Forbidden fields are now ignored #240
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oracle-contributor-agreement
bot
added
the
OCA Verified
|
Kudos, SonarCloud Quality Gate passed! |
rjeberhard
reviewed
Jan 6, 2023
|
|
||
| private String getProblem(MBeanSelector selector) { | ||
| if (selector.isRequestForPrivilegedProperty()) | ||
| return "You seem to have encountered a bug in the WebLogic REST API.\n" + |
There was a problem hiding this comment.
Can this text come from a resource bundle?
There was a problem hiding this comment.
Actually, nevermind. This is for an internal error. If it's easy then do it, but it's not critical.
There was a problem hiding this comment.
It could; actually, it could probably be removed, since I know have altered the code to exclude it.
rjeberhard
reviewed
Jan 6, 2023
| @@ -24,6 +24,10 @@ | |||
| * @author Russell Gold | |||
| */ | |||
| public class ExporterConfig implements MetricsProcessor { | |||
| // Due to a bug in the WLS REST API, a query that includes this field will fail if not run with admin privileges. | |||
| // The code thus ensures that it is excluded from all queries. | |||
| private static final String[] FORBIDDEN_FIELDS = {"JDBCServiceRuntime:JDBCDataSourceRuntimeMBeans:properties"}; | |||
There was a problem hiding this comment.
Just curious... Is this the only affected field or just the only one that we know about?
There was a problem hiding this comment.
It's the only one we've found so far. But I have written the exclusion code to make it easy to add others if we find them.
rjeberhard
approved these changes
Jan 6, 2023
russgold
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Customer (Jose Luis Molina Dueñas) reported problems:
Requesting metrics from
fails because the mbean contains a field,
properties, which requires admin access.Under some conditions, if a higher-level bean is filtered but no matching keys exist on one server, the request was asking for all beans.
This change attempts to fix both by cleaning up the filtering when there is no match, and by detecting an attempt to request a forbidden field and either removing it from the query if specified, or adding an
excludeFieldselement if the containing bean is specified without values.