October 2013 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-2305) add-user utility reports "No java.io.Console available to interact with user." when used silently with su and piped to a file.

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFLY-2305?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on WFLY-2305: ----------------------------------------------- Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1019264|https://bugzilla.redhat.com/show_bug.cgi?id=1019264] from MODIFIED to ON_QA > add-user utility reports "No java.io.Console available to interact with user." when used silently with su and piped to a file. > ------------------------------------------------------------------------------------------------------------------------------ > > Key: WFLY-2305 > URL: https://issues.jboss.org/browse/WFLY-2305 > Project: WildFly > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Domain Management, Security > Affects Versions: 8.0.0.Beta1 > Environment: WildFly snapshot of master 15-oct-2013 > Reporter: Tom Fonteyne > Assignee: Darran Lofthouse > Fix For: 8.0.0.CR1 > > > Running add-user.sh in silent mode and redirecting the output to a file results in an exception: > Exception in thread "main" java.lang.IllegalStateException: JBAS015232: No java.io.Console available to interact with user. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2296) Patched state is missing the updated resulting version

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFLY-2296?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on WFLY-2296: ----------------------------------------------- Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1018181|https://bugzilla.redhat.com/show_bug.cgi?id=1018181] from MODIFIED to ON_QA > Patched state is missing the updated resulting version > ------------------------------------------------------ > > Key: WFLY-2296 > URL: https://issues.jboss.org/browse/WFLY-2296 > Project: WildFly > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Patching > Affects Versions: 8.0.0.Beta1 > Reporter: Emanuel Muckenhuber > Assignee: Emanuel Muckenhuber > Fix For: 8.0.0.CR1 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2373) patching resource does not get registered on slave hosts

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFLY-2373?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on WFLY-2373: ----------------------------------------------- Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1022973|https://bugzilla.redhat.com/show_bug.cgi?id=1022973] from MODIFIED to ON_QA > patching resource does not get registered on slave hosts > -------------------------------------------------------- > > Key: WFLY-2373 > URL: https://issues.jboss.org/browse/WFLY-2373 > Project: WildFly > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Patching > Affects Versions: 8.0.0.Beta1 > Reporter: Emanuel Muckenhuber > Assignee: Emanuel Muckenhuber > Fix For: 8.0.0.CR1 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2383) resource-adapter id attribute has to match ra name otherwise MDB is not deployed

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFLY-2383?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on WFLY-2383: ----------------------------------------------- Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1012044|https://bugzilla.redhat.com/show_bug.cgi?id=1012044] from MODIFIED to ON_QA > resource-adapter id attribute has to match ra name otherwise MDB is not deployed > -------------------------------------------------------------------------------- > > Key: WFLY-2383 > URL: https://issues.jboss.org/browse/WFLY-2383 > Project: WildFly > Issue Type: Bug > Security Level: Public(Everyone can see) > Reporter: Stefano Maestri > Assignee: Stefano Maestri > > The resource-adapter id has to have the same name as the ra archive has. Otherwise the the MDB is not deployed. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2385) Resource adapter recovery doesn't allow fallback to security credentials

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFLY-2385?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on WFLY-2385: ----------------------------------------------- Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1023446|https://bugzilla.redhat.com/show_bug.cgi?id=1023446] from MODIFIED to ON_QA > Resource adapter recovery doesn't allow fallback to security credentials > ------------------------------------------------------------------------- > > Key: WFLY-2385 > URL: https://issues.jboss.org/browse/WFLY-2385 > Project: WildFly > Issue Type: Bug > Security Level: Public(Everyone can see) > Reporter: Stefano Maestri > Assignee: Stefano Maestri > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2338) When using a JDBC object store, the RecoveryManager service stop can occur after the datasource is already stopped

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFLY-2338?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on WFLY-2338: ----------------------------------------------- Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1020881|https://bugzilla.redhat.com/show_bug.cgi?id=1020881] from MODIFIED to ON_QA > When using a JDBC object store, the RecoveryManager service stop can occur after the datasource is already stopped > ------------------------------------------------------------------------------------------------------------------ > > Key: WFLY-2338 > URL: https://issues.jboss.org/browse/WFLY-2338 > Project: WildFly > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Transactions > Reporter: Tom Jenkinson > Assignee: Stefano Maestri > Attachments: 0001-patching-servicename-for-ds-dependency.patch > > > It should be the cause of https://bugzilla.redhat.com/show_bug.cgi?id=1020881 > It has the effects described in the BZ, i.e. can cause warnings or can entirely block the application server from stopping -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2317) Trying to remove a server group as a server-group-scoped role leaks information

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFLY-2317?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on WFLY-2317: ----------------------------------------------- Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1019784|https://bugzilla.redhat.com/show_bug.cgi?id=1019784] from MODIFIED to ON_QA > Trying to remove a server group as a server-group-scoped role leaks information > ------------------------------------------------------------------------------- > > Key: WFLY-2317 > URL: https://issues.jboss.org/browse/WFLY-2317 > Project: WildFly > Issue Type: Sub-task > Security Level: Public(Everyone can see) > Components: Domain Management > Reporter: Ladislav Thon > Assignee: Brian Stansberry > Labels: rbac-filed-by-qa > Fix For: 8.0.0.CR1 > > > When writing a small test case for WFLY-2190, I stumbled upon a problem: trying to remove an existing server group by a server-group-scoped user that does NOT have permissions to that server group leaks information. On a freshly built WildFly with added {{admin}} user into {{domain/configuration/mgmt-users.properties}}, it can be reproduced like this: > {code} > [1] ./bin/domain.sh > [2] ./bin/jboss-cli.sh -c > /core-service=management/access=authorization/server-group-scoped-role=NewRole:add(base-role=administrator, server-groups=[main-server-group]) > /core-service=management/access=authorization/role-mapping=NewRole:add > /core-service=management/access=authorization/role-mapping=NewRole/include=user-admin:add(name=admin, type=user) > /core-service=management/access=authorization:write-attribute(name=provider, value=rbac) > exit > [1] ^C > ./bin/domain.sh > [2] ./bin/jboss-cli.sh -c --user=admin --password=XXX > /server-group=other-server-group:read-resource > /server-group=other-server-group:remove > {code} > What does that mean? The {{NewRole}} is scoped to the {{main-server-group}} server group and can't see {{other-server-group}}. When doing {{/server-group=other-server-group:read-resource}}, this is correctly enforced and the output looks like this: > {code} > { > "outcome" => "failed", > "failure-description" => "JBAS014807: Management resource '[(\"server-group\" => \"other-server-group\")]' not found", > "rolled-back" => true > } > {code} > However, trying to do {{/server-group=other-server-group:remove}}, which is only a different operation _on the same resource_, I get a different error message: > {code} > { > "outcome" => "failed", > "failure-description" => {"domain-failure-description" => "JBAS013456: Unauthorized to execute operation 'remove' for resource '[(\"server-group\" => \"other-server-group\")]' -- \"JBAS013475: Permission denied\""}, > "rolled-back" => true > } > {code} > I expect the error message to be completely the same as in previous case, not leaking any information that the {{other-server-group}} actually exists. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2394) AccessControlContext and management users Subject leaking into thread pool of host controller executor.

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFLY-2394?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on WFLY-2394: ----------------------------------------------- Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1024072|https://bugzilla.redhat.com/show_bug.cgi?id=1024072] from MODIFIED to ON_QA > AccessControlContext and management users Subject leaking into thread pool of host controller executor. > ------------------------------------------------------------------------------------------------------- > > Key: WFLY-2394 > URL: https://issues.jboss.org/browse/WFLY-2394 > Project: WildFly > Issue Type: Sub-task > Security Level: Public(Everyone can see) > Components: Domain Management, Security > Affects Versions: 8.0.0.Beta1 > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 8.0.0.CR1 > > > The JBossThreadFactory in use for the executor service is allowing for the AccessControlContext of the thread submitting the Runnable task to the executor to be associated with the Thread created. > Additional precautions should be taken within the HostController to prevent this association. > Where a Subject does need to be associated this should be handled manually. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2354) Webservice13 tck failures introduced by ejb3 and security change

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFLY-2354?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on WFLY-2354: ----------------------------------------------- Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1021543|https://bugzilla.redhat.com/show_bug.cgi?id=1021543] from MODIFIED to ON_QA > Webservice13 tck failures introduced by ejb3 and security change > ----------------------------------------------------------------- > > Key: WFLY-2354 > URL: https://issues.jboss.org/browse/WFLY-2354 > Project: WildFly > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: EJB > Affects Versions: 8.0.0.Beta1 > Reporter: Emmanuel Hugonnet > Assignee: Emmanuel Hugonnet > > There 2 tck regression failures under webserivice13 directory in EAP 6.2.0.ER6. > IT turns out the change[2] introduced this two failures: > [1]https://jenkins.mw.lab.eng.bos.redhat.com/hudson/view/EAP6/view/TCK6-EA... > [2][2]https://github.com/jbossas/jboss-eap/commit/72d5cd3f96540519a9747579... > EAP 6.2.0.ER6 sever error message: > ------------------------------------------------------------------------------ > 18:32:00,338 ERROR [org.jboss.as.ejb3.invocation] (http-myserver.com/127.0.0.1:8080-1) JBAS014134: EJB Invocation failed on component WSEjbSingletonTest for method public java.lang.String com.sun.ts.tests.webservices13.ejb.annotations.WSEjbSingletonTest.HelloBean.bye(java.lang.String): javax.ejb.EJBException: java.lang.IllegalStateException: JBAS014485: EJB WSEjbSingletonTest is enabled for security but doesn't have a security domain set > at org.jboss.as.ejb3.tx.CMTTxInterceptor.handleExceptionInOurTx(CMTTxInterceptor.java:189) [jboss-as-ejb3-7.3.0.Final-redhat-SNAPSHOT.jar:7.3.0.Final-redhat-SNAPSHOT] -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-2270) Lack of model integrity checking regarding role mappings, standard role names and scoped role names.

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFLY-2270?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on WFLY-2270: ----------------------------------------------- Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1018738|https://bugzilla.redhat.com/show_bug.cgi?id=1018738] from MODIFIED to ON_QA > Lack of model integrity checking regarding role mappings, standard role names and scoped role names. > ---------------------------------------------------------------------------------------------------- > > Key: WFLY-2270 > URL: https://issues.jboss.org/browse/WFLY-2270 > Project: WildFly > Issue Type: Sub-task > Security Level: Public(Everyone can see) > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 8.0.0.CR1 > > > Take the following scoped role definition and assignment: - > {code} > <host-scoped-roles> > <role name="master-Monitior" base-role="MONITOR"> > <host name="master"/> > </role> > </host-scoped-roles> > {code} > {code} > <role name="master-Monitior" include-all="true"/> > {code} > Removal results in the following: - > {code} > [domain@localhost:9990 /] ./core-service=management/access=authorization/host-scoped-role=master-Monitior:remove > { > "outcome" => "failed", > "failure-description" => {"domain-failure-description" => "JBAS014749: Operation handler failed: JBAS013470: Unknown role 'MASTER-MONITIOR'"}, > "rolled-back" => true > } > {code} > Server side this is reported as: - > {code} > [Host Controller] 11:24:57,780 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) JBAS014612: Operation ("remove") failed - address: ([ > [Host Controller] ("core-service" => "management"), > [Host Controller] ("access" => "authorization"), > [Host Controller] ("host-scoped-role" => "master-Monitior") > [Host Controller] ]): java.lang.IllegalArgumentException: JBAS013470: Unknown role 'MASTER-MONITIOR' > [Host Controller] at org.jboss.as.controller.access.rbac.DefaultPermissionFactory.getUserPermissions(DefaultPermissionFactory.java:134) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.access.rbac.DefaultPermissionFactory.getUserPermissions(DefaultPermissionFactory.java:107) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.access.permission.ManagementPermissionAuthorizer.authorize(ManagementPermissionAuthorizer.java:99) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.access.management.DelegatingConfigurableAuthorizer.authorize(DelegatingConfigurableAuthorizer.java:98) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.OperationContextImpl.getBasicAuthorizationResponse(OperationContextImpl.java:1157) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.OperationContextImpl.authorize(OperationContextImpl.java:1059) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.OperationContextImpl.readResourceFromRoot(OperationContextImpl.java:542) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.domain.controller.operations.coordination.ServerOperationResolver.getServerOperations(ServerOperationResolver.java:232) > [Host Controller] at org.jboss.as.domain.controller.operations.coordination.ServerOperationsResolverHandler.getServerOperations(ServerOperationsResolverHandler.java:149) > [Host Controller] at org.jboss.as.domain.controller.operations.coordination.ServerOperationsResolverHandler.access$000(ServerOperationsResolverHandler.java:58) > [Host Controller] at org.jboss.as.domain.controller.operations.coordination.ServerOperationsResolverHandler$2.getServerOperations(ServerOperationsResolverHandler.java:113) > [Host Controller] at org.jboss.as.domain.controller.operations.coordination.HostControllerExecutionSupport$Factory$DomainOpExecutionSupport.getServerOps(HostControllerExecutionSupport.java:265) > [Host Controller] at org.jboss.as.domain.controller.operations.coordination.ServerOperationsResolverHandler.execute(ServerOperationsResolverHandler.java:124) > [Host Controller] at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:609) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:487) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:277) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:272) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:258) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:143) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:205) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:110) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$2.run(ModelControllerClientOperationHandler.java:157) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$2.run(ModelControllerClientOperationHandler.java:153) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_17] > [Host Controller] at javax.security.auth.Subject.doAs(Subject.java:415) [rt.jar:1.7.0_17] > [Host Controller] at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153) [wildfly-controller-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.protocol.mgmt.AbstractMessageHandler$2$1.doExecute(AbstractMessageHandler.java:296) [wildfly-protocol-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:518) [wildfly-protocol-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT] > [Host Controller] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_17] > [Host Controller] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_17] > [Host Controller] at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_17] > [Host Controller] at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.1.Final.jar:2.1.1.Final] > {code} > At this point I believe that role removal is actually successful, however a subsequent operation is failing as the role previously associated with the user no longer exists. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

11 years, 4 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira October 2013