September 2008 - esb-issues - Jboss List Archives

[JBoss JIRA] Created: (JBESB-2000) Service secured by certificate allows processing of non-secured message

by Jiri Pechanec (JIRA)

Service secured by certificate allows processing of non-secured message ----------------------------------------------------------------------- Key: JBESB-2000 URL: https://jira.jboss.org/jira/browse/JBESB-2000 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Rosetta, Web Services Affects Versions: 4.4 Reporter: Jiri Pechanec I took webservice_producer_secure test and removed the binary token from the message to be delivered <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:good="http://webservice_producer/goodbyeworld"> <soapenv:Body> <good:sayGoodbye> <message>Goodbye!!</message> </good:sayGoodbye> </soapenv:Body> </soapenv:Envelope> I sent the message and I received the following log output 2008-09-08 15:57:47,404 INFO [STDOUT] Subject : Subject: Principal: CN=Daniel Bevenius, OU=JBoss, O=Red Hat, L=Stockholm, ST=Stockholm, C=SE Principal: [groupName=Roles, members=[[roleName=adminRole]]] Public Credential: X.509 Cert Path: length = 1. [ =========================================================Certificate 1 start. [ [ Version: V1 Subject: CN=Daniel Bevenius, OU=JBoss, O=Red Hat, L=Stockholm, ST=Stockholm, C=SE Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 1024 bits modulus: 96394299007685713994561177305073714490667979701493101401287029609141406861260879512426765285612012165595912063457551494088923115022429026678765488144518428272539742307006497380494458284715504722740091896431880919504876830696069111637705579321597763064103918824087523754146266813912176353706311845945277748163 public exponent: 65537 Validity: [From: Wed Aug 13 15:25:44 CEST 2008, To: Sat Dec 29 14:25:44 CET 2035] Issuer: CN=Daniel Bevenius, OU=JBoss, O=Red Hat, L=Stockholm, ST=Stockholm, C=SE SerialNumber: [ 48a2e0d8] ] Algorithm: [MD5withRSA] Signature: 0000: 30 B3 97 48 17 01 8D 31 CA C7 47 90 A3 5D C1 A0 0..H...1..G..].. 0010: 43 CE 58 9B 2C FC F6 CE 66 87 72 2B 7C E3 5A 95 C.X.,...f.r+..Z. 0020: 9F 4E 69 FC 8D 60 B1 B5 15 BC 43 E1 EA 2F C3 8F .Ni..`....C../.. 0030: 9E EF 74 4F 97 EB AB 0F 6C 8D FA B9 98 AA C9 6A ..tO....l......j 0040: 84 AF AC 2F 08 90 ED 69 36 E1 48 B9 9C 92 4E E2 .../...i6.H...N. 0050: A1 7C 0B BD D2 84 43 5E 74 30 F0 6C 8D 64 51 9C ......C^t0.l.dQ. 0060: 51 8D B5 98 6B 41 F8 E8 D2 AF 2C 78 B8 74 92 07 Q...kA....,x.t.. 0070: 28 9D B7 CD E2 91 E5 95 F3 64 24 F7 1D 48 1B E2 (........d$..H.. ] =========================================================Certificate 1 end. ] Private Credential: javax.security.auth.x500.X500PrivateCredential@137c653 2008-09-08 15:57:47,429 INFO [STDOUT] **** SOAPRequest perhaps mediated by ESB: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:good="http://webservice_producer/goodbyeworld"> <soapenv:Body> <good:sayGoodbye> <message>Goodbye!!</message> </good:sayGoodbye> </soapenv:Body> </soapenv:Envelope> 2008-09-08 15:57:47,429 INFO [STDOUT] Web Service Parameter - message=Goodbye!! I expect that the message should be rejected because it is not authenticated. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 10 months

4
5
0 / 0

[JBoss JIRA] Created: (JBESB-1971) ESB service is automatically exposed via EBWS

by Jiri Pechanec (JIRA)

ESB service is automatically exposed via EBWS --------------------------------------------- Key: JBESB-1971 URL: https://jira.jboss.org/jira/browse/JBESB-1971 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Rosetta, Web Services Affects Versions: 4.4 CP1 Reporter: Jiri Pechanec Priority: Critical When the attribute webservice is omitted the ESB service is automatically exposed as EBWS. This 1) Is security risk 2) Violates backward compatibility The services should not be exposed automatically or there should be global switch that enables/disable automatic exposure and disabled by default. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 10 months

3
7
0 / 0

[JBoss JIRA] Created: (JBESB-1994) webservice_producer_secured QS partially not working

by Lukas Petrovicky (JIRA)

webservice_producer_secured QS partially not working ---------------------------------------------------- Key: JBESB-1994 URL: https://jira.jboss.org/jira/browse/JBESB-1994 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Examples Reporter: Lukas Petrovicky Priority: Minor The QS (to be found for instance in SOA-P 4.3 GA IR3) uses a wrong queue name in the org.jboss.soa.esb.samples.quickstart.webserviceproducersecured.test.SendMessage.java class. It should use "queue/quickstart_webservice_producer_secured_gw" but uses "queue/quickstart_webservice_producer_gw". It probably is a result of copy-pasting it from the "webservice_producer" QS. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 10 months

3
3
0 / 0

[JBoss JIRA] Created: (JBESB-1918) Implementation of ScriptingAction is inefficient and incomplete

by Jiri Pechanec (JIRA)

Implementation of ScriptingAction is inefficient and incomplete --------------------------------------------------------------- Key: JBESB-1918 URL: https://jira.jboss.org/jira/browse/JBESB-1918 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Rosetta Affects Versions: 4.4 Reporter: Jiri Pechanec Fix For: 4.2.1 CP4 The ScriptingAction should be polished for beter perfromance and functionality as Groovy scripting action - BSFManager should be created in intialize(), not process() method (credit goes to Kevin :-)) - The script reload should be supported - Is it necessary to process BSF config file? Cannot we use getLangFromFilename method? - It should be probably stated in the docs that for compiled scriping languages it is not guranteed that the compliation is done only once which can lead to performance degradation - native action can be preferred in such case -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 10 months

6
26
0 / 0

[JBoss JIRA] Created: (JBESB-1985) EBWS - One-way MEP is not supported

by Jiri Pechanec (JIRA)

EBWS - One-way MEP is not supported ----------------------------------- Key: JBESB-1985 URL: https://jira.jboss.org/jira/browse/JBESB-1985 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Rosetta, Web Services Affects Versions: 4.4 Reporter: Jiri Pechanec Priority: Critical I tried to set-up service with one-way MEP. I used two methods to achieve it 1) RequestReply ESB service without outXsd <service category="ESBServiceSample" name="RequestReplyCrippled" description="Hello world ESB Service" invmScope="GLOBAL"> <actions mep="RequestResponse" inXsd="/request.xsd" faultXsd="/fault.xsd"> <action name="action" class="org.jboss.soa.esb.samples.quickstart.ebws.MyJMSListenerAction" process="displayMessage" /> </actions> </service> This service generates correct WSDL <wsdl:operation name='RequestReplyCrippledOp'> <wsdl:input message='tns:RequestReplyCrippledReq' name='RequestReplyCrippledReq'></wsdl:input> <wsdl:fault message='tns:RequestReplyCrippledFault1' name='fault1'></wsdl:fault> </wsdl:operation> But the SOAP reply is incorrect <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'><env:Header></env:Header><env:Body><say:sayHiResponse xmlns:say='http://www.jboss.org/sayHi'><say:arg0>Response from ESB Service</say:arg0></say:sayHiResponse></env:Body></env:Envelope> 2) OneWay ESB service without outXsd <service category="ESBServiceSample" name="OneWay" description="Hello world ESB Service" invmScope="GLOBAL"> <actions mep="OneWay" inXsd="/request.xsd" faultXsd="/fault.xsd"> <action name="action" class="org.jboss.soa.esb.samples.quickstart.ebws.MyJMSListenerAction" process="displayMessage" /> </actions> </service> This service generates correct WSDL <wsdl:portType name='OneWayPortType'> <wsdl:operation name='OneWayOp'> <wsdl:input message='tns:OneWayReq' name='OneWayReq'></wsdl:input> </wsdl:operation> </wsdl:portType> But the server throws an exception 2008-09-04 11:47:39,944 ERROR [org.jboss.wsf.stack.jbws.RequestHandlerImpl] Error processing web service request org.jboss.ws.WSException: java.lang.NullPointerException at org.jboss.ws.WSException.rethrow(WSException.java:68) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:311) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:190) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:123) at org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:595) Caused by: java.lang.NullPointerException at org.jboss.wsf.stack.jbws.RequestHandlerImpl.sendResponse(RequestHandlerImpl.java:345) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:307) ... 22 more 2008-09-04 11:47:39,945 ERROR [org.apache.catalina.core.ContainerBase] Servlet.service() for servlet ESBServiceSample_OneWay threw exception java.lang.NullPointerException at org.jboss.wsf.stack.jbws.RequestHandlerImpl.sendResponse(RequestHandlerImpl.java:345) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:307) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:190) at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:123) at org.jboss.wsf.stack.jbws.EndpointServlet.service(EndpointServlet.java:84) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:595) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 10 months

2
5
0 / 0

[JBoss JIRA] Created: (JBESB-1991) EBWS - HTTP Authentication is not supported

by Jiri Pechanec (JIRA)

EBWS - HTTP Authentication is not supported ------------------------------------------- Key: JBESB-1991 URL: https://jira.jboss.org/jira/browse/JBESB-1991 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Rosetta, Web Services Affects Versions: 4.4 Reporter: Jiri Pechanec To support this functionality - the generated web.xml must be modified - the genrated class should contain HttpSecurityInfoExtractor usage -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 10 months

1
0
0 / 0

[JBoss JIRA] Created: (JBESB-1989) ESBServiceContractPublisher uses static variable for address

by Kevin Conner (JIRA)

ESBServiceContractPublisher uses static variable for address ------------------------------------------------------------ Key: JBESB-1989 URL: https://jira.jboss.org/jira/browse/JBESB-1989 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Web Services Affects Versions: 4.4 CP1 Reporter: Kevin Conner Assignee: Kevin Conner Fix For: 4.4 CP1 The result of this is that every exposed service shares the same contract address. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 10 months

1
2
0 / 0

[JBoss JIRA] Created: (JBESB-1988) Duplicate mvel jar in jbrules.esb and smooks.esb

by Kevin Conner (JIRA)

Duplicate mvel jar in jbrules.esb and smooks.esb ------------------------------------------------ Key: JBESB-1988 URL: https://jira.jboss.org/jira/browse/JBESB-1988 Project: JBoss ESB Issue Type: Task Security Level: Public (Everyone can see) Affects Versions: 4.4 Reporter: Kevin Conner Assignee: Kevin Conner Fix For: 4.4 CP1, 4.5 The jbossesb.sar file contains the version of mvel pulled down by ivy but jbrules.esb and smooks.esb also contain a copy. The esb versions should be removed in favour of the ivy specified version. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 10 months

1
1
0 / 0

[JBoss JIRA] Created: (JBESB-1949) quickstart:load_generator ant runtest error

by Burr Sutter (JIRA)

quickstart:load_generator ant runtest error ------------------------------------------- Key: JBESB-1949 URL: https://jira.jboss.org/jira/browse/JBESB-1949 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Examples Affects Versions: 4.4 Reporter: Burr Sutter ant runtest results in the following error message: BUILD FAILED C:\demo\jbossesb-server-4.4.GA\samples\quickstarts\load_generator\build.xml:28: taskdef class org.codehaus.groovy.ant.Groovyc cannot be found -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 10 months

3
11
0 / 0

[JBoss JIRA] Created: (JBESB-1966) EsbActionHandler cannot put property value of an object in jBPM scope to ESB message

by Jacky Cheung (JIRA)

EsbActionHandler cannot put property value of an object in jBPM scope to ESB message ------------------------------------------------------------------------------------ Key: JBESB-1966 URL: https://jira.jboss.org/jira/browse/JBESB-1966 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Affects Versions: 4.4, 4.3 Reporter: Jacky Cheung I am developing application on JBossESB with jBPM as the workflow engine. In my process definition (jpdl), I have the following node: <node name="retrieve record"> <action name="fetch record" class="org.jboss.soa.esb.services.jbpm.actionhandlers.EsbActionHandler"> <esbCategoryName>Test</esbCategoryName> <esbServiceName>TestService</esbServiceName> <bpmToEsbVars> <mapping bpm="request.studentName" esb="studentName"/> </bpmToEsbVars> <esbToBpmVars> <mapping esb="status"/> </esbToBpmVars> </action> <transition name="ok" to="decide notify parent"/> </node> I got the following exception when jBPM transits into the node Caused by: org.mvel.PropertyAccessException: unable to resolve property: request at org.mvel.optimizers.impl.refl.ReflectiveAccessorOptimizer.getBeanProperty(ReflectiveAccessorOptimizer.java:374) After debuging, I discover JBpmObjectMapper has a bug that breaks the feature. Line 157 of the class (in JBossESB 4.3) is objectName = expression.substring(0, dotPosition-1); In my example, the content of expression variable will be "request.studentName" and the objectName will be "reques". This is wrong. The expected one should be "request". The fix to this bug is simple. Just remove "-1" from the line so that the line should read as... objectName = expression.substring(0, dotPosition); I checked EsbNotifier and I found it call the same class. That means this bug will affect EsbNotifier as well. At the moment, I can change the bpm attribute to "processInstance.contextInstance.variables.request.studentName" to workaround the bug but my XML becomes difficult to read. I also breaks in JBossESB 4.4. The fix is very simple but critical (from my point of view). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 10 months

3
6
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

esb-issues September 2008