[JBoss JIRA] (WFLY-1477) JACC HttpServletRequestPolicyContextHandler removal on single application undeploy impacting all other deployed applications
by Remy Maucherat (JIRA)
[ https://issues.jboss.org/browse/WFLY-1477?page=com.atlassian.jira.plugin.... ]
Remy Maucherat commented on WFLY-1477:
--------------------------------------
Well, the bug is assigned to JBoss Web, not Undertow, and was real (it got fixed in the web subsystem). So if something is wrong about undertow in Wildfly, it is a different issue.
> JACC HttpServletRequestPolicyContextHandler removal on single application undeploy impacting all other deployed applications
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-1477
> URL: https://issues.jboss.org/browse/WFLY-1477
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (JBoss Web)
> Affects Versions: 8.0.0.Alpha1
> Environment: CentOS 6.x, JBoss AS 7.1.1.Final
> Reporter: Steve S
> Assignee: Remy Maucherat
> Labels: domain, jaas, jboss, jbossweb, login, module, security
>
> Please see the following forum post for a detailed explanation and findings(and potential workaround):
> https://community.jboss.org/message/822054#822054
> If multiple WARs are deployed that depend on a login module leveraging:
> HttpServletRequest request = (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
> then upon undeploy of any web application in the container the HttpServletRequestPolicyContextHandler is removed(deregistered) in the stop() lifecycle method of the JBossWebRealmService, resulting in:
> 13:03:35,335 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (ajp--0.0.0.0-8009-1) Login failure: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: No PolicyContextHandler for key=javax.servlet.http.HttpServletRequest at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:117)
> for any webapps still deployed for every subsequent access to them.
> Simply redeploying any ONE of the remaining webapps or the previously undeployed webapp causes this problem to go away for all deployed applications.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months
[JBoss JIRA] (WFLY-2584) RBAC: Silent failure of run-as role mapping
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-2584?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse commented on WFLY-2584:
----------------------------------------
I see no reason not to fail, the client only has the ability to request a reduced set of roles - if one of the roles they are requesting does not exist they should be informed.
Not reporting an error would only lead to confusion I think overall.
> RBAC: Silent failure of run-as role mapping
> -------------------------------------------
>
> Key: WFLY-2584
> URL: https://issues.jboss.org/browse/WFLY-2584
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Domain Management
> Affects Versions: 8.0.0.Beta1
> Reporter: Brian Stansberry
> Assignee: Darran Lofthouse
> Fix For: 8.0.0.CR1
>
>
> RunAsRoleMapper.mapRoles(Caller caller, Set<String> currentRoles, Set<String> runAsRoles, boolean sanitized) ignores false results from realRoleMapper.canRunAs(currentRoles, requestedRole) and just leaves the user running in their regular roles. Some sort of failure condition seems more appropriate.
> I noticed this when I was investigating WFLY-2318 caused by WFLY-2583. The improperly parsed role list was resulting in realRoleMapper.canRunAs(currentRoles, requestedRole) returning false so the call would just execute as SuperUser.
> Same thing would happen with a simple typo like {roles=Mnitor}.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months
[JBoss JIRA] (WFLY-1994) JPA module throws NPE when binding unavailable persistence unit
by Scott Marlow (JIRA)
[ https://issues.jboss.org/browse/WFLY-1994?page=com.atlassian.jira.plugin.... ]
Scott Marlow updated WFLY-1994:
-------------------------------
Fix Version/s: 8.0.0.CR1
> JPA module throws NPE when binding unavailable persistence unit
> ---------------------------------------------------------------
>
> Key: WFLY-1994
> URL: https://issues.jboss.org/browse/WFLY-1994
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JPA / Hibernate
> Affects Versions: 8.0.0.Alpha4
> Environment: Fedora 19, Wildfly a0c7edb142b75d92276fb9fa9c0033ea1d583934 or AS7.2.0
> Reporter: Brent Douglas
> Assignee: Scott Marlow
> Fix For: 8.0.0.CR1
>
>
> When binding an unavailable PU to JNDI an NPE is thrown rather than a message explaining the problem.
> {noformat}
> 13:33:55,185 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service jboss.deployment.unit."fails.ear".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."fails.ear".POST_MODULE: JBAS018733: Failed to process phase POST_MODULE of deployment "fails.ear"
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:166) [wildfly-server-8.0.0.Beta1-SNAPSHOT.jar:8.0.0.Beta1-SNAPSHOT]
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1944) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1877) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
> at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
> Caused by: java.lang.NullPointerException
> at org.jboss.as.jpa.processor.PersistenceRefProcessor.getPersistenceUnitBindingSource(PersistenceRefProcessor.java:211)
> at org.jboss.as.jpa.processor.PersistenceRefProcessor.getPersistenceUnitRefs(PersistenceRefProcessor.java:127)
> at org.jboss.as.jpa.processor.PersistenceRefProcessor.processDescriptorEntries(PersistenceRefProcessor.java:78)
> at org.jboss.as.ee.component.deployers.AbstractDeploymentDescriptorBindingsProcessor.deploy(AbstractDeploymentDescriptorBindingsProcessor.java:95)
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:159) [wildfly-server-8.0.0.Beta1-SNAPSHOT.jar:8.0.0.Beta1-SNAPSHOT]
> ... 5 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months
[JBoss JIRA] (WFLY-1994) JPA module throws NPE when binding unavailable persistence unit
by Scott Marlow (JIRA)
[ https://issues.jboss.org/browse/WFLY-1994?page=com.atlassian.jira.plugin.... ]
Scott Marlow closed WFLY-1994.
------------------------------
> JPA module throws NPE when binding unavailable persistence unit
> ---------------------------------------------------------------
>
> Key: WFLY-1994
> URL: https://issues.jboss.org/browse/WFLY-1994
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JPA / Hibernate
> Affects Versions: 8.0.0.Alpha4
> Environment: Fedora 19, Wildfly a0c7edb142b75d92276fb9fa9c0033ea1d583934 or AS7.2.0
> Reporter: Brent Douglas
> Assignee: Scott Marlow
> Fix For: 8.0.0.CR1
>
>
> When binding an unavailable PU to JNDI an NPE is thrown rather than a message explaining the problem.
> {noformat}
> 13:33:55,185 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service jboss.deployment.unit."fails.ear".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."fails.ear".POST_MODULE: JBAS018733: Failed to process phase POST_MODULE of deployment "fails.ear"
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:166) [wildfly-server-8.0.0.Beta1-SNAPSHOT.jar:8.0.0.Beta1-SNAPSHOT]
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1944) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1877) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
> at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
> Caused by: java.lang.NullPointerException
> at org.jboss.as.jpa.processor.PersistenceRefProcessor.getPersistenceUnitBindingSource(PersistenceRefProcessor.java:211)
> at org.jboss.as.jpa.processor.PersistenceRefProcessor.getPersistenceUnitRefs(PersistenceRefProcessor.java:127)
> at org.jboss.as.jpa.processor.PersistenceRefProcessor.processDescriptorEntries(PersistenceRefProcessor.java:78)
> at org.jboss.as.ee.component.deployers.AbstractDeploymentDescriptorBindingsProcessor.deploy(AbstractDeploymentDescriptorBindingsProcessor.java:95)
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:159) [wildfly-server-8.0.0.Beta1-SNAPSHOT.jar:8.0.0.Beta1-SNAPSHOT]
> ... 5 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months
[JBoss JIRA] (WFLY-1994) JPA module throws NPE when binding unavailable persistence unit
by Scott Marlow (JIRA)
[ https://issues.jboss.org/browse/WFLY-1994?page=com.atlassian.jira.plugin.... ]
Scott Marlow commented on WFLY-1994:
------------------------------------
Thanks for the fix Andrei Tretyakov!
> JPA module throws NPE when binding unavailable persistence unit
> ---------------------------------------------------------------
>
> Key: WFLY-1994
> URL: https://issues.jboss.org/browse/WFLY-1994
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JPA / Hibernate
> Affects Versions: 8.0.0.Alpha4
> Environment: Fedora 19, Wildfly a0c7edb142b75d92276fb9fa9c0033ea1d583934 or AS7.2.0
> Reporter: Brent Douglas
> Assignee: Scott Marlow
>
> When binding an unavailable PU to JNDI an NPE is thrown rather than a message explaining the problem.
> {noformat}
> 13:33:55,185 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service jboss.deployment.unit."fails.ear".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."fails.ear".POST_MODULE: JBAS018733: Failed to process phase POST_MODULE of deployment "fails.ear"
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:166) [wildfly-server-8.0.0.Beta1-SNAPSHOT.jar:8.0.0.Beta1-SNAPSHOT]
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1944) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1877) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_25]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_25]
> at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_25]
> Caused by: java.lang.NullPointerException
> at org.jboss.as.jpa.processor.PersistenceRefProcessor.getPersistenceUnitBindingSource(PersistenceRefProcessor.java:211)
> at org.jboss.as.jpa.processor.PersistenceRefProcessor.getPersistenceUnitRefs(PersistenceRefProcessor.java:127)
> at org.jboss.as.jpa.processor.PersistenceRefProcessor.processDescriptorEntries(PersistenceRefProcessor.java:78)
> at org.jboss.as.ee.component.deployers.AbstractDeploymentDescriptorBindingsProcessor.deploy(AbstractDeploymentDescriptorBindingsProcessor.java:95)
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:159) [wildfly-server-8.0.0.Beta1-SNAPSHOT.jar:8.0.0.Beta1-SNAPSHOT]
> ... 5 more
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months
[JBoss JIRA] (WFLY-1477) JACC HttpServletRequestPolicyContextHandler removal on single application undeploy impacting all other deployed applications
by Frank Cornelis (JIRA)
[ https://issues.jboss.org/browse/WFLY-1477?page=com.atlassian.jira.plugin.... ]
Frank Cornelis commented on WFLY-1477:
--------------------------------------
What do you mean by "using web with WildFly"? I use the default Undertow. From a servlet I end up in some EJB3 session bean. There I do:
HttpServletRequest request = (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
and then it explodes. This should not happen. I should be able to get the HttpServletRequest.
> JACC HttpServletRequestPolicyContextHandler removal on single application undeploy impacting all other deployed applications
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-1477
> URL: https://issues.jboss.org/browse/WFLY-1477
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (JBoss Web)
> Affects Versions: 8.0.0.Alpha1
> Environment: CentOS 6.x, JBoss AS 7.1.1.Final
> Reporter: Steve S
> Assignee: Remy Maucherat
> Labels: domain, jaas, jboss, jbossweb, login, module, security
>
> Please see the following forum post for a detailed explanation and findings(and potential workaround):
> https://community.jboss.org/message/822054#822054
> If multiple WARs are deployed that depend on a login module leveraging:
> HttpServletRequest request = (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
> then upon undeploy of any web application in the container the HttpServletRequestPolicyContextHandler is removed(deregistered) in the stop() lifecycle method of the JBossWebRealmService, resulting in:
> 13:03:35,335 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (ajp--0.0.0.0-8009-1) Login failure: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: No PolicyContextHandler for key=javax.servlet.http.HttpServletRequest at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:117)
> for any webapps still deployed for every subsequent access to them.
> Simply redeploying any ONE of the remaining webapps or the previously undeployed webapp causes this problem to go away for all deployed applications.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months
[JBoss JIRA] (WFLY-1477) JACC HttpServletRequestPolicyContextHandler removal on single application undeploy impacting all other deployed applications
by Remy Maucherat (JIRA)
[ https://issues.jboss.org/browse/WFLY-1477?page=com.atlassian.jira.plugin.... ]
Remy Maucherat commented on WFLY-1477:
--------------------------------------
You mean you're still using web with Wildfly ? That would not be supported anymore.
> JACC HttpServletRequestPolicyContextHandler removal on single application undeploy impacting all other deployed applications
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-1477
> URL: https://issues.jboss.org/browse/WFLY-1477
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (JBoss Web)
> Affects Versions: 8.0.0.Alpha1
> Environment: CentOS 6.x, JBoss AS 7.1.1.Final
> Reporter: Steve S
> Assignee: Remy Maucherat
> Labels: domain, jaas, jboss, jbossweb, login, module, security
>
> Please see the following forum post for a detailed explanation and findings(and potential workaround):
> https://community.jboss.org/message/822054#822054
> If multiple WARs are deployed that depend on a login module leveraging:
> HttpServletRequest request = (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
> then upon undeploy of any web application in the container the HttpServletRequestPolicyContextHandler is removed(deregistered) in the stop() lifecycle method of the JBossWebRealmService, resulting in:
> 13:03:35,335 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (ajp--0.0.0.0-8009-1) Login failure: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: No PolicyContextHandler for key=javax.servlet.http.HttpServletRequest at javax.security.jacc.PolicyContext.getContext(PolicyContext.java:117)
> for any webapps still deployed for every subsequent access to them.
> Simply redeploying any ONE of the remaining webapps or the previously undeployed webapp causes this problem to go away for all deployed applications.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 6 months