April 2008 - jboss-jira - Jboss List Archives

[JBoss JIRA] Created: (JBPORTAL-1996) LDAP connection pooling problems

by Martin Putz (JIRA)

LDAP connection pooling problems -------------------------------- Key: JBPORTAL-1996 URL: http://jira.jboss.com/jira/browse/JBPORTAL-1996 Project: JBoss Portal Issue Type: Bug Security Level: Public (Everyone can see) Components: Portal Security Affects Versions: 2.6.4 Final Reporter: Martin Putz Assigned To: Boleslaw Dawidowicz Fix For: 2.6.5 Final Connection pooling does not work as expected, connections remain open - see forum thread for details - and some pooling parameters have no effect. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

18 years, 2 months

2
1
0 / 0

[JBoss JIRA] Created: (JBPORTAL-1998) Disabled user is able to log in

by darin howard (JIRA)

Disabled user is able to log in -------------------------------- Key: JBPORTAL-1998 URL: http://jira.jboss.com/jira/browse/JBPORTAL-1998 Project: JBoss Portal Issue Type: Bug Security Level: Public (Everyone can see) Components: Portal Identity Affects Versions: 2.6.4 Final Environment: windows Reporter: darin howard When a user is set to disabled they can still log into the portal -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

18 years, 2 months

2
3
0 / 0

[JBoss JIRA] Commented: (EJBTHREE-27) Allowed methods

by Carlo de Wolf (JIRA)

[ http://jira.jboss.com/jira/browse/EJBTHREE-27?page=comments#action_12409753 ] Carlo de Wolf commented on EJBTHREE-27: --------------------------------------- See EJBTHREE-1299 for getRollbackOnly > Allowed methods > --------------- > > Key: EJBTHREE-27 > URL: http://jira.jboss.com/jira/browse/EJBTHREE-27 > Project: EJB 3.0 > Issue Type: Feature Request > Affects Versions: Preview 5 > Reporter: Bill Burke > Assigned To: Carlo de Wolf > Fix For: AS 5.0.0.CR1 > > > EJB specification has semanatics for what methods can be called when. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

18 years, 2 months

1
0
0 / 0

[JBoss JIRA] Created: (JBMETA-22) Update pom.xml to sync with latest AS dependencies

by Dimitris Andreadis (JIRA)

Update pom.xml to sync with latest AS dependencies -------------------------------------------------- Key: JBMETA-22 URL: http://jira.jboss.com/jira/browse/JBMETA-22 Project: JBoss Metadata Issue Type: Task Security Level: Public (Everyone can see) Affects Versions: 1.0.0.Beta8 Reporter: Dimitris Andreadis Assigned To: Dimitris Andreadis Fix For: 1.0.0.Beta9 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

18 years, 2 months

1
2
0 / 0

[JBoss JIRA] Created: (SECURITY-8) LdapExtLoginModule should detect communication failures midstream

by Anil Saldhana (JIRA)

LdapExtLoginModule should detect communication failures midstream ------------------------------------------------------------------ Key: SECURITY-8 URL: http://jira.jboss.com/jira/browse/SECURITY-8 Project: JBoss Security Issue Type: Feature Request Security Level: Public (Everyone can see) Components: JBossSX Affects Versions: 2.0 Reporter: Anil Saldhana Assigned To: Anil Saldhana Fix For: 2.0 http://jira.jboss.com/jira/browse/JBAS-3661 There is a possibility of the context going stale due to communication exceptions with the ldap server when dealing with references etc. It may be useful for the LdapExtLoginModule to implement the: http://java.sun.com/j2se/1.3/docs/api/javax/naming/ldap/UnsolicitedNotifi... such that it can do graceful processing. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

18 years, 2 months

2
3
0 / 0

[JBoss JIRA] Created: (SECURITY-200) Validate legacy SecurityAssociation internal processing for client side

by Anil Saldhana (JIRA)

Validate legacy SecurityAssociation internal processing for client side ----------------------------------------------------------------------- Key: SECURITY-200 URL: http://jira.jboss.com/jira/browse/SECURITY-200 Project: JBoss Security and Identity Management Issue Type: Sub-task Security Level: Public (Everyone can see) Components: JBossSX Affects Versions: 2.0.2-BETA5 Reporter: Anil Saldhana Assigned To: Anil Saldhana Fix For: 2.0.2-BETA6 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

18 years, 2 months

1
1
0 / 0

[JBoss JIRA] Created: (SECURITY-199) ClientLoginModule should push subject context on to legacy Security Association for client side usage

by Anil Saldhana (JIRA)

ClientLoginModule should push subject context on to legacy Security Association for client side usage ----------------------------------------------------------------------------------------------------- Key: SECURITY-199 URL: http://jira.jboss.com/jira/browse/SECURITY-199 Project: JBoss Security and Identity Management Issue Type: Bug Security Level: Public (Everyone can see) Components: JBossSX Affects Versions: 2.0.2-BETA5 Reporter: Anil Saldhana Assigned To: Anil Saldhana Fix For: 2.0.2-BETA6 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

18 years, 2 months

1
1
0 / 0

[JBoss JIRA] Created: (JBRULES-1568) Java debug not working with multiple rule files

by Kris Verlaenen (JIRA)

Java debug not working with multiple rule files ----------------------------------------------- Key: JBRULES-1568 URL: http://jira.jboss.com/jira/browse/JBRULES-1568 Project: JBoss Drools Issue Type: Bug Security Level: Public (Everyone can see) Components: Eclipse IDE Reporter: Kris Verlaenen Assigned To: Kris Verlaenen Fix For: 4.0.7 There is an issue with rule breakpoints (in Java dialect) when rules from multiple rule files are loaded. The generated java consequence class contains not only the imports of its own file but also those of all other rules in the package. Therefore, the generated code can be different depending on the context the rules are used in. As a consequence, it is impossible to predict the exact line number in the generated java consequence class, necessary for debugging. This issue can be fixed by making sure all imports are on one and the same line. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

18 years, 2 months

1
1
0 / 0

[JBoss JIRA] Created: (SECURITY-198) Security Helper Framework to help out with JavaEE Security

by Anil Saldhana (JIRA)

Security Helper Framework to help out with JavaEE Security ----------------------------------------------------------- Key: SECURITY-198 URL: http://jira.jboss.com/jira/browse/SECURITY-198 Project: JBoss Security and Identity Management Issue Type: Feature Request Security Level: Public (Everyone can see) Components: JBossSX, Security SPI Affects Versions: 2.0.2-BETA5 Reporter: Anil Saldhana Assigned To: Anil Saldhana Fix For: 2.0.2-BETA6 EJBAuthenticationHelper, EJBAuthorizationHelper, WebAuthorizationHelper. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

18 years, 2 months

1
2
0 / 0

[JBoss JIRA] Created: (JBAS-5026) NPE in JvmRouteVale.handleJvmRoute

by Philippe Sevestre (JIRA)

NPE in JvmRouteVale.handleJvmRoute ---------------------------------- Key: JBAS-5026 URL: http://jira.jboss.com/jira/browse/JBAS-5026 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Components: Web (Tomcat) service Affects Versions: JBossAS-4.2.1.GA Environment: https + apache 2.0.52 + mod_jk + jboss + ClusteredSSO Reporter: Philippe Sevestre Assigned To: Remy Maucherat Client is a rich app (swing) that does soap calls to an app. Some of those WebServices are secured by a "BASIC" security constraint. When client calls the first password protected service, JBoss tries to set SSO and Session cookies. Then client make some more non-restricted calls that work just fine. After that, the first secured call fails with a NPE at JvmRouteValve, detailed bellow: 2007-11-30 18:16:36,144 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the request processing java.lang.NullPointerException at org.jboss.web.tomcat.service.session.JvmRouteValve.handleJvmRoute(JvmRouteValve.java:125) at org.jboss.web.tomcat.service.session.JvmRouteValve.checkJvmRoute(JvmRouteValve.java:112) at org.jboss.web.tomcat.service.session.JvmRouteValve.invoke(JvmRouteValve.java:81) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn.invoke(ClusteredSingleSignOn.java:637) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:437) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:381) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:595) Checking the code, the only way I see that this could happen is when checkJvmRoute passes a null to handleJvmRoute on its first parameter (oldsessionId). In turn, this implies that getRequestedSessionId() returned null AND getSession(false) didn't. What I can see from packet dumps in the APJ connection is that the client is *not* passing a JSESSIONID header along the call, but, since all calls use *the same tcp/ip connection*, it seems that the session manager still "remembers" that it has a session. Therefore, in this scenario, oldessionId == null (since the client didn't send any session cookie) and session !=null, causing this NPE. A simple fix would be test oldsessionId for null at line 91, returning if it is. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

18 years, 2 months

2
5
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2008