[JBoss JIRA] (JBCOMMON-131) Setting cache timeout for JAAS under jboss-eap-6.1 does not work
by Dimitris Andreadis (JIRA)
[ https://issues.jboss.org/browse/JBCOMMON-131?page=com.atlassian.jira.plug... ]
Dimitris Andreadis closed JBCOMMON-131.
---------------------------------------
Resolution: Rejected
Sorry, this report has nothing to do with the JBoss Commons project.
> Setting cache timeout for JAAS under jboss-eap-6.1 does not work
> ----------------------------------------------------------------
>
> Key: JBCOMMON-131
> URL: https://issues.jboss.org/browse/JBCOMMON-131
> Project: JBoss Common
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Environment: jboss-eap-6.1
> Reporter: Artur Mioduszewski
> Assignee: Dimitris Andreadis
>
> When: cache-type="default" in security-domain configuration -> authentication works correctly.
> When I have used below configuration in order to try to set cache timeout in JAAS -> JAAS authentication stops to work - I am not able to log in (on JBoss console there are not any errors)
> <code>
> ...
> <security-domain name="myJaasDomain" cache-type="infinispan">
> <authentication>
> <login-module code="Database" flag="required">
> <module-option name="dsJndiName" value="java:jboss/datasources/digital-signal-service-dev-ws-DS"/>
> <module-option name="principalsQuery" value="SELECT l.PASSWORD FROM LOGIN l WHERE l.USERNAME=?"/>
> <module-option name="rolesQuery" value="SELECT ar.NAME, 'Roles' FROM login l, login_access_group lg, access_group g, access_group_s_access_right ga, s_access_right ar WHERE l.username = ? AND l.id = lg.login_ID AND lg.groups_ID = g.id AND g.ID = ga.access_group_ID AND ga.accessRights_ID = ar.ID"/>
> <module-option name="hashAlgorithm" value="MD5"/>
> <module-option name="hashEncoding" value="base64"/>
> <module-option name="unauthenticatedIdentity" value="guest"/>
> </login-module>
> </authentication>
> </security-domain>
> ...
> <subsystem xmlns="urn:jboss:domain:infinispan:1.2" default-cache-container="web">
> <cache-container name="cluster" aliases="ha-partition" default-cache="default">
> <transport lock-timeout="60000"/>
> <replicated-cache name="default" mode="SYNC" batching="true">
> <locking isolation="REPEATABLE_READ"/>
> </replicated-cache>
> </cache-container>
> <cache-container name="web" aliases="standard-session-cache" default-cache="repl">
> <transport lock-timeout="60000"/>
> <replicated-cache name="repl" mode="ASYNC" batching="true">
> <file-store/>
> </replicated-cache>
> <replicated-cache name="sso" mode="SYNC" batching="true"/>
> <distributed-cache name="dist" mode="ASYNC" batching="true">
> <file-store/>
> </distributed-cache>
> </cache-container>
> <cache-container name="ejb" aliases="sfsb sfsb-cache" default-cache="repl">
> <transport lock-timeout="60000"/>
> <replicated-cache name="repl" mode="ASYNC" batching="true">
> <file-store/>
> </replicated-cache>
> <replicated-cache name="remote-connector-client-mappings" mode="SYNC" batching="true"/>
> <distributed-cache name="dist" mode="ASYNC" batching="true">
> <file-store/>
> </distributed-cache>
> </cache-container>
> <cache-container name="hibernate" default-cache="local-query">
> <transport lock-timeout="60000"/>
> <local-cache name="local-query">
> <transaction mode="NONE"/>
> <expiration max-idle="100000"/>
> </local-cache>
> <invalidation-cache name="entity" mode="SYNC">
> <transaction mode="NON_XA"/>
> <expiration max-idle="100000"/>
> </invalidation-cache>
> <replicated-cache name="timestamps" mode="ASYNC">
> <transaction mode="NONE"/>
> </replicated-cache>
> </cache-container>
> </subsystem>
> ...
> <code>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 6 months
[JBoss JIRA] (JGRP-1729) Implement a SASL AuthToken
by David Lloyd (JIRA)
[ https://issues.jboss.org/browse/JGRP-1729?page=com.atlassian.jira.plugin.... ]
David Lloyd commented on JGRP-1729:
-----------------------------------
JBoss SASL isn't a SASL framework, it's just some improved and supplementary mechanisms for the existing JDK SASL APIs.
> Implement a SASL AuthToken
> --------------------------
>
> Key: JGRP-1729
> URL: https://issues.jboss.org/browse/JGRP-1729
> Project: JGroups
> Issue Type: Feature Request
> Reporter: Tristan Tarrant
> Assignee: Tristan Tarrant
> Labels: security
> Fix For: 3.5
>
>
> Implementing a SASL AuthToken will give us the ability to use whatever SASL mechs are offered by the underlying platform without introducing new dependencies. It would also replace many of the currently provided AuthToken implementations (MD5, X509, Krb5) with a more secure, flexible implementation (e.g. safe from replay attacks)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 6 months
[JBoss JIRA] (WFLY-2203) Error deploying multiple *-ds.xml files
by SBS JIRA Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-2203?page=com.atlassian.jira.plugin.... ]
SBS JIRA Integration updated WFLY-2203:
---------------------------------------
Forum Reference: https://community.jboss.org/message/844535#844535
> Error deploying multiple *-ds.xml files
> ---------------------------------------
>
> Key: WFLY-2203
> URL: https://issues.jboss.org/browse/WFLY-2203
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JCA
> Affects Versions: 8.0.0.Beta1
> Reporter: Nick Howes
> Assignee: Stefano Maestri
> Priority: Minor
> Fix For: 8.0.0.Final
>
>
> Our individual *-ds.xml datasources were all deploying fine in Alpha4 but in the Beta1 nightlies this error appears on startup:
> {noformat}
> 15:07:52,111 ERROR [org.jboss.msc.service] (MSC service thread 1-4) MSC000002: Invocation of listener "org.jboss.as.connector.subsystems.datasources.D
> ataSourceStatisticsListener@7d18ac99" failed: java.lang.IllegalArgumentException: JBAS014742: A node is already registered at '(deployment => *)(subsy
> stem => datasources)(data-source => *)(statistics => jdbc)'
> at org.jboss.as.controller.registry.NodeSubregistry.register(NodeSubregistry.java:86) [wildfly-controller-8.0.0.Beta1-SNAPSHOT.jar:8.0.0.Beta1
> -SNAPSHOT]
> at org.jboss.as.controller.registry.ConcreteResourceRegistration.registerSubModel(ConcreteResourceRegistration.java:149) [wildfly-controller-8
> .0.0.Beta1-SNAPSHOT.jar:8.0.0.Beta1-SNAPSHOT]
> at org.jboss.as.controller.registry.AbstractResourceRegistration.registerSubModel(AbstractResourceRegistration.java:90) [wildfly-controller-8.
> 0.0.Beta1-SNAPSHOT.jar:8.0.0.Beta1-SNAPSHOT]
> at org.jboss.as.connector.subsystems.datasources.DataSourceStatisticsListener.transition(DataSourceStatisticsListener.java:72) [wildfly-connec
> tor-8.0.0.Beta1-SNAPSHOT.jar:8.0.0.Beta1-SNAPSHOT]
> at org.jboss.msc.service.ServiceControllerImpl.invokeListener(ServiceControllerImpl.java:1533) [jboss-msc-1.2.0.Beta2.jar:1.2.0.Beta2]
> {noformat}
> Our datasource files look like this. I haven't tried putting all the datasource elements into one file.
> {code}
> <?xml version="1.0" encoding="UTF-8"?>
> <datasources>
> <datasource jndi-name="java:/AlphaDS" enabled="true" use-java-context="true" pool-name="AlphaDS">
> <connection-url>jdbc:oracle:thin://@db-host:1666/dev-db</connection-url>
> <driver>oracle</driver>
> <security>
> <user-name>XXX</user-name>
> <password>YYY</password>
> </security>
> <connection-property name="defaultNChar">true</connection-property>
> </datasource>
> </datasources>
> {code}
> {code}
> <?xml version="1.0" encoding="UTF-8"?>
> <datasources>
> <datasource jndi-name="java:/BetaDS" enabled="true" use-java-context="true" pool-name="BetaDS">
> <connection-url>jdbc:oracle:thin://@db-host:1666/dev-db</connection-url>
> <driver>oracle</driver>
> <security>
> <user-name>XXX</user-name>
> <password>YYY</password>
> </security>
> <connection-property name="defaultNChar">true</connection-property>
> </datasource>
> </datasources>
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 6 months
[JBoss JIRA] (JGRP-1729) Implement a SASL AuthToken
by Anil Saldhana (JIRA)
[ https://issues.jboss.org/browse/JGRP-1729?page=com.atlassian.jira.plugin.... ]
Anil Saldhana commented on JGRP-1729:
-------------------------------------
Please take a look at jboss-sasl from Darran Lofthouse. Please dont try to reinvent and create your own sasl framework. ;)
> Implement a SASL AuthToken
> --------------------------
>
> Key: JGRP-1729
> URL: https://issues.jboss.org/browse/JGRP-1729
> Project: JGroups
> Issue Type: Feature Request
> Reporter: Tristan Tarrant
> Assignee: Tristan Tarrant
> Labels: security
> Fix For: 3.5
>
>
> Implementing a SASL AuthToken will give us the ability to use whatever SASL mechs are offered by the underlying platform without introducing new dependencies. It would also replace many of the currently provided AuthToken implementations (MD5, X509, Krb5) with a more secure, flexible implementation (e.g. safe from replay attacks)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 6 months
[JBoss JIRA] (JGRP-1675) Threads stuck in FlowControl.decrementIfEnoughCredits
by Bela Ban (JIRA)
[ https://issues.jboss.org/browse/JGRP-1675?page=com.atlassian.jira.plugin.... ]
Bela Ban commented on JGRP-1675:
--------------------------------
Both RemoteGetStressTest and UPerf2 pass now.
> Threads stuck in FlowControl.decrementIfEnoughCredits
> -----------------------------------------------------
>
> Key: JGRP-1675
> URL: https://issues.jboss.org/browse/JGRP-1675
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 3.4
> Reporter: Radim Vansa
> Assignee: Bela Ban
> Fix For: 3.4.1, 3.5
>
> Attachments: jgroups-udp-radim.xml, RemoteGetStressTest.java, UPerf2.java
>
>
> I have recently observed a repeated situation where many (or all) threads have been stuck waiting for credits in FlowControl protocol.
> The credit request was not handled on the other node as this is non-oob message and some (actually many of them - cause unknown) messages before the request have been lost - therefore the request was waiting for them to be re-sent.
> However, these have not been re-sent properly as the retransmission request was not received - all OOB threads were stuck in the FlowControl protocol as these handled some other request and tried to send a response - but the response could not be sent until FlowControl gets the credits.
> The probability of such situation could be lowered by tagging the credit request to be OOB - then it would be handled immediately. If the credit replenish message would then be processed in regular OOB pool, this could get already depleted by many requests, but setting up the internal thread pool would solve the problem.
> Other consideration would be to allow releasing thread from FlowControl (let it send the message even without credits) if it waits there for too long.
> h3. Workaround
> It appears that setting MFC and UFC max_credits to 10M or removing these protocols at all is a workaround for this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 6 months
[JBoss JIRA] (JGRP-1675) Threads stuck in FlowControl.decrementIfEnoughCredits
by Bela Ban (JIRA)
[ https://issues.jboss.org/browse/JGRP-1675?page=com.atlassian.jira.plugin.... ]
Bela Ban updated JGRP-1675:
---------------------------
Fix Version/s: 3.4.1
> Threads stuck in FlowControl.decrementIfEnoughCredits
> -----------------------------------------------------
>
> Key: JGRP-1675
> URL: https://issues.jboss.org/browse/JGRP-1675
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 3.4
> Reporter: Radim Vansa
> Assignee: Bela Ban
> Fix For: 3.4.1, 3.5
>
> Attachments: jgroups-udp-radim.xml, RemoteGetStressTest.java, UPerf2.java
>
>
> I have recently observed a repeated situation where many (or all) threads have been stuck waiting for credits in FlowControl protocol.
> The credit request was not handled on the other node as this is non-oob message and some (actually many of them - cause unknown) messages before the request have been lost - therefore the request was waiting for them to be re-sent.
> However, these have not been re-sent properly as the retransmission request was not received - all OOB threads were stuck in the FlowControl protocol as these handled some other request and tried to send a response - but the response could not be sent until FlowControl gets the credits.
> The probability of such situation could be lowered by tagging the credit request to be OOB - then it would be handled immediately. If the credit replenish message would then be processed in regular OOB pool, this could get already depleted by many requests, but setting up the internal thread pool would solve the problem.
> Other consideration would be to allow releasing thread from FlowControl (let it send the message even without credits) if it waits there for too long.
> h3. Workaround
> It appears that setting MFC and UFC max_credits to 10M or removing these protocols at all is a workaround for this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 6 months