November 2012 - jboss-jira - Jboss List Archives

[JBoss JIRA] (JGRP-1544) FORWARD_TO_COORD is slow

by Bela Ban (JIRA)

Bela Ban created JGRP-1544: ------------------------------ Summary: FORWARD_TO_COORD is slow Key: JGRP-1544 URL: https://issues.jboss.org/browse/JGRP-1544 Project: JGroups Issue Type: Enhancement Reporter: Bela Ban Assignee: Bela Ban Fix For: 3.3 When doing xsite perf tests, JGRP-1542 fixed a perf issue by passing message flags on when forwarding / relaying a message. However, the biggest perf culprit was FORWARD_TO_COORD. This JIRA will investigate the cause (probably the forward-table and delivery-table handling) and hopefully fix it. Meanwhile, the recommendadtion is to comment FORWARD_TO_COORD. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
0
0 / 0

[JBoss JIRA] (AS7-5743) Integrate usage analytics

by Heiko Braun (JIRA)

Heiko Braun created AS7-5743: -------------------------------- Summary: Integrate usage analytics Key: AS7-5743 URL: https://issues.jboss.org/browse/AS7-5743 Project: Application Server 7 Issue Type: Feature Request Components: Console Reporter: Heiko Braun Assignee: Heiko Braun Fix For: 7.2.0.CR1 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
1
0 / 0

[JBoss JIRA] (AS7-3405) Authorization Checks for Services over Remoting

by Darran Lofthouse (JIRA)

Darran Lofthouse created AS7-3405: ------------------------------------- Summary: Authorization Checks for Services over Remoting Key: AS7-3405 URL: https://issues.jboss.org/browse/AS7-3405 Project: Application Server 7 Issue Type: Task Components: Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 7.1.0.Final As all services are now moving to be exposed over Remoting connectors they can all be secured using the same realm. This task is to ensure each at the very least has a basis for an authorization check that can be extended for more complex service specific requirements. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

2
6
0 / 0

[JBoss JIRA] (JBADMCON-172) CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5 and 6

by Renaud Dubourguais (JIRA)

Renaud Dubourguais created JBADMCON-172: ------------------------------------------- Summary: CVE-2010-1871 still affects the Admin Console deployed in JBoss AS 5 and 6 Key: JBADMCON-172 URL: https://issues.jboss.org/browse/JBADMCON-172 Project: JBoss Admin Console Issue Type: Bug Components: General Console Affects Versions: 1.0 alpha, 1.1 alpha, 2.0 alpha Reporter: Renaud Dubourguais The version of the SEAM framework used by the Admin Console in JBoss AS 5 and 6 is still affected by the CVE-2010-1871. (The Red Hat version is already patched). This vulnerability allows pre-authentication remote code execution and functional public exploits exist. For more details about this issue: - http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html - https://access.redhat.com/security/cve/CVE-2010-1871 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
2
0 / 0

[JBoss JIRA] (AS7-4982) add-user.sh script use weakeness hashing algorithm (MD5) that is broken for a long time

by Yannick LE NY (JIRA)

Yannick LE NY created AS7-4982: ---------------------------------- Summary: add-user.sh script use weakeness hashing algorithm (MD5) that is broken for a long time Key: AS7-4982 URL: https://issues.jboss.org/browse/AS7-4982 Project: Application Server 7 Issue Type: Bug Components: Console Affects Versions: 7.1.2.Final (EAP) Environment: Jboss EAP 6.0 Beta2 Jboss AS 7.1.1 Linux RHEL 5.4 JDK 1.6.0_24 Reporter: Yannick LE NY Assignee: Heiko Braun Fix For: 7.1.3.Final (EAP) In Jboss EAP 6.0 Beta2 or Jboss AS 7.1.1, we need to use the bin/add-user.sh script to add user access to the Jboss console. And in the the bin/add-user.sh script, you can find that the org.jboss.as.domain-add-user java class is used to : 1) add the login in the files standalone/configuration/mgmt-users.properties and domain/configuration/mgmt-users.properties 2) first hash the password with MD5 hash algorithm and then copy it hashed in the files standalone/configuration/mgmt-users.properties and domain/configuration/mgmt-users.properties When you search about the org.jboss.as.domain-add-user java class on the Internet, you find this source file http://grepcode.com/file/repo1.maven.org/maven2/org.jboss.as/jboss-as-dom... and this file use an import of the org.jboss.sasl.util.UsernamePasswordHashUtil class that is in the file http://grepcode.com/file/repository.jboss.org/nexus/content/repositories/... In the file UsernamePasswordHashUtil.java, we can see that this is the weakness MD5 hash algorithm that is used and that is broken for a long time : At http://en.wikipedia.org/wiki/MD5, the wikipedia article said : "In 1996, a flaw was found with the design of MD5, and while it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1—which has since been found also to be vulnerable. In 2004, more serious flaws were discovered in MD5, making further use of the algorithm for security purposes questionable...In December 2008, a group of researchers used this technique to fake SSL certificate validity,[7][8] and US-CERT now says that MD5 "should be considered cryptographically broken and unsuitable for further use."[9] and most U.S. government applications now require the SHA-2 family of hash functions." org.jboss.sasl.util.UsernamePasswordHashUtil class use java.security.MessageDigest class. As you can see at : http://docs.oracle.com/javase/6/docs/api/java/security/MessageDigest.html, getAlgorithm function can use several hash or Message Digest Algorithms. The hash or Message Digest Algorithms available are : MD2 (weak), MD5 (weak), SHA-1 (weak), SHA-256, SHA-384, and SHA-512 http://docs.oracle.com/javase/1.5.0/docs/guide/security/CryptoSpec.html#AppA http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/Cry... Then can you replace the weakness MD5 Message Digest Algorithm used by add-user.sh by SHA-256 or AES-256. The security team in my big company want now that all the application servers used in the company use strong cipher algorithm as 3DES used by Oracle Weblogic 10 or as AES-256 used by Oracle Weblogic 11. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

2
10
0 / 0

[JBoss JIRA] (SASL-39) Support for stronger hashes as alternatives to MD5

by Darran Lofthouse (JIRA)

Darran Lofthouse created SASL-39: ------------------------------------ Summary: Support for stronger hashes as alternatives to MD5 Key: SASL-39 URL: https://issues.jboss.org/browse/SASL-39 Project: JBoss SASL Provider Issue Type: Feature Request Security Level: Public (Everyone can see) Reporter: Darran Lofthouse Fix For: 1.0.4.CR1 Presently Digest authentication is based on MD5 - however we should either update the mechanism or add new mechanisms to support the use of stronger hashes. As this library is used both client and server side installations that require the stronger hashes can just ensure the client and server have the latest version of this library - installations that still require interaction with MD5 will need to ensure that it is still available as a mechanism. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
0
0 / 0

[JBoss JIRA] (AS7-3977) Serve gzip encoded console resources

by Heiko Braun (JIRA)

Heiko Braun created AS7-3977: -------------------------------- Summary: Serve gzip encoded console resources Key: AS7-3977 URL: https://issues.jboss.org/browse/AS7-3977 Project: Application Server 7 Issue Type: Feature Request Components: Console, Domain Management Reporter: Heiko Braun Assignee: Heiko Braun Fix For: 7.1.2.Final To decrease network latency when loading the console form a remote host. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

3
6
0 / 0

[JBoss JIRA] (AS7-6041) CDI Decorator for a JAX-RS annotated interface results in WELD-001306

by Jozef Hartinger (JIRA)

[ https://issues.jboss.org/browse/AS7-6041?page=com.atlassian.jira.plugin.s... ] Jozef Hartinger commented on AS7-6041: -------------------------------------- The problem here is that both the root resource and its decorator implement a JAX-RS-annotated interface. As a result, RESTEasy registers both the resource class and the decorator as resources. RESTEasy then tries to instantiate the abstract decorator class. A CDI decorator should never be registered as a JAX-RS resource, no matter if it's abstract or not. To reproduce, build the application above and visit http://localhost:8080/restTest/rest/user > CDI Decorator for a JAX-RS annotated interface results in WELD-001306 > --------------------------------------------------------------------- > > Key: AS7-6041 > URL: https://issues.jboss.org/browse/AS7-6041 > Project: Application Server 7 > Issue Type: Bug > Components: REST > Affects Versions: 7.1.1.Final > Reporter: Daniel Sachse > Assignee: Stuart Douglas > Fix For: 7.2.0.Alpha1 > > > I already bugged the Errai and Resteasy guys with my problem, but I was told that you guys are in charge of this ;) > I possibly discovered a bug in the Weld implementation provided with JBoss 7.1.1.Final. > I was playing around with Errai and JAX-RS and I discovered that when I add the JAX-RS annotations to the interface this works as expected. > As soon as I start to use a CDI Decorator with the JAX-RS interface, i start getting the following error: > "org.jboss.weld.exceptions.UnproxyableResolutionException: WELD-001306 Attempting to inject an unproxyable normal scoped bean Decorator….." > If I then put the JAX-RS annotations back at the implementation, everything works fine. Unfortunately this behavior is not working for me, because Errai needs the annotations at the interface to create client code. > As I was unsure if this only happened with Errai on the classpath, I created a very little demo project, which exactly shows the bug I mentioned: https://github.com/w0mbat/RESTTest -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
0
0 / 0

[JBoss JIRA] (AS7-6041) CDI Decorator for a JAX-RS annotated interface results in WELD-001306

by Jozef Hartinger (JIRA)

[ https://issues.jboss.org/browse/AS7-6041?page=com.atlassian.jira.plugin.s... ] Jozef Hartinger moved WELD-1252 to AS7-6041: -------------------------------------------- Project: Application Server 7 (was: Weld) Key: AS7-6041 (was: WELD-1252) Workflow: GIT Pull Request workflow (was: jira) Affects Version/s: 7.1.1.Final (was: 1.1.5.Final) Fix Version/s: 7.2.0.Alpha1 (was: 2.0.0.CR1) > CDI Decorator for a JAX-RS annotated interface results in WELD-001306 > --------------------------------------------------------------------- > > Key: AS7-6041 > URL: https://issues.jboss.org/browse/AS7-6041 > Project: Application Server 7 > Issue Type: Bug > Affects Versions: 7.1.1.Final > Reporter: Daniel Sachse > Assignee: Jozef Hartinger > Fix For: 7.2.0.Alpha1 > > > I already bugged the Errai and Resteasy guys with my problem, but I was told that you guys are in charge of this ;) > I possibly discovered a bug in the Weld implementation provided with JBoss 7.1.1.Final. > I was playing around with Errai and JAX-RS and I discovered that when I add the JAX-RS annotations to the interface this works as expected. > As soon as I start to use a CDI Decorator with the JAX-RS interface, i start getting the following error: > "org.jboss.weld.exceptions.UnproxyableResolutionException: WELD-001306 Attempting to inject an unproxyable normal scoped bean Decorator….." > If I then put the JAX-RS annotations back at the implementation, everything works fine. Unfortunately this behavior is not working for me, because Errai needs the annotations at the interface to create client code. > As I was unsure if this only happened with Errai on the classpath, I created a very little demo project, which exactly shows the bug I mentioned: https://github.com/w0mbat/RESTTest -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
0
0 / 0

[JBoss JIRA] (AS7-6041) CDI Decorator for a JAX-RS annotated interface results in WELD-001306

by Jozef Hartinger (JIRA)

[ https://issues.jboss.org/browse/AS7-6041?page=com.atlassian.jira.plugin.s... ] Jozef Hartinger updated AS7-6041: --------------------------------- Assignee: Stuart Douglas (was: Jozef Hartinger) Component/s: REST > CDI Decorator for a JAX-RS annotated interface results in WELD-001306 > --------------------------------------------------------------------- > > Key: AS7-6041 > URL: https://issues.jboss.org/browse/AS7-6041 > Project: Application Server 7 > Issue Type: Bug > Components: REST > Affects Versions: 7.1.1.Final > Reporter: Daniel Sachse > Assignee: Stuart Douglas > Fix For: 7.2.0.Alpha1 > > > I already bugged the Errai and Resteasy guys with my problem, but I was told that you guys are in charge of this ;) > I possibly discovered a bug in the Weld implementation provided with JBoss 7.1.1.Final. > I was playing around with Errai and JAX-RS and I discovered that when I add the JAX-RS annotations to the interface this works as expected. > As soon as I start to use a CDI Decorator with the JAX-RS interface, i start getting the following error: > "org.jboss.weld.exceptions.UnproxyableResolutionException: WELD-001306 Attempting to inject an unproxyable normal scoped bean Decorator….." > If I then put the JAX-RS annotations back at the implementation, everything works fine. Unfortunately this behavior is not working for me, because Errai needs the annotations at the interface to create client code. > As I was unsure if this only happened with Errai on the classpath, I created a very little demo project, which exactly shows the bug I mentioned: https://github.com/w0mbat/RESTTest -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira November 2012