Jump to content
The ibi Community has moved to a new platform: Please Sign In and choose Forgot Password to continue

Well guys I hit an odd thing where I went to go put somethin...


Toby Mills

Recommended Posts

Well guys

I hit an odd thing where I went to go put something in My Content after upgrading and got a security error saying I was trying to mess with ~otheruserbesidesme in the path name.

Its hard to get the new interface to show your user ID and the full paths so I went to legacy view to get these screenshots:

Ilias worked at this site before I did and hasnt signed in here for a while. But on signin - somehow Im getting pointed to his ID.

 

When I try to right-click and check Properties I get a security error:

 

Ive never seen it get confused like that.

I thought maybe somehow I was logged in as Ilias but nope - Im logged in as me:

 

Also checked to make sure my name was on the right user ID and it is.

Wanted to pass this along as something to watch out for.

I feel like Ill need to open a case around this, but really we dont use the My Content to speak of, so its not terribly important to me.

Let me see what I can collect and Ill try opening a case tomorrow if I cant find a good easy fix (as opposed to me manually messing with the repository).

Link to comment
Share on other sites

Some news. On Signin, Errors in my event log right after the config parameters are done listing and you get the message about

Done deleting old logs and traces

[2022-01-04 20:49:12,208] ERROR [ajp-nio-127.0.0.1-8009-exec-14:IBFSPersistenceHelper] toby.mills - ipAddr= 192.22.1.16 UrlID= URL0 URL= "http://devmachine8c1.local/ibi_apps/service/wf_security_check.jsp"

[2022-01-04 20:49:12,208] ERROR [ajp-nio-127.0.0.1-8009-exec-14:IBFSPersistenceHelper] toby.mills - Failed to execute: IBSSResourceDB.hierarchicalQueryCTE

javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.7.8.v20201217-ecdf3c32c4): org.eclipse.persistence.exceptions.DatabaseException

Internal Exception: com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near 'ur_subordinates'.

Error Code: 102

Call: WITH RECURSIVE ur_subordinates AS (SELECT ID, CASCADEINCLUDES, CASCADESERVER, LINKID, NAME, OWNERID, OWNERTYPE, PARENTID, SHARES FROM UOA_RESOURCES WHERE PARENTID = UNION SELECT u.ID, u.CASCADEINCLUDES, u.CASCADESERVER, u.LINKID, u.NAME, u.OWNERID, u.OWNERTYPE, u.PARENTID, u.SHARES FROM UOA_RESOURCES u INNER JOIN ur_subordinates s ON s.ID = u.PARENTID) SELECT * FROM ur_subordinates

bind => [1 parameter bound]

Query: ReadAllQuery(name="IBSSResourceDB.hierarchicalQueryCTE" referenceClass=IBSSResourceDB sql="WITH RECURSIVE ur_subordinates AS (SELECT ID, CASCADEINCLUDES, CASCADESERVER, LINKID, NAME, OWNERID, OWNERTYPE, PARENTID, SHARES FROM UOA_RESOURCES WHERE PARENTID = UNION SELECT u.ID, u.CASCADEINCLUDES, u.CASCADESERVER, u.LINKID, u.NAME, u.OWNERID, u.OWNERTYPE, u.PARENTID, u.SHARES FROM UOA_RESOURCES u INNER JOIN ur_subordinates s ON s.ID = u.PARENTID) SELECT * FROM ur_subordinates")

 

Some research suggests maybe the query is incorrect, but if that were true, Id expect this to be a bigger deal.

Ill see if I can locate a good trace to turn on to see if I can get more info.

If anybody has ideas about the EclipseLink-4002 with an Error Code of 102, let me know.

Ive tried stopping all services on all clients and then wiping tomcats work localhost folder to make the webapp redeploy. No help there.

Checking our QA environment, I see the same error.

I wonder if theres something going on with our Servlet filter we use for authentication (authorization comes from WFRS Custom SQL provider). I should undo that security and see if this still occurs.

If you have put on the .06, would one of you guys look in your event.log to see if you also get this error It may be related to me getting the wrong users My Workspace since the errors talk about heirarchy

Thanks!

Link to comment
Share on other sites

Thanks Brian

Im finally done with meetings and able to get back to this. I tried a few variations to see if I could get this to go away but no luck.

Our My Workspaces are swapped between 2 of us.

Were lucky that this is not bothering the rest of my testing so far. Our domain tree looks normal.

But the my content part is a drag for now.

Ill post here if I get any info thats helpful.

Time to package up files for a case.

Case opened Log files uploaded.

Link to comment
Share on other sites

We discovered other issues along with what you are describing. One of the main issues is that all users can see all my content folderrs. We opened a case on this. The event logs show some problems with a few of the Webfocus Jar files

We were told by the Gold support staff on our bi-weekly call that this is a known issue and the offending code has been identified. We were also told this would be delivered via an 8207.28.07 release. (not to be confused with the 8207.0.hotfix04 that was posted today.

This release is supposed to be available the first part of next week

Link to comment
Share on other sites

On a related issue, we did a side by side comparrison of 8207.28.04 (that had not been upgraded) to one that had been upgraded to 8207.28.06. Problem was introduced in the 8207.28.06 release.

For those interested, on the WFRS side of things the log4j files in the ibi/home directory now have the version number removed from the file name.

Link to comment
Share on other sites

Thanks for the info on the timing of a release David.

Adrian told me yesterday he didnt have a time yet.

He also told me that the error would appear whether I did an upgrade or fresh install so no point in doing the fresh install I was going to try.

Not looking forward to reinstalling and reconfiguring our custom servlet filter, but Ill be happy to have the new one. I wonder if theyll package the apache log4j 2.17.1 as long as theyre at it Thatll get us past all 4 of the recently identified vulnerabilities if they include that.

Link to comment
Share on other sites

I agree - the release notes sure make it sound like its supposed to have all the parts were waiting on, and it looks like the My Content issue related to 8207.28.06 has been addressed:

 

 

Closed Issues in 8207.28.0_HF-007 (This release)

CLRPT-3234

Multiple instances of My Content folders appear after upgrading to TIBCO WebFOCUS 8207.28.06.

 

And its telling us that it contains log4j 2.17.1 which we want.

Maybe they just put the real release out under the hotfix area

It sure appears by the readme that this is something with an installer:

 

image.png892477 13.8 KB

 

No lengthy description of individual jars this time.

Do you think they mean that Im on 8207.28.06 now, and this hotfix with the installer is going to get us to 8207.28.07

Sure sounds like its got the parts I need. I guess Ill just try downloading it and running the installers on on VM to see what happens. Gotta wait till tomorrow to get a snapshot of my VM before I try this. 10 machines to update again

Link to comment
Share on other sites

I think we should try to understand what the word Hotfix means. I think in the past, this meant something less than a complete release. David and JNC have been around the business end way longer than me.

My understanding was that there were releases and these had installers. hotfixes on the other hand, were patches made to the existing releases. Generally speaking, the hotfixes were pretty targeted to a particular set of issues that were of high enough priority to try to get a fix out quicker to the customers that were affected. It was not unheard of to have these be individual files where we had to unjar, copy some file in, then re-jar the applications.

Seperately there are Private Fixes that are made specifically for certain customers needing certain things.

But releases were pretty straightforward. Youd be on 8007 and upgrade to 8009 or you might be 8007 with various hotfixes applied (Im trying to remember some of my customers setup).

Currently, its hard to tell whats what. It seems like maybe the idea is that 8207.28 is the major release. Any subsequent patches become hotfixes and end up after the .28. The hotfixes might be jar files to copy in manually, or they might have installers as the .06 release was. This newest thing (.07) being called a hotfix uses an installer too.

Itd be nice to have TIBCO just tell us that the numbers following the .28 represent hotfixes - or just make them a new release. When you go to the product download page, I think this should say you get the .07 release - presently it still says .06.

The way its being done now is not real intuitive (at least for me old brain).

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
  • Create New...