[JBoss JIRA] Created: (JBESB-2000) Service secured by certificate allows processing of non-secured message
by Jiri Pechanec (JIRA)
Service secured by certificate allows processing of non-secured message
-----------------------------------------------------------------------
Key: JBESB-2000
URL: https://jira.jboss.org/jira/browse/JBESB-2000
Project: JBoss ESB
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Rosetta, Web Services
Affects Versions: 4.4
Reporter: Jiri Pechanec
I took webservice_producer_secure test and removed the binary token from the message to be delivered
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:good="http://webservice_producer/goodbyeworld">
<soapenv:Body>
<good:sayGoodbye>
<message>Goodbye!!</message>
</good:sayGoodbye>
</soapenv:Body>
</soapenv:Envelope>
I sent the message and I received the following log output
2008-09-08 15:57:47,404 INFO [STDOUT] Subject : Subject:
Principal: CN=Daniel Bevenius, OU=JBoss, O=Red Hat, L=Stockholm, ST=Stockholm, C=SE
Principal: [groupName=Roles, members=[[roleName=adminRole]]]
Public Credential:
X.509 Cert Path: length = 1.
[
=========================================================Certificate 1 start.
[
[
Version: V1
Subject: CN=Daniel Bevenius, OU=JBoss, O=Red Hat, L=Stockholm, ST=Stockholm, C=SE
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: 96394299007685713994561177305073714490667979701493101401287029609141406861260879512426765285612012165595912063457551494088923115022429026678765488144518428272539742307006497380494458284715504722740091896431880919504876830696069111637705579321597763064103918824087523754146266813912176353706311845945277748163
public exponent: 65537
Validity: [From: Wed Aug 13 15:25:44 CEST 2008,
To: Sat Dec 29 14:25:44 CET 2035]
Issuer: CN=Daniel Bevenius, OU=JBoss, O=Red Hat, L=Stockholm, ST=Stockholm, C=SE
SerialNumber: [ 48a2e0d8]
]
Algorithm: [MD5withRSA]
Signature:
0000: 30 B3 97 48 17 01 8D 31 CA C7 47 90 A3 5D C1 A0 0..H...1..G..]..
0010: 43 CE 58 9B 2C FC F6 CE 66 87 72 2B 7C E3 5A 95 C.X.,...f.r+..Z.
0020: 9F 4E 69 FC 8D 60 B1 B5 15 BC 43 E1 EA 2F C3 8F .Ni..`....C../..
0030: 9E EF 74 4F 97 EB AB 0F 6C 8D FA B9 98 AA C9 6A ..tO....l......j
0040: 84 AF AC 2F 08 90 ED 69 36 E1 48 B9 9C 92 4E E2 .../...i6.H...N.
0050: A1 7C 0B BD D2 84 43 5E 74 30 F0 6C 8D 64 51 9C ......C^t0.l.dQ.
0060: 51 8D B5 98 6B 41 F8 E8 D2 AF 2C 78 B8 74 92 07 Q...kA....,x.t..
0070: 28 9D B7 CD E2 91 E5 95 F3 64 24 F7 1D 48 1B E2 (........d$..H..
]
=========================================================Certificate 1 end.
]
Private Credential: javax.security.auth.x500.X500PrivateCredential@137c653
2008-09-08 15:57:47,429 INFO [STDOUT] **** SOAPRequest perhaps mediated by ESB:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:good="http://webservice_producer/goodbyeworld">
<soapenv:Body>
<good:sayGoodbye>
<message>Goodbye!!</message>
</good:sayGoodbye>
</soapenv:Body>
</soapenv:Envelope>
2008-09-08 15:57:47,429 INFO [STDOUT] Web Service Parameter - message=Goodbye!!
I expect that the message should be rejected because it is not authenticated.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 10 months
[JBoss JIRA] Created: (JBESB-1918) Implementation of ScriptingAction is inefficient and incomplete
by Jiri Pechanec (JIRA)
Implementation of ScriptingAction is inefficient and incomplete
---------------------------------------------------------------
Key: JBESB-1918
URL: https://jira.jboss.org/jira/browse/JBESB-1918
Project: JBoss ESB
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Rosetta
Affects Versions: 4.4
Reporter: Jiri Pechanec
Fix For: 4.2.1 CP4
The ScriptingAction should be polished for beter perfromance and functionality as Groovy scripting action
- BSFManager should be created in intialize(), not process() method (credit goes to Kevin :-))
- The script reload should be supported
- Is it necessary to process BSF config file? Cannot we use getLangFromFilename method?
- It should be probably stated in the docs that for compiled scriping languages it is not guranteed that the compliation is done only once which can lead to performance degradation - native action can be preferred in such case
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 10 months
[JBoss JIRA] Created: (JBESB-1985) EBWS - One-way MEP is not supported
by Jiri Pechanec (JIRA)
EBWS - One-way MEP is not supported
-----------------------------------
Key: JBESB-1985
URL: https://jira.jboss.org/jira/browse/JBESB-1985
Project: JBoss ESB
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Rosetta, Web Services
Affects Versions: 4.4
Reporter: Jiri Pechanec
Priority: Critical
I tried to set-up service with one-way MEP. I used two methods to achieve it
1) RequestReply ESB service without outXsd
<service
category="ESBServiceSample"
name="RequestReplyCrippled"
description="Hello world ESB Service" invmScope="GLOBAL">
<actions mep="RequestResponse" inXsd="/request.xsd" faultXsd="/fault.xsd">
<action name="action"
class="org.jboss.soa.esb.samples.quickstart.ebws.MyJMSListenerAction"
process="displayMessage"
/>
</actions>
</service>
This service generates correct WSDL
<wsdl:operation name='RequestReplyCrippledOp'>
<wsdl:input message='tns:RequestReplyCrippledReq' name='RequestReplyCrippledReq'></wsdl:input>
<wsdl:fault message='tns:RequestReplyCrippledFault1' name='fault1'></wsdl:fault>
</wsdl:operation>
But the SOAP reply is incorrect
<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'><env:Header></env:Header><env:Body><say:sayHiResponse xmlns:say='http://www.jboss.org/sayHi'><say:arg0>Response from ESB Service</say:arg0></say:sayHiResponse></env:Body></env:Envelope>
2) OneWay ESB service without outXsd
<service
category="ESBServiceSample"
name="OneWay"
description="Hello world ESB Service" invmScope="GLOBAL">
<actions mep="OneWay" inXsd="/request.xsd" faultXsd="/fault.xsd">
<action name="action"
class="org.jboss.soa.esb.samples.quickstart.ebws.MyJMSListenerAction"
process="displayMessage"
/>
</actions>
</service>
This service generates correct WSDL
<wsdl:portType name='OneWayPortType'>
<wsdl:operation name='OneWayOp'>
<wsdl:input message='tns:OneWayReq' name='OneWayReq'></wsdl:input>
</wsdl:operation>
</wsdl:portType>
But the server throws an exception
2008-09-04 11:47:39,944 ERROR [org.jboss.wsf.stack.jbws.RequestHandlerImpl] Error processing web service request
org.jboss.ws.WSException: java.lang.NullPointerException
at org.jboss.ws.WSException.rethrow(WSException.java:68)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:311)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:190)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:123)
at org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.NullPointerException
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.sendResponse(RequestHandlerImpl.java:345)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:307)
... 22 more
2008-09-04 11:47:39,945 ERROR [org.apache.catalina.core.ContainerBase] Servlet.service() for servlet ESBServiceSample_OneWay threw exception
java.lang.NullPointerException
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.sendResponse(RequestHandlerImpl.java:345)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:307)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:190)
at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:123)
at org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 10 months
[JBoss JIRA] Created: (JBESB-1966) EsbActionHandler cannot put property value of an object in jBPM scope to ESB message
by Jacky Cheung (JIRA)
EsbActionHandler cannot put property value of an object in jBPM scope to ESB message
------------------------------------------------------------------------------------
Key: JBESB-1966
URL: https://jira.jboss.org/jira/browse/JBESB-1966
Project: JBoss ESB
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: 4.4, 4.3
Reporter: Jacky Cheung
I am developing application on JBossESB with jBPM as the workflow engine.
In my process definition (jpdl), I have the following node:
<node name="retrieve record">
<action name="fetch record" class="org.jboss.soa.esb.services.jbpm.actionhandlers.EsbActionHandler">
<esbCategoryName>Test</esbCategoryName>
<esbServiceName>TestService</esbServiceName>
<bpmToEsbVars>
<mapping bpm="request.studentName" esb="studentName"/>
</bpmToEsbVars>
<esbToBpmVars>
<mapping esb="status"/>
</esbToBpmVars>
</action>
<transition name="ok" to="decide notify parent"/>
</node>
I got the following exception when jBPM transits into the node
Caused by: org.mvel.PropertyAccessException: unable to resolve property: request
at org.mvel.optimizers.impl.refl.ReflectiveAccessorOptimizer.getBeanProperty(ReflectiveAccessorOptimizer.java:374)
After debuging, I discover JBpmObjectMapper has a bug that breaks the feature.
Line 157 of the class (in JBossESB 4.3) is
objectName = expression.substring(0, dotPosition-1);
In my example, the content of expression variable will be "request.studentName" and the objectName will be "reques". This is wrong. The expected one should be "request".
The fix to this bug is simple. Just remove "-1" from the line so that the line should read as...
objectName = expression.substring(0, dotPosition);
I checked EsbNotifier and I found it call the same class. That means this bug will affect EsbNotifier as well.
At the moment, I can change the bpm attribute to "processInstance.contextInstance.variables.request.studentName" to workaround the bug but my XML becomes difficult to read.
I also breaks in JBossESB 4.4.
The fix is very simple but critical (from my point of view).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 10 months