
When enable-secure-admin is not executed on remote GlassFish server and server instance in NetBeans 7.1 is refreshed there is shown info dialog with message 

Authorization failed for __locations on GlassFish Server Remote. Have you run the enable-secure-admin command?

In 7.2 dev builds are shown two messages which not inform user what to do

__locations timed out. 1 of 1
Remote host closed connection during handshake

and exception is printed to IDE log

INFO [glassfish]: __locations timed out. 1 of 1
java.util.concurrent.TimeoutException
	at java.util.concurrent.FutureTask$Sync.innerGet(FutureTask.java:258)
	at java.util.concurrent.FutureTask.get(FutureTask.java:119)
[catch] at org.netbeans.modules.glassfish.common.CommonServerSupport.isReady(CommonServerSupport.java:700)
	at org.netbeans.modules.glassfish.common.CommonServerSupport.isReallyRunning(CommonServerSupport.java:657)
	at org.netbeans.modules.glassfish.common.CommonServerSupport$4.run(CommonServerSupport.java:773)
	at org.openide.util.RequestProcessor$Task.run(RequestProcessor.java:1404)
	at org.openide.util.RequestProcessor$Processor.run(RequestProcessor.java:1984)
INFO [glassfish]: Remote host closed connection during handshake

The message should be as clear as in NetBeans 7.1. To reproduce:

- add remote GlassFish server instance to IDE
- make sure you don't run "asadmin enable-secure-admin" command (run this if needed "asadmin disable-secure-admin")
- start domain
- refresh server instance in IDE and look to IDE log for exception

Product Version: NetBeans IDE Dev (Build 201202120400)
Java: 1.7.0_03; Java HotSpot(TM) Client VM 22.1-b02
System: Windows XP version 5.1 running on x86; Cp1250; en_US (nb)
Comment 1 Vince Kraemer 2012-05-17 19:14:37 UTC
i can reproduce this.
Comment 2 TomasKraus 2012-05-23 09:26:07 UTC
Will take care of this after Tooling SDK will be finished.
org.netbeans.modules.glassfish.common.CommonServerSupport.isReady and also __locations admin command will be moved to this new library so we should verify this scenario using this new code anyway.

Assigning to myself.
Comment 3 TomasKraus 2012-09-17 15:23:30 UTC
Yes, this is problem also in 7.3 - popup window says nothing.
Problem is in command runner output which returned empty message.
Comment 4 TomasKraus 2012-09-18 16:33:28 UTC
I did some deep investigation to see how to verify that server is running with secure admin (HTTPS listener) disabled.

Actual code distinguish local and remote server. Local server has domain directory set while remote has not.
 * Local server query uses HTTP first and if secure admin is enabled, it's redirected to HTTPS.
 * Remote server query uses HTTPS. And here is the problem when there is no HTTPS listener listener enabled. Connect is trying to do some SSL handshake but it ends up waiting on socket read for 5 minutes. After that SSL handshake exception is thrown.

There is also another timeout in [CommonServerSupport].isReallyRunning() method which is 30 seconds only.
With remote server and HTTPS listener disabled [HttpsURLConnection].connect() call is blocked on soclet read for 5 minutes but this task is killed with java.util.concurrent.TimeoutException after 30 seconds.

Unfortunately this timeout has 2 possible meainings:
 * server is not responding at all (probavbly not running)
 * there is an issue with SSL handshake because of HTTPS listener is not enabled

And there is no way to verify which option is the right one with current framework (sun.net.www.protocol.https.HttpsURLConnectionImpl) being used.

I have only 2 options:
 * Raise __locations command timeout to be longer than HttpsURLConnection].connect() timeout -> more than 5 minutes.
 * Display error message pointing to both possible problems - server not responding or secure administration was not enabled

I have some idea how to resolve it in much better way but it would require large changes in admin commands execution framework. Unfortunately this is not possible in 7.3.

Vince, Jiri, if you have a chance to read this comment, please let me know which option sounds better to you.
Comment 5 Vince Kraemer 2012-09-18 16:50:48 UTC
Is there a way to just see if the port is occupied... not http/https... just not connection refused.

If so...

Keep the shorter __locations timeout.  After the timeout, use this 'is the port occupied' test to determine if something is on that port.

If the port is completely empty, then give the server not running message

OTHERWISE

print the 'did you enable-secure-admin' message

There is a slight possibility that there is something that isn't GF running on the port... I do not think we need to dig that deep though.
Comment 6 TomasKraus 2012-09-18 17:19:19 UTC
Remote port availability test means to try TCP/IP connect. It depends if we'll get ICMP or TCP RST back or there will be just black hole.
I have no idea what's default timeout here in Java but it may be around minutes again. I can cut in in some 15 seconds saying there is nothing listening so user will have response in 45 seconds in worst case.
Comment 7 TomasKraus 2012-10-09 16:30:20 UTC
First of all I changed content of popup window which contains just server name. Now it should say much more about exception that was thrown in command runner.
Comment 8 Quality Engineering 2012-10-10 03:04:20 UTC
Integrated into 'main-golden', will be available in build *201210100002* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main-golden/rev/38d3e8f59863
User: Tomas Kraus <TomasKraus@netbeans.org>
Log: #208376 - Popup window should display better messages.
Comment 9 TomasKraus 2012-10-19 15:57:17 UTC
NetBeans web-main:
------------------
changeset:   236592:bf00d0871844
summary:     #20837 - Complete isReady() method refactoring, added admin port
             check and missing enable-secure-admin command warning

This will introduce missing info dialog again.

I also did complete isReady() method refactoring to split it into more methods and added a lot of javadocs there. Hope it will be more human readable now.

Unfortunately isReady() method is still quite long.

I would like to rewrite this code from scratch in next releae to run all those port checks and admin commands in parallel and make significant total timeout decrease.
Comment 10 TomasKraus 2012-10-19 16:16:55 UTC
Pushed to web-main, closing this bug.
Comment 11 TomasKraus 2012-10-29 15:19:56 UTC
NetBeans web-main:
------------------
changeset:   237538:cf3edeac6ae9
summary:     #208376 - enable-secure-admin info message will show
             for remote server only

This message makes no sense for local server where secure admin is not required.
Comment 12 Quality Engineering 2012-10-30 02:35:32 UTC
Integrated into 'main-golden', will be available in build *201210300001* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress)
Changeset: http://hg.netbeans.org/main-golden/rev/cfe386de862e
User: Tomas Kraus <TomasKraus@netbeans.org>
Log: #208376 - Info message makes sense only for remote servers.


By use of this website, you agree to the NetBeans Policies and Terms of Use. © 2014, Oracle Corporation and/or its affiliates. Sponsored by Oracle logo