[JBoss JIRA] Created: (JGRP-837) Add faulire simulation capabiliries to Simulator
by Richard Achmatowicz (JIRA)
Add faulire simulation capabiliries to Simulator
-------------------------------------------------
Key: JGRP-837
URL: https://jira.jboss.org/jira/browse/JGRP-837
Project: JGroups
Issue Type: Feature Request
Reporter: Richard Achmatowicz
Assignee: Richard Achmatowicz
Priority: Minor
The Simulator can be used to test protocol layers in isolation. Multiple Simulator instances can be configured so that they model a multicast group.
In its present state, messages are transported from one Simulator instance to another by the send_thread, which moves messages from send_queue to recv_queue in a reliable fashion. Futhermore, all Simulators perform at the same speed. I'd like to use the Simulator to additionally simulate failures, in order to check the robustness of the protocols. In particular, i'd like to model:
* dropped, reordered, corrupted messages
* failed processors ('crash' failure)
* network partitions
* slow processes
This JIRA issue will track progress on this and allow for discussion.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years
[JBoss JIRA] Created: (JBAS-7923) Authentication caches wrong credential settings
by ali aslan (JIRA)
Authentication caches wrong credential settings
-----------------------------------------------
Key: JBAS-7923
URL: https://jira.jboss.org/jira/browse/JBAS-7923
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Security
Affects Versions: JBossAS-5.1.0.GA
Environment: Windows Vista, jdk1.5.0_18, MySQL Server 5.0
Reporter: ali aslan
Assignee: Anil Saldhana
My Problem is that I can login/logout with different users as long as I do not enter a wrong password for a user.
If this happens it is not possible to authenticate any other user. Authentication always fails.
If I delete the browser cookies I can authenticate the user again.
The JAAS configuration in jboss-service.xml
<!-- JAAS security manager and realm mapping -->
<mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
name="jboss.security:service=JaasSecurityManager">
<attribute name="ServerMode">true</attribute>
<attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
<attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
<attribute name="DefaultCacheTimeout">0</attribute>
<attribute name="DefaultCacheResolution">0</attribute>
<attribute name="DeepCopySubjectMode">false</attribute>
</mbean>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years
[JBoss JIRA] Created: (JBAS-8028) java.util.zip.ZipException: error in opening zip file
by Marko Strukelj (JIRA)
java.util.zip.ZipException: error in opening zip file
-----------------------------------------------------
Key: JBAS-8028
URL: https://jira.jboss.org/jira/browse/JBAS-8028
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: VFS
Affects Versions: 6.0.0.M3
Reporter: Marko Strukelj
Deploying the attached .war containg CDI app + Seam3 Faces Module fails on M3 (working fine on M2).
0:56:32,961 SEVERE [javax.enterprise.resource.webcontainer.jsf.config] Unable to process annotations for url, vfs:/C:/opt/java/jboss-6.0.0.20100429-M3/server/default/deploy/cdi-vfs3-bug.war/WEB-INF/lib/seam-faces-3.0.0-SNAPSHOT.jar/META-INF/faces-config.xml. Reason: java.util.z
ip.ZipException: error in opening zip file
20:56:32,989 SEVERE [javax.enterprise.resource.webcontainer.jsf.config] : java.util.zip.ZipException: error in opening zip file
at java.util.zip.ZipFile.open(Native Method) [:1.6.0_18]
at java.util.zip.ZipFile.<init>(ZipFile.java:114) [:1.6.0_18]
at java.util.jar.JarFile.<init>(JarFile.java:133) [:1.6.0_18]
at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:67) [:1.6.0_18]
at sun.net.www.protocol.jar.URLJarFile$1.run(URLJarFile.java:214) [:1.6.0_18]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_18]
at sun.net.www.protocol.jar.URLJarFile.retrieve(URLJarFile.java:198) [:1.6.0_18]
at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:50) [:1.6.0_18]
at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:80) [:1.6.0_18]
at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:104) [:1.6.0_18]
at sun.net.www.protocol.jar.JarURLConnection.getJarFile(JarURLConnection.java:71) [:1.6.0_18]
at com.sun.faces.config.AnnotationScanner.processClasspath(AnnotationScanner.java:290) [:2.0.2-FCS]
at com.sun.faces.config.AnnotationScanner.getAnnotatedClasses(AnnotationScanner.java:215) [:2.0.2-FCS]
at com.sun.faces.config.ConfigManager$AnnotationScanTask.call(ConfigManager.java:765) [:2.0.2-FCS]
at com.sun.faces.config.ConfigManager$AnnotationScanTask.call(ConfigManager.java:736) [:2.0.2-FCS]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [:1.6.0_18]
at java.util.concurrent.FutureTask.run(FutureTask.java:138) [:1.6.0_18]
at com.sun.faces.config.ConfigManager.initialize(ConfigManager.java:329) [:2.0.2-FCS]
at com.sun.faces.config.ConfigureListener.contextInitialized(ConfigureListener.java:223) [:2.0.2-FCS]
at org.jboss.web.jsf.integration.config.JBossJSFConfigureListener.contextInitialized(JBossJSFConfigureListener.java:72) [:6.0.0.20100429-M3]
at org.apache.catalina.core.StandardContext.contextListenerStart(StandardContext.java:3733) [:6.0.0.20100429-M3]
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4197) [:6.0.0.20100429-M3]
at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:323) [:6.0.0.20100429-M3]
at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:148) [:6.0.0.20100429-M3]
at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:462) [:6.0.0.20100429-M3]
at org.jboss.web.deployers.WebModule.startModule(WebModule.java:116) [:6.0.0.20100429-M3]
at org.jboss.web.deployers.WebModule.start(WebModule.java:95) [:6.0.0.20100429-M3]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_18]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_18]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_18]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_18]
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157) [:6.0.0.Beta5]
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96) [:6.0.0.Beta5]
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) [:6.0.0.Beta5]
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:271) [:6.0.0.Beta5]
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:670) [:6.0.0.Beta5]
at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206) [:2.2.0.Alpha9]
at $Proxy41.start(Unknown Source) at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:53) [:2.2.0.Alpha9]
at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:41) [:2.2.0.Alpha9]
at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:377) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:301) [:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:2042) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:1081) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.executeOrIncrementStateDirectly(AbstractController.java:1320) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1244) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1137) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:937) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:652) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.system.ServiceController.doChange(ServiceController.java:671) [:6.0.0.20100429-M3 (Build SVNTag:JBoss_6.0.0.20100429-M3 date: 20100502)]
at org.jboss.system.ServiceController.start(ServiceController.java:443) [:6.0.0.20100429-M3 (Build SVNTag:JBoss_6.0.0.20100429-M3 date: 20100502)]
at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:189) [:6.0.0.20100429-M3]
at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:102) [:6.0.0.20100429-M3]
at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:49) [:6.0.0.20100429-M3]
at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62) [:2.2.0.Alpha4]
at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:55) [:2.2.0.Alpha4]
at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:179) [:2.2.0.Alpha4]
at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1857) [:2.2.0.Alpha4]
at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1575) [:2.2.0.Alpha4]
at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1596) [:2.2.0.Alpha4]
at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1516) [:2.2.0.Alpha4]
at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:377) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:2042) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:1081) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.executeOrIncrementStateDirectly(AbstractController.java:1320) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1244) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1137) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:937) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:652) [jboss-dependency.jar:2.2.0.Alpha9]
at org.jboss.deployers.plugins.deployers.DeployersImpl.change(DeployersImpl.java:2008) [:2.2.0.Alpha4]
at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:1101) [:2.2.0.Alpha4]
at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:679) [:2.2.0.Alpha4]
at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117) [:6.0.0.20100429-M3]
at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:409) [:6.0.0.20100429-M3]
at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:294) [:6.0.0.20100429-M3]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [:1.6.0_18]
at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317) [:1.6.0_18]
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150) [:1.6.0_18]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98) [:1.6.0_18]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181) [:1.6.0_18]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205) [:1.6.0_18]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_18]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_18]
at java.lang.Thread.run(Thread.java:619) [:1.6.0_18]
Might be related to JBAS-7882 issue on M3.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years
[JBoss JIRA] Created: (JBPORTAL-2477) eXoGadgetServer/gadgets/proxy Provides Access to protected network resources
by Ian De Villiers (JIRA)
eXoGadgetServer/gadgets/proxy Provides Access to protected network resources
----------------------------------------------------------------------------
Key: JBPORTAL-2477
URL: https://jira.jboss.org/jira/browse/JBPORTAL-2477
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal Security
Affects Versions: 3.0 Final
Environment: Tested on a number of different platforms
Reporter: Ian De Villiers
Fix For: 3.0 Final
As per e-mail originally detailing issues with GateIn3.0.0-Beta2 sent to Thomas Heute on 16th November, 2009.
When gadgets are added to the dashboard, the /eXoGadgetServer/gadgets/proxy component loads resources such as images from the portal server using the url specified by the url parameter.
However, no validation checking is performed on the URL field, making it possible to access resources on alternate HTTP ports or alternate servers.
Numerous similar issues exist within other portal applications. BEA Weblogics (now Oracle) and Vignette Portal have also been found to be vulnerable to similar issues in the past.
However, in the case of these portal systems, these requests are only allowed to be made to hosts defined within the same scope as the originating server. Additionally (although this is configurable), the majority of these portlets can only be exploited by authenticated users.
In the case of GateIn Portal, an unauthenticated user can make a request to any third-party system (or port) by tampering with the url parameter.
This may result in an attacker initiating attacks against third-party systems, or accessing resources which would otherwise be protected.
For example, assuming the GateIn Portal is exposed to the Internet. The J2EE application server has been configured to serve portal content on port 80, and the J2EE administrative components are only available on port 8080. Inbound traffic desitned to port 8080 from the Internet is restricted by the firewall.
An attacker would be able to access the J2EE administrative components by requesting the following URL:
http://VulnerableHost:80/eXoGadgetServer/gadgets/proxy?url=http%3A%2F%2F1...
I've been researching these specific vulnerabilities in portal environments for a while now, and have authored a toolset specifically designed at exploiting these vulnerabilities in order to gain access to protected network resources.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years
[JBoss JIRA] Created: (EJBTHREE-2091) Singleton EJBs do not honor @LocalBinding
by Andrew Lee Rubinger (JIRA)
Singleton EJBs do not honor @LocalBinding
-----------------------------------------
Key: EJBTHREE-2091
URL: https://jira.jboss.org/jira/browse/EJBTHREE-2091
Project: EJB 3.0
Issue Type: Bug
Components: singleton
Affects Versions: EJB3_1 1.0.7
Reporter: Andrew Lee Rubinger
Assignee: jaikiran pai
Given bean implementation class:
@Singleton
@Startup
@Local(DbInitializerLocalBusiness.class)
@LocalBinding(jndiBinding = DbInitializerLocalBusiness.JNDI_NAME)
// JBoss-specific JNDI Binding annotation
@TransactionManagement(TransactionManagementType.BEAN)
// We'll use bean-managed Tx's here, because @PostConstruct is fired in a
// non-transactional context anyway, and we want to have consistent
// handling when we call via "refreshWithDefaultData".
public class DbInitializerBean implements DbInitializerLocalBusiness
Global JNDI reports:
+- DbInitializer (proxy: $Proxy143 implements interface org.jboss.ejb3.examples.chxx.transactions.ejb.DbInitializerLocalBusiness)
Additionally, we're missing INFO logging about where the proxies are bound. This warning is also present:
18:35:11,166 WARN [org.jboss.ejb3.session.SessionContainer] No JndiSessionRegistrarBase was found; byassing binding of Proxies to jboss.j2ee:service=EJB3,name=DbInitializerBean in Global JNDI.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
14 years