[JBoss JIRA] Created: (HIBERNATE-47) Bug in JPA query parsing
by Heiko W. Rupp (JIRA)
Bug in JPA query parsing
------------------------
Key: HIBERNATE-47
URL: http://jira.jboss.com/jira/browse/HIBERNATE-47
Project: Hibernate
Issue Type: Bug
Environment: ejb-3.0-fd-cr9
Reporter: Heiko W. Rupp
Assigned To: Steve Ebersole
JPA spec (ejb-3.0-fd) says on page 87 in section 4.4.6:
The syntax for declaring a collection member identification variable is as follows:
collection_member_declaration ::=
IN (collection_valued_path_expression) [AS] identification_variable
Using a query that makes use of IN (x.y) AS z fails:
ERROR 06-10 15:14:33,410 (Log4JLogger.java:error:114) -line 1:112: unexpected token: a
ERROR 06-10 15:14:33,502 (Log4JLogger.java:error:119) -Error in named query: mes_templ_findByMeasurementArg
org.hibernate.hql.ast.QuerySyntaxException: unexpected token: a near line 1, column 112 [SELECT mt FROM org.jboss.on.domain.measurement.MeasurementTempl AS mt, IN (mt.eamMeasurementArgCollection1) AS a WHERE a.measurementTemplateArgId.id = :tid]
at org.hibernate.hql.ast.QuerySyntaxException.convert(QuerySyntaxException.java:31)
at org.hibernate.hql.ast.QuerySyntaxException.convert(QuerySyntaxException.java:24)
at org.hibernate.hql.ast.ErrorCounter.throwQueryException(ErrorCounter.java:59)
at org.hibernate.hql.ast.QueryTranslatorImpl.parse(QueryTranslatorImpl.java:253)
at org.hibernate.hql.ast.QueryTranslatorImpl.doCompile(QueryTranslatorImpl.java:156)
at org.hibernate.hql.ast.QueryTranslatorImpl.compile(QueryTranslatorImpl.java:110)
at org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:77)
at org.hibernate.engine.query.HQLQueryPlan.<init>(HQLQueryPlan.java:56)
at org.hibernate.engine.query.QueryPlanCache.getHQLQueryPlan(QueryPlanCache.java:71)
at org.hibernate.impl.SessionFactoryImpl.checkNamedQueries(SessionFactoryImpl.java:397)
at org.hibernate.impl.SessionFactoryImpl.<init>(SessionFactoryImpl.java:348)
at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1213)
at org.hibernate.ejb.Ejb3Configuration.buildEntityManagerFactory(Ejb3Configuration.java:631)
at org.hibernate.ejb.Ejb3Configuration.createEntityManagerFactory(Ejb3Configuration.java:760)
at org.hibernate.ejb.Ejb3Configuration.createContainerEntityManagerFactory(Ejb3Configuration.java:350)
at org.hibernate.ejb.HibernatePersistence.createContainerEntityManagerFactory(HibernatePersistence.java:119)
at org.jboss.ejb3.entity.PersistenceUnitDeployment.start(PersistenceUnitDeployment.java:264)
When I remove the "AS" in IN(x.y) AS z to make it read IN(x.y) z , then it works.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
18 years, 2 months
[JBoss JIRA] Created: (JBADMCON-150) Console's web interface is not protected against XSS attacks.
by Roman Arkhangelskiy (JIRA)
Console's web interface is not protected against XSS attacks.
-------------------------------------------------------------
Key: JBADMCON-150
URL: http://jira.jboss.com/jira/browse/JBADMCON-150
Project: JBoss Admin Console
Issue Type: Bug
Components: General Console
Reporter: Roman Arkhangelskiy
After having been run on JBoss Admin Console source code, Jtest's BugDetective feature reported a lot of places (29 speaking precisely) that make the console vulnerable to XSS attacks.
There are quite a few places where some data being obtained from servlet request are then published to a web-page without any prior validation. Such approach makes it possible for the malicious user to perform an XSS attack.
I realize that the admin console itself represents an area with the restricted access, but I can also envision a situation when the UI of the administrative module does not allow any harmful action to be performed, but it is possible to use a kind of specific http-client to construct dangerous requests. So from technical point of view any data coming from client should be validated before their further use even in restricted areas.
Below goes an example from the code:
file: console/src/resources/weconsole.war/TopicSubscriptions.jsp
At the line #86 variable 'myUrl' is being published without any prior validation. But the validation is necessary since at line #10 this variable gets tainted by its concatenation with the 'objParameter' variable which is considered tainted since its value is in fact a result of request.getParameter("ObjectName") method call.
The screenshot provided by BugDetective is attached.
Please let me know if you think this represents a real problem or BugDetective is mistaken.
Thank you!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
18 years, 2 months
[JBoss JIRA] Created: (JBAS-3737) On Windowsm, jmx.test.DeployServiceUnitTestCase fails with DeploymentException
by Prabhat Jha (JIRA)
On Windowsm, jmx.test.DeployServiceUnitTestCase fails with DeploymentException
------------------------------------------------------------------------------
Key: JBAS-3737
URL: http://jira.jboss.com/jira/browse/JBAS-3737
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Test Suite
Environment: Windows 2003, Sun JDK 1.4
Reporter: Prabhat Jha
Assigned To: Dimitris Andreadis
Fix For: JBossAS-4.0.5.GA
I tried to run with one-test and it fails there as well.
org.jboss.deployment.DeploymentException: No ClassLoaders found for: org.jboss.test.jmx.mbean.TestDeployer; - nested throwable: (java.lang.ClassNotFoundException: No ClassLoaders found for: org.jboss.test.jmx.mbean.TestDeployer
at org.jboss.system.ServiceConfigurator.install(ServiceConfigurator.java:196)
at org.jboss.system.ServiceController.install(ServiceController.java:226)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
at $Proxy4.install(Unknown Source)
at org.jboss.deployment.SARDeployer.create(SARDeployer.java:249)
at org.jboss.deployment.MainDeployer.create(MainDeployer.java:969)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:818)
at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.jmx.connector.invoker.InvokerAdaptorService.invoke(InvokerAdaptorService.java:266)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.invocation.jrmp.server.JRMPProxyFactory.invoke(JRMPProxyFactory.java:179)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:819)
at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:420)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
at sun.rmi.transport.Transport$1.run(Transport.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:534)
Caused by: java.lang.ClassNotFoundException: No ClassLoaders found for: org.jboss.test.jmx.mbean.TestDeployer
at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:306)
at org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:511)
at org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:405)
at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
at org.jboss.mx.server.MBeanServerImpl.instantiate(MBeanServerImpl.java:1204)
at org.jboss.mx.server.MBeanServerImpl.instantiate(MBeanServerImpl.java:286)
at org.jboss.mx.server.MBeanServerImpl.createMBean(MBeanServerImpl.java:344)
at org.jboss.system.ServiceCreator.install(ServiceCreator.java:157)
at org.jboss.system.ServiceConfigurator.internalInstall(ServiceConfigurator.java:449)
at org.jboss.system.ServiceConfigurator.install(ServiceConfigurator.java:171)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
18 years, 2 months
[JBoss JIRA] Created: (JBAS-3744) UseJK is not displayed correctly in jmx-console (for case 11730).
by Jean-Frederic Clere (JIRA)
UseJK is not displayed correctly in jmx-console (for case 11730).
-----------------------------------------------------------------
Key: JBAS-3744
URL: http://jira.jboss.com/jira/browse/JBAS-3744
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Web (Tomcat) service
Affects Versions: JBossAS-4.0.4.GA
Environment: When setting UseJK to true in conf it is always displayed as false in jmx-console.
Reporter: Jean-Frederic Clere
Assigned To: Remy Maucherat
Tomcat5.java needs the following patch:
Index: tomcat/src/main/org/jboss/web/tomcat/tc5/Tomcat5.java
===================================================================
--- tomcat/src/main/org/jboss/web/tomcat/tc5/Tomcat5.java (revision 57281)+++ tomcat/src/main/org/jboss/web/tomcat/tc5/Tomcat5.java (working copy)
@@ -302,6 +302,10 @@
return useJK;
}
+ public boolean getUseJK() {
+ return useJK;
+ }
+
public void setUseJK(boolean useJK)
{
this.useJK = useJK;
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
18 years, 2 months
[JBoss JIRA] Created: (JBAS-3736) JBoss AS 4.0.5.CR1 does not include jaxen, which is required for using Hibernate XML mapping
by Don Smith (JIRA)
JBoss AS 4.0.5.CR1 does not include jaxen, which is required for using Hibernate XML mapping
--------------------------------------------------------------------------------------------
Key: JBAS-3736
URL: http://jira.jboss.com/jira/browse/JBAS-3736
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: ClassLoading
Affects Versions: JBossAS-4.0.5.CR1
Environment: SUSE Linux 10.0, Sun JRE 1.5.0_05-b05
Reporter: Don Smith
Assigned To: Scott M Stark
Fix For: JBossAS-4.0.5.GA
Hibernate XML mapping requires using the org.dom4j.Document, as shown in this example:
org.dom4j.Document document = saxReader.read(inputXML);
List users = document.selectNodes("//product");
try {
Session session = HibernateUtil.sessionFactory.openSession();
Transaction transaction = session.beginTransaction();
Session dom4jSession = session.openSession(EntityMode.DOM4J);
Iterator iter = users.iterator();
while (iter.hasNext()) {
Object next = iter.next();
dom4jSession.saveOrUpdate("demo.Product", next );
}// end while
transaction.commit();
session.close();
If any other type of Document is used for the dom4jSession.saveOrUpdate() call, it throws an exception.
Using SAXReader.read() throws a NoClassDefFound error using JBoss 4.0.5.CR1, unless jaxen (jaxen-1.1-beta-7.jar from the Hibernate 3.2.cr4 download) is added the the server configuration's lib directory.
I submit that jaxen is required to use the XML Mapping facility of Hibernate, and that it's missing from JBoss 4.0.5.CR1.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
18 years, 2 months