[JBoss JIRA] (SECURITY-639) DatabaseRolesMappingProvider fails when no roles are present for user
by Kory Markevich (Created) (JIRA)
DatabaseRolesMappingProvider fails when no roles are present for user
---------------------------------------------------------------------
Key: SECURITY-639
URL: https://issues.jboss.org/browse/SECURITY-639
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: PicketBox
Affects Versions: PicketBox_v4_0_1
Environment: JBoss AS 7.0.1
Reporter: Kory Markevich
Assignee: Anil Saldhana
When using DatabaseRolesMappingProvider as part of a web app, everything works fine if the query returns at least one role. If the user does not have any (a valid case in our system) then an IllegalArgumentException is thrown, which is not caught and aborts the authentication process (see stack trace at bottom.)
In particular the Util.addRolesToGroup method explicitly checks for the no-role case, but only to for logging purposes, and then continues on trying to read the roles. This will obviously always fail as per JDBC specs. It looks like the reading should have been put inside an else clause.
15:55:55,700 ERROR [org.apache.catalina.connector.CoyoteAdapter] (http--127.0.0.1-8080-4) An exception or error occurred in the container during the request processing: java.lang.IllegalArgumentException: Query failed
at org.jboss.security.mapping.providers.role.Util.addRolesToGroup(Util.java:250) [picketbox-4.0.1.jar:4.0.1]
at org.jboss.security.mapping.providers.role.DatabaseRolesMappingProvider.performMapping(DatabaseRolesMappingProvider.java:100) [picketbox-4.0.1.jar:4.0.1]
at org.jboss.security.mapping.providers.role.DatabaseRolesMappingProvider.performMapping(DatabaseRolesMappingProvider.java:42) [picketbox-4.0.1.jar:4.0.1]
at org.jboss.security.mapping.MappingContext.performMapping(MappingContext.java:54) [picketbox-4.0.1.jar:4.0.1]
at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:396) [picketbox-4.0.1.jar:4.0.1]
at org.jboss.security.plugins.JBossAuthorizationManager.getSubjectRoles(JBossAuthorizationManager.java:323) [picketbox-4.0.1.jar:4.0.1]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:144) [jboss-as-web-7.0.1.Final.jar:7.0.1.Final]
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.1.Final.jar:7.0.1.Final]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:372) [jbossweb-7.0.1.Final.jar:7.0.1.Final]
at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.0.1.Final.jar:7.0.1.Final]
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:49) [jboss-as-jpa-7.0.1.Final.jar:7.0.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.1.Final.jar:7.0.1.Final]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.1.Final.jar:7.0.1.Final]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.1.Final.jar:7.0.1.Final]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.1.Final.jar:7.0.1.Final]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.1.Final.jar:7.0.1.Final]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.1.Final.jar:7.0.1.Final]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.1.Final]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_29]
Caused by: java.sql.SQLException: Exhausted Resultset
at oracle.jdbc.driver.OracleResultSetImpl.getString(OracleResultSetImpl.java:1270)
at org.jboss.jca.adapters.jdbc.WrappedResultSet.getString(WrappedResultSet.java:1338)
at org.jboss.security.mapping.providers.role.Util.addRolesToGroup(Util.java:239) [picketbox-4.0.1.jar:4.0.1]
... 18 more
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 5 months
[JBoss JIRA] (AS7-3218) read-resource with include-runtime fails for OSGi on HC
by Kabir Khan (Created) (JIRA)
read-resource with include-runtime fails for OSGi on HC
-------------------------------------------------------
Key: AS7-3218
URL: https://issues.jboss.org/browse/AS7-3218
Project: Application Server 7
Issue Type: Bug
Components: OSGi
Reporter: Kabir Khan
Assignee: Thomas Diesler
Priority: Critical
Fix For: 7.1.0.Final
{code}
[domain@localhost:9999 /] :read-resource(recursive-depth=2,include-runtime=true)
{
"outcome" => "failed",
"rolled-back" => true
}
{code}
log:
{code}
[Host Controller] 10:39:54,263 ERROR [org.jboss.as.controller.management-operation] (management-handler-threads - 2) JBAS014612: Operation ("read-attribute") failed - address: ([
[Host Controller] ("profile" => "ha"),
[Host Controller] ("subsystem" => "osgi")
[Host Controller] ]): org.jboss.msc.service.ServiceNotFoundException: Service service jbosgi.StartLevel not found
[Host Controller] at org.jboss.msc.service.ServiceContainerImpl.getRequiredService(ServiceContainerImpl.java:447) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]
[Host Controller] at org.jboss.as.osgi.parser.StartLevelHandler.execute(StartLevelHandler.java:58)
[Host Controller] at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.Final-SNAPSHOT.jar:7.1.0.Final-SNAPSHOT]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.Final-SNAPSHOT.jar:7.1.0.Final-SNAPSHOT]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.Final-SNAPSHOT.jar:7.1.0.Final-SNAPSHOT]
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 5 months
[JBoss JIRA] (AS7-3219) :read-resource with include-runtime fails for messaging in HC
by Kabir Khan (Created) (JIRA)
:read-resource with include-runtime fails for messaging in HC
-------------------------------------------------------------
Key: AS7-3219
URL: https://issues.jboss.org/browse/AS7-3219
Project: Application Server 7
Issue Type: Bug
Components: JMS
Reporter: Kabir Khan
Assignee: Brian Stansberry
Fix For: 7.1.0.Final
{code}
[domain@localhost:9999 /] :read-resource(recursive-depth=2,include-runtime=true)
{
"outcome" => "failed",
"rolled-back" => true
}
{code}
{code}
[Host Controller] 10:40:43,525 ERROR [org.jboss.as.controller.management-operation] (management-handler-threads - 3) JBAS014612: Operation ("read-attribute") failed - address: ([
[Host Controller] ("profile" => "ha"),
[Host Controller] ("subsystem" => "messaging"),
[Host Controller] ("hornetq-server" => "default")
[Host Controller] ]): java.lang.NullPointerException
[Host Controller] at org.jboss.as.messaging.HornetQServerControlHandler.getServerControl(HornetQServerControlHandler.java:383)
[Host Controller] at org.jboss.as.messaging.HornetQServerControlHandler.executeRuntimeStep(HornetQServerControlHandler.java:122)
[Host Controller] at org.jboss.as.controller.AbstractRuntimeOnlyHandler$1.execute(AbstractRuntimeOnlyHandler.java:90) [jboss-as-controller-7.1.0.Final-SNAPSHOT.jar:7.1.0.Final-SNAPSHOT]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.Final-SNAPSHOT.jar:7.1.0.Final-SNAPSHOT]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.Final-SNAPSHOT.jar:7.1.0.Final-SNAPSHOT]
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 5 months
[JBoss JIRA] (AS7-3232) Bug in host.xml serialization
by Tomaz Cerar (Created) (JIRA)
Bug in host.xml serialization
-----------------------------
Key: AS7-3232
URL: https://issues.jboss.org/browse/AS7-3232
Project: Application Server 7
Issue Type: Bug
Components: Domain Management
Affects Versions: 7.1.0.CR1b, 7.1.0.Beta1b, 7.1.0.Beta1
Reporter: Tomaz Cerar
Assignee: Tomaz Cerar
Priority: Critical
Fix For: 7.1.0.Final
One is when creating a new server configuration with the help of the console. The new server is created and started and everything works fine, as long you do not restart the host controller. If you do a restart, the host will not start due to a parser error (javax.xml.stream.XMLStreamException: ParseError at [row,col] [Host Controller] Message: JBAS014788: Unexpected attribute 'ref' encountered).
If I remove a "ref" attribute from <server name="test" group="main-server-group" auto-start="false"><socket-bindings ref="standard-sockets" port-offset="777"/> </server> in host.xml, the host starts without a problem.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 5 months
[JBoss JIRA] Created: (AS7-1656) Binder services should not be ON_DEMAND
by Stuart Douglas (JIRA)
Binder services should not be ON_DEMAND
---------------------------------------
Key: AS7-1656
URL: https://issues.jboss.org/browse/AS7-1656
Project: Application Server 7
Issue Type: Bug
Components: Clustering
Affects Versions: 7.0.1.Final
Reporter: Stuart Douglas
Assignee: Paul Ferraro
Fix For: 7.0.2.Final
IF a binder service is registered as ON_DEMAND then the item will not be available for lookup in JNDI until something as expressed a dependency on it. This means that it will work for resource injection, however will fail for manual JNDI lookups.
If lazy startup is required the binder service should use a ManagedReferenceFactory that starts the lazy service and blocks until the lazy service is available.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 5 months