[JBoss JIRA] (SECURITY-934) RolesSearch in AdvancedLdapLoginModule is doing a needless LDAP call for each individual role
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/SECURITY-934?page=com.atlassian.jira.plug... ]
Darran Lofthouse resolved SECURITY-934.
---------------------------------------
Resolution: Done
> RolesSearch in AdvancedLdapLoginModule is doing a needless LDAP call for each individual role
> ---------------------------------------------------------------------------------------------
>
> Key: SECURITY-934
> URL: https://issues.jboss.org/browse/SECURITY-934
> Project: PicketBox
> Issue Type: Bug
> Components: Negotiation
> Reporter: Hynek Švábek
> Assignee: Romain Pelisse
>
> There will be needless LDAP calls if we use AdvancedLdap login module.
> If a user is a member of (lets say) 100 groups, then we can get an extra 100 calls to the LDAP server.
> It can be performance problem.
> Same problem was in LdapExt login module.
> You can see this BZ https://bugzilla.redhat.com/show_bug.cgi?id=1223840
> https://issues.jboss.org/browse/SECURITY-891
> Example from Wireshark for 2 groups:
> {code}
> * searchRequest(3) "ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" wholeSubtree
> * searchResEntry(3) "CN=JBossAdmin,OU=Roles,OU=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" | searchResEntry(3) "CN=Slash/Char,OU=Roles,OU=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" | searchResDone(3) success [2 results]
> * searchRequest(4) "CN=JBossAdmin,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" baseObject
> * searchResEntry(4) "CN=JBossAdmin,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" | searchResDone(4) success [1 result]
> * searchRequest(5) "CN=Slash/Char,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" baseObject
> * searchResEntry(5) "CN=Slash/Char,ou=Roles,ou=AdvancedLdapLoginModuleSpecialNamesTestCasee4b1c459,OU=primary,O=eapqe,DC=JBOSS3,DC=test" | searchResDone(5) success [1 result]
> {code}|
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (WFLY-6662) Statement.cancel() is not invoked until the statement is completed
by lorenzo benvenuti (JIRA)
[ https://issues.jboss.org/browse/WFLY-6662?page=com.atlassian.jira.plugin.... ]
lorenzo benvenuti updated WFLY-6662:
------------------------------------
Description:
Hi,
in our application we are using the {{Statement.cancel()}} method to stop long-running queries; in Wildfly 9.0.2 this is not working because the {{cancel()}} method is synchronized using a lock which is not released until the query is executed. In {{WrappedStatement}}:
{code:java}
public void cancel() throws SQLException
{
if (doLocking)
lock();
try
{
/* ... */
{code}
It seems this behaviour has changed from version 1.2.5.Final of ironjacamar-jdbc; in version 1.2.4.Final {{WrappedStatement.cancel}} doesn't try to obtain the lock.
Probably I'm missing something, but to me it's strange that in order to cancel a statement you have to wait for its completion.
Thank you,
lorenzo
was:
Hi,
in our application we are using the {{Statement.cancel()}} method to stop long-running queries; in Wildfly 9.0.2 this is not working because the {{cancel()}} method is synchronized using a lock which is not released until the query is executed. In {{WrappedStatement}}:
{code:java}
public void More ...cancel() throws SQLException
{
if (doLocking)
lock();
try
{
/* ... */
{code}
It seems this behaviour has changed from version 1.2.5.Final of ironjacamar-jdbc; in version 1.2.4.Final {{WrappedStatement.cancel}} doesn't try to obtain the lock.
Probably I'm missing something, but to me it's strange that in order to cancel a statement you have to wait for its completion.
Thank you,
lorenzo
> Statement.cancel() is not invoked until the statement is completed
> ------------------------------------------------------------------
>
> Key: WFLY-6662
> URL: https://issues.jboss.org/browse/WFLY-6662
> Project: WildFly
> Issue Type: Bug
> Components: JCA
> Affects Versions: 9.0.2.Final
> Reporter: lorenzo benvenuti
> Assignee: Jesper Pedersen
>
> Hi,
> in our application we are using the {{Statement.cancel()}} method to stop long-running queries; in Wildfly 9.0.2 this is not working because the {{cancel()}} method is synchronized using a lock which is not released until the query is executed. In {{WrappedStatement}}:
> {code:java}
> public void cancel() throws SQLException
> {
> if (doLocking)
> lock();
> try
> {
> /* ... */
> {code}
> It seems this behaviour has changed from version 1.2.5.Final of ironjacamar-jdbc; in version 1.2.4.Final {{WrappedStatement.cancel}} doesn't try to obtain the lock.
> Probably I'm missing something, but to me it's strange that in order to cancel a statement you have to wait for its completion.
> Thank you,
> lorenzo
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (WFLY-6662) Statement.cancel() is not invoked until the statement is completed
by lorenzo benvenuti (JIRA)
lorenzo benvenuti created WFLY-6662:
---------------------------------------
Summary: Statement.cancel() is not invoked until the statement is completed
Key: WFLY-6662
URL: https://issues.jboss.org/browse/WFLY-6662
Project: WildFly
Issue Type: Bug
Components: JCA
Affects Versions: 9.0.2.Final
Reporter: lorenzo benvenuti
Assignee: Jesper Pedersen
Hi,
in our application we are using the {{Statement.cancel()}} method to stop long-running queries; in Wildfly 9.0.2 this is not working because the {{cancel()}} method is synchronized using a lock which is not released until the query is executed. In {{WrappedStatement}}:
{code:java}
public void More ...cancel() throws SQLException
{
if (doLocking)
lock();
try
{
/* ... */
{code}
It seems this behaviour has changed from version 1.2.5.Final of ironjacamar-jdbc; in version 1.2.4.Final {{WrappedStatement.cancel}} doesn't try to obtain the lock.
Probably I'm missing something, but to me it's strange that in order to cancel a statement you have to wait for its completion.
Thank you,
lorenzo
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (WFLY-6661) Bean level lock type not applied
by Keio Kraaner (JIRA)
Keio Kraaner created WFLY-6661:
----------------------------------
Summary: Bean level lock type not applied
Key: WFLY-6661
URL: https://issues.jboss.org/browse/WFLY-6661
Project: WildFly
Issue Type: Bug
Components: EJB
Affects Versions: 10.0.0.Final
Reporter: Keio Kraaner
A singleton EJB has @Lock(LockType.READ) annotation declared on the class level.
The bean is accessed using a local (defined by @Local annotation) or remote (defined by @Remote annotation) EJB interface.
SingletonComponent::getLockType returns wrong value (LockType.WRITE) because the beanLevelLockType map does not contain a key equal to the local or remote interface class name. It contains a key equal to the EJB class name that implements those interfaces.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (JBJCA-1320) Unable to create JDBC local datasource without properties on JBoss EAP 7
by ted won (JIRA)
[ https://issues.jboss.org/browse/JBJCA-1320?page=com.atlassian.jira.plugin... ]
ted won updated JBJCA-1320:
---------------------------
Description:
It should display warning message than throwing error as [WFLY-6198|https://issues.jboss.org/browse/WFLY-6198].
It's failed with error "IJ031103: At least one connection property must be defined for datasource-class" when it's doing migration from JBoss EAP 6 / WildFly 10 to JBoss EAP 7 or creating non-XA datasource for using local transactions in JBoss EAP 7.
In case of MySQL datasource classes it's possible to use datasource-class and create non-XA datasource in JBoss EAP 6 and WildFly 10 but not EAP 7.
was:
It should display warning message than throwing error as [WFLY-6198|https://issues.jboss.org/browse/WFLY-6198].
It's failed with error "IJ031103: At least one connection property must be defined for datasource-class" when it's doing migration from JBoss EAP 6 / WildFly 10 or creating non-XA datasource for using local transactions in JBoss EAP 7.
In case of MySQL datasource classes it's possible to use datasource-class and create non-XA datasource in JBoss EAP 6 and WildFly 10 but not EAP 7.
> Unable to create JDBC local datasource without properties on JBoss EAP 7
> ------------------------------------------------------------------------
>
> Key: JBJCA-1320
> URL: https://issues.jboss.org/browse/JBJCA-1320
> Project: IronJacamar
> Issue Type: Bug
> Components: JDBC
> Affects Versions: WildFly/IronJacamar 1.3.3.Final
> Environment: JBoss EAP 7.0.0
> Reporter: ted won
> Assignee: ted won
> Priority: Minor
> Attachments: com.msql.tar.gz
>
>
> It should display warning message than throwing error as [WFLY-6198|https://issues.jboss.org/browse/WFLY-6198].
> It's failed with error "IJ031103: At least one connection property must be defined for datasource-class" when it's doing migration from JBoss EAP 6 / WildFly 10 to JBoss EAP 7 or creating non-XA datasource for using local transactions in JBoss EAP 7.
> In case of MySQL datasource classes it's possible to use datasource-class and create non-XA datasource in JBoss EAP 6 and WildFly 10 but not EAP 7.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (WFLY-6660) Allow to dump Artemis journal to file by CLI operation
by Miroslav Novak (JIRA)
[ https://issues.jboss.org/browse/WFLY-6660?page=com.atlassian.jira.plugin.... ]
Miroslav Novak commented on WFLY-6660:
--------------------------------------
Yes, I saw this warning as well. Question is if this is because that all journal operations must be suspended for a while or it can corrupt the journal.
> Allow to dump Artemis journal to file by CLI operation
> ------------------------------------------------------
>
> Key: WFLY-6660
> URL: https://issues.jboss.org/browse/WFLY-6660
> Project: WildFly
> Issue Type: Feature Request
> Components: JMS
> Affects Versions: 10.0.0.Final
> Reporter: Miroslav Novak
> Assignee: Jeff Mesnil
> Attachments: journal.txt
>
>
> For debugging and investigation purposes it would useful to have CLI operation which would dump content of Artemis journal directory.
> New CLI operation like {{print-journal-date-content}} would print content of journal to a file.
> It would do the same thing like following Artemis CLI command:
> {code}
> .../activemq-artemis/artemis-distribution/target/apache-artemis-1.3.0-SNAPSHOT-bin/apache-artemis-1.3.0-SNAPSHOT/bin/artemis data print --bindings bindings --journal journal --paging paging --large-messages largemessages
> {code}
> This should work only in Admin only mode as dumping journal in run-time is not possible when data changes.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (WFCORE-433) git backend for loading/storing the configuration XML for wildfly
by James Strachan (JIRA)
[ https://issues.jboss.org/browse/WFCORE-433?page=com.atlassian.jira.plugin... ]
James Strachan commented on WFCORE-433:
---------------------------------------
BTW we have an implementation of a reusable microservice or command for automatically upgrading the git commit sha used to provide configuration files from git in kubernetes here:
https://github.com/fabric8io/gitcontroller
This lets you mount configuration files to a volume in kubernetes; such as this example:
https://github.com/jstrachan/springboot-config-demo/blob/master/src/main/...
so provided the standalone.xml files or whatever are stored in git; it'd be easy to use them in an EAP/wildfly/wildfly swarm docker image. The only thing to watch with gitRepo volumes with kubernetes is to ensure that the configuration files are mounted to a folder that your microservice can then read them from (and you don't try and mix and match the same folder for configuration and secrets/code).
There's more detail on the configuration tradeoffs of microservices on kubernetes here:
http://fabric8.io/guide/develop/configuration.html
> git backend for loading/storing the configuration XML for wildfly
> -----------------------------------------------------------------
>
> Key: WFCORE-433
> URL: https://issues.jboss.org/browse/WFCORE-433
> Project: WildFly Core
> Issue Type: Feature Request
> Components: Domain Management
> Reporter: James Strachan
> Assignee: Jason Greene
>
> when working with wildfly in a cloud/paas environment (like openshift, fabric8, docker, heroku et al) it'd be great to have a git repository for the configuration folder so that writes work something like:
> * git pull
> * write the, say, standalone.xml file
> * git commit -a -m "some comment"
> * git push
> (with a handler to deal with conflicts; such as last write wins).
> Then an optional periodic 'git pull' and reload configuration if there is a change.
> This would then mean that folks could use a number of wildfly containers using docker / openshift / fabric8 and then have a shared git repository (e.g. the git repo in openshift or fabric8) to configure a group of wildfly containers. Folks could then reuse the wildfly management console within cloud environments (as the management console would, under the covers, be loading/saving from/to git)
> Folks could then benefit from git tooling when dealing with versioning and audit logs of changes to the XML; along with getting the benefit of branching, tagging.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (WFLY-6660) Allow to dump Artemis journal to file by CLI operation
by Jeff Mesnil (JIRA)
[ https://issues.jboss.org/browse/WFLY-6660?page=com.atlassian.jira.plugin.... ]
Jeff Mesnil commented on WFLY-6660:
-----------------------------------
I'm not sure about that: the Artemis command has this warning: "Print data records information (WARNING: don't use while a production server is running)"
[~ataylor] would it be "safe" to execute this command on a running Artemis server or should it be allowed only on admin-only server (ie no Artemis runtime)?
> Allow to dump Artemis journal to file by CLI operation
> ------------------------------------------------------
>
> Key: WFLY-6660
> URL: https://issues.jboss.org/browse/WFLY-6660
> Project: WildFly
> Issue Type: Feature Request
> Components: JMS
> Affects Versions: 10.0.0.Final
> Reporter: Miroslav Novak
> Assignee: Jeff Mesnil
> Attachments: journal.txt
>
>
> For debugging and investigation purposes it would useful to have CLI operation which would dump content of Artemis journal directory.
> New CLI operation like {{print-journal-date-content}} would print content of journal to a file.
> It would do the same thing like following Artemis CLI command:
> {code}
> .../activemq-artemis/artemis-distribution/target/apache-artemis-1.3.0-SNAPSHOT-bin/apache-artemis-1.3.0-SNAPSHOT/bin/artemis data print --bindings bindings --journal journal --paging paging --large-messages largemessages
> {code}
> This should work only in Admin only mode as dumping journal in run-time is not possible when data changes.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (JBJCA-1320) Unable to create JDBC local datasource without properties on JBoss EAP 7
by ted won (JIRA)
[ https://issues.jboss.org/browse/JBJCA-1320?page=com.atlassian.jira.plugin... ]
ted won updated JBJCA-1320:
---------------------------
Description:
It should display warning message than throwing error as [WFLY-6198|https://issues.jboss.org/browse/WFLY-6198].
It's failed with error "IJ031103: At least one connection property must be defined for datasource-class" when it's doing migration from JBoss EAP 6 / WildFly 10 or creating non-XA datasource for using local transactions in JBoss EAP 7.
In case of MySQL datasource classes it's possible to use datasource-class and create non-XA datasource in JBoss EAP 6 and WildFly 10 but not EAP 7.
was:
It's failed with error "IJ031103: At least one connection property must be defined for datasource-class" when it's doing migration from JBoss EAP 6 / WildFly 10 or creating non-XA datasource, using local transactions in JBoss EAP 7.
It should display warning message than throwing error like [WFLY-6198|https://issues.jboss.org/browse/WFLY-6198].
In case of MySQL datasource classes it's possible to use datasource-class and create non-XA datasource in JBoss EAP 6 and WildFly 10 but EAP 7.
> Unable to create JDBC local datasource without properties on JBoss EAP 7
> ------------------------------------------------------------------------
>
> Key: JBJCA-1320
> URL: https://issues.jboss.org/browse/JBJCA-1320
> Project: IronJacamar
> Issue Type: Bug
> Components: JDBC
> Affects Versions: WildFly/IronJacamar 1.3.3.Final
> Reporter: ted won
> Assignee: ted won
> Priority: Minor
> Attachments: com.msql.tar.gz
>
>
> It should display warning message than throwing error as [WFLY-6198|https://issues.jboss.org/browse/WFLY-6198].
> It's failed with error "IJ031103: At least one connection property must be defined for datasource-class" when it's doing migration from JBoss EAP 6 / WildFly 10 or creating non-XA datasource for using local transactions in JBoss EAP 7.
> In case of MySQL datasource classes it's possible to use datasource-class and create non-XA datasource in JBoss EAP 6 and WildFly 10 but not EAP 7.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months