[Red Hat JIRA] (ISPN-12726) Server should support a truststore for client cert validation
by Tristan Tarrant (Jira)
[ https://issues.redhat.com/browse/ISPN-12726?page=com.atlassian.jira.plugi... ]
Tristan Tarrant updated ISPN-12726:
-----------------------------------
Status: Open (was: New)
> Server should support a truststore for client cert validation
> -------------------------------------------------------------
>
> Key: ISPN-12726
> URL: https://issues.redhat.com/browse/ISPN-12726
> Project: Infinispan
> Issue Type: Enhancement
> Components: Security, Server
> Affects Versions: 12.0.0.Final
> Reporter: Tristan Tarrant
> Assignee: Tristan Tarrant
> Priority: Major
> Fix For: 12.1.0.Final
>
>
> While it is possible to authenticate clients using a certificate, this requires a trust store realm which means adding all possible client certificates to the trust store. Simple validation (not authentication) of certificates based on their trust chain is currently not supported.
> We should enhance the SSL server identity to support a truststore without requiring a trust realm.
> {code:xml}
> <security-realm name="default">
> <server-identities>
> <ssl>
> <keystore path="server.pfx" keystore-password="secret" alias="server"/>
> <truststore path="ca.pfx" password="secret"/>
> </ssl>
> </server-identities>
> </security-realm>
> {code}
> If a truststore is present, client cert will be required on incoming connections.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 2 months
[Red Hat JIRA] (ISPN-12726) Server should support a truststore for client cert validation
by Tristan Tarrant (Jira)
[ https://issues.redhat.com/browse/ISPN-12726?page=com.atlassian.jira.plugi... ]
Tristan Tarrant updated ISPN-12726:
-----------------------------------
Git Pull Request: https://github.com/infinispan/infinispan/pull/9070
Status: Pull Request Sent (was: Open)
> Server should support a truststore for client cert validation
> -------------------------------------------------------------
>
> Key: ISPN-12726
> URL: https://issues.redhat.com/browse/ISPN-12726
> Project: Infinispan
> Issue Type: Enhancement
> Components: Security, Server
> Affects Versions: 12.0.0.Final
> Reporter: Tristan Tarrant
> Assignee: Tristan Tarrant
> Priority: Major
> Fix For: 12.1.0.Final
>
>
> While it is possible to authenticate clients using a certificate, this requires a trust store realm which means adding all possible client certificates to the trust store. Simple validation (not authentication) of certificates based on their trust chain is currently not supported.
> We should enhance the SSL server identity to support a truststore without requiring a trust realm.
> {code:xml}
> <security-realm name="default">
> <server-identities>
> <ssl>
> <keystore path="server.pfx" keystore-password="secret" alias="server"/>
> <truststore path="ca.pfx" password="secret"/>
> </ssl>
> </server-identities>
> </security-realm>
> {code}
> If a truststore is present, client cert will be required on incoming connections.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 2 months
[Red Hat JIRA] (ISPN-12754) Docs: Remove callouts from XML snippets
by Donald Naro (Jira)
[ https://issues.redhat.com/browse/ISPN-12754?page=com.atlassian.jira.plugi... ]
Donald Naro updated ISPN-12754:
-------------------------------
Description: Follows on from ISPN-12693 to convert callouts in xml snippets to comment or make sure callouts can exist in yaml as well. (was: Convert callouts in xml snippets to comment or make sure callouts can exist in yaml as well.)
> Docs: Remove callouts from XML snippets
> ---------------------------------------
>
> Key: ISPN-12754
> URL: https://issues.redhat.com/browse/ISPN-12754
> Project: Infinispan
> Issue Type: Enhancement
> Components: Documentation
> Affects Versions: 12.0.0.Final
> Reporter: Donald Naro
> Assignee: Donald Naro
> Priority: Major
>
> Follows on from ISPN-12693 to convert callouts in xml snippets to comment or make sure callouts can exist in yaml as well.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 2 months
[Red Hat JIRA] (ISPN-11121) Cache using single file store fails to start when security manager is enabled
by Dan Berindei (Jira)
[ https://issues.redhat.com/browse/ISPN-11121?page=com.atlassian.jira.plugi... ]
Dan Berindei updated ISPN-11121:
--------------------------------
Status: Open (was: Pull Request Sent)
> Cache using single file store fails to start when security manager is enabled
> -----------------------------------------------------------------------------
>
> Key: ISPN-11121
> URL: https://issues.redhat.com/browse/ISPN-11121
> Project: Infinispan
> Issue Type: Bug
> Components: Core
> Affects Versions: 9.4.17.Final
> Reporter: Paul Ferraro
> Assignee: Dan Berindei
> Priority: Critical
>
> After upgrading to 9.4.17.Final, caches using a single file store throw a AccessControlException on startup. This looks like a regression introduced by the fix for ISPN-9600, which no longer performs component start within a privileged action.
> {noformat}
> &#27;[0m&#27;[31m07:21:37,237 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 20) MSC000001: Failed to start service jboss.deployment.unit."XSiteSimpleTestCase.war".undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit."XSiteSimpleTestCase.war".undertow-deployment: org.infinispan.commons.CacheException: Unable to invoke method public void org.infinispan.persistence.manager.PersistenceManagerImpl.start() on object of type PersistenceManagerImpl
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
> at java.lang.Thread.run(Thread.java:748)
> at org.jboss.threads.JBossThread.run(JBossThread.java:485)
> Caused by: org.infinispan.commons.CacheException: Unable to invoke method public void org.infinispan.persistence.manager.PersistenceManagerImpl.start() on object of type PersistenceManagerImpl
> at org.infinispan.commons.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:193)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:520)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:711)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:552)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:505)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:711)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:552)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:505)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:711)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:552)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:505)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:711)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl.startDependencies(BasicComponentRegistryImpl.java:552)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl.startWrapper(BasicComponentRegistryImpl.java:505)
> at org.infinispan.factories.impl.BasicComponentRegistryImpl$ComponentWrapper.running(BasicComponentRegistryImpl.java:711)
> at org.infinispan.factories.AbstractComponentRegistry.internalStart(AbstractComponentRegistry.java:428)
> at org.infinispan.factories.AbstractComponentRegistry.start(AbstractComponentRegistry.java:325)
> at org.infinispan.factories.ComponentRegistry.start(ComponentRegistry.java:165)
> at org.infinispan.cache.impl.CacheImpl.start(CacheImpl.java:1110)
> at org.infinispan.cache.impl.AbstractDelegatingCache.start(AbstractDelegatingCache.java:511)
> at org.infinispan.manager.DefaultCacheManager.wireAndStartCache(DefaultCacheManager.java:660)
> at org.infinispan.manager.DefaultCacheManager.createCache(DefaultCacheManager.java:604)
> at org.infinispan.manager.DefaultCacheManager.internalGetCache(DefaultCacheManager.java:487)
> at org.infinispan.manager.DefaultCacheManager.getCache(DefaultCacheManager.java:440)
> at org.jboss.as.clustering.infinispan.DefaultCacheContainer.getCache(DefaultCacheContainer.java:86)
> at org.jboss.as.test.clustering.cluster.xsite.CacheAccessServlet.init(CacheAccessServlet.java:97)
> at javax.servlet.GenericServlet.init(GenericServlet.java:180)
> at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
> at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
> at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
> at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:305)
> at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:145)
> at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:585)
> at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:556)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
> at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:598)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:97)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:78)
> ... 8 more
> Caused by: org.infinispan.commons.CacheException: Unable to start cache loaders
> at org.infinispan.persistence.manager.PersistenceManagerImpl.start(PersistenceManagerImpl.java:182)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.infinispan.commons.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:188)
> ... 51 more
> Caused by: org.infinispan.persistence.spi.PersistenceException: ISPN000527: Maximum startup attempts exceeded for store org.infinispan.persistence.file.SingleFileStore
> at org.infinispan.persistence.manager.PersistenceManagerImpl.startStore(PersistenceManagerImpl.java:1082)
> at org.infinispan.persistence.manager.PersistenceManagerImpl.startWriter(PersistenceManagerImpl.java:1031)
> at org.infinispan.persistence.manager.PersistenceManagerImpl.lambda$start$0(PersistenceManagerImpl.java:164)
> at java.util.ArrayList.forEach(ArrayList.java:1257)
> at org.infinispan.persistence.manager.PersistenceManagerImpl.start(PersistenceManagerImpl.java:164)
> ... 56 more
> Caused by: org.infinispan.persistence.spi.PersistenceException: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/store/work/tc-work/bb15431f347cd651/testsuite/integration/clustering/target/wildfly-1/standalone/data/infinispan/web/dist.dat" "read")" in code source "(vfs:/content/XSiteSimpleTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.XSiteSimpleTestCase.war" from Service Module Loader")
> at org.infinispan.persistence.file.SingleFileStore.start(SingleFileStore.java:136)
> at org.infinispan.persistence.manager.PersistenceManagerImpl.lambda$startWriter$22(PersistenceManagerImpl.java:1039)
> at org.infinispan.persistence.manager.PersistenceManagerImpl.startStore(PersistenceManagerImpl.java:1068)
> ... 60 more
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/store/work/tc-work/bb15431f347cd651/testsuite/integration/clustering/target/wildfly-1/standalone/data/infinispan/web/dist.dat" "read")" in code source "(vfs:/content/XSiteSimpleTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.XSiteSimpleTestCase.war" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:303)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:200)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:368)
> at java.io.File.exists(File.java:814)
> at org.infinispan.persistence.file.SingleFileStore.start(SingleFileStore.java:109)
> ... 62 more
> {noformat}
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 2 months
[Red Hat JIRA] (ISPN-12731) Cache collections and streams ignore values added in current transaction
by Will Burns (Jira)
[ https://issues.redhat.com/browse/ISPN-12731?page=com.atlassian.jira.plugi... ]
Will Burns updated ISPN-12731:
------------------------------
Fix Version/s: 13.0.0.Final
Resolution: Done
Status: Resolved (was: Pull Request Sent)
> Cache collections and streams ignore values added in current transaction
> ------------------------------------------------------------------------
>
> Key: ISPN-12731
> URL: https://issues.redhat.com/browse/ISPN-12731
> Project: Infinispan
> Issue Type: Bug
> Components: Core, Streams
> Affects Versions: 11.0.9.Final, 12.0.1.Final
> Reporter: Dan Berindei
> Assignee: Dan Berindei
> Priority: Major
> Fix For: 12.1.0.Final, 13.0.0.Final
>
>
> This test fails, as the {{results}} list is empty:
> {code:java}
> public void testValuesIncludesEntriesNotYetCommitted() throws Exception {
> Cache<Object, String> cache = cache(0, CACHE_NAME);
> TransactionManager tm = tm(cache);
> tm.begin();
> try {
> Map<Object, String> values = putValueInEachCache(3);
> List<String> results = new ArrayList<>(cache.values());
> assertEquals(values, results);
> } finally {
> tm.rollback();
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 2 months
[Red Hat JIRA] (ISPN-12351) ImmutableListCopy makes too many copies
by Dan Berindei (Jira)
[ https://issues.redhat.com/browse/ISPN-12351?page=com.atlassian.jira.plugi... ]
Dan Berindei updated ISPN-12351:
--------------------------------
Fix Version/s: 12.0.0.Final
(was: 12.1.0.Final)
Resolution: Done
Status: Resolved (was: Pull Request Sent)
Fixed with ISPN-12221
> ImmutableListCopy makes too many copies
> ---------------------------------------
>
> Key: ISPN-12351
> URL: https://issues.redhat.com/browse/ISPN-12351
> Project: Infinispan
> Issue Type: Bug
> Components: Core
> Affects Versions: 12.0.0.Dev03
> Reporter: Dan Berindei
> Assignee: Dan Berindei
> Priority: Minor
> Fix For: 12.0.0.Final
>
>
> An array copy is not needed when creating a new {{ImmutableListCopy}} instance from another {{ImmutableListCopy}}.
> The constructor with 2 list parameters can also avoid one array allocation by pre-allocating the array, or by using one list's array when the other list is empty.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 2 months