[JBoss JIRA] (WFLY-2180) Thread threads pools inherit security context of submitting threads
by Stuart Douglas (JIRA)
[ https://issues.jboss.org/browse/WFLY-2180?page=com.atlassian.jira.plugin.... ]
Stuart Douglas commented on WFLY-2180:
--------------------------------------
Basically the way to fix this is to make sure that every thread pool we use uses a factory that sets the correct access control context for created threads. This can be easily done using a JBossThreadFactory.
> Thread threads pools inherit security context of submitting threads
> -------------------------------------------------------------------
>
> Key: WFLY-2180
> URL: https://issues.jboss.org/browse/WFLY-2180
> Project: WildFly
> Issue Type: Bug
> Components: EE, EJB, Server, Web (Undertow)
> Affects Versions: 8.0.0.Alpha4
> Reporter: Stuart Douglas
> Assignee: David Lloyd
>
> Some thread pool implementation will immediately create a new thread if work is submitted and there is not enough threads available to handle it. This newly created thread will inherit the access control context of the thread that is submitting the work, which essentially means that thread pool threads have a random access control context.
> This is the root cause of UNDERTOW-102, and likely other security manager related failures as well.
> I think that the best way to fix this is in the thread pool itself, as it should create the thread in a privileged block. We obviously cannot do this for JDK thread pools however.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 9 months
[JBoss JIRA] (WFLY-2139) ProxyStepHandler/Controller need to check access before attempting to read information
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-2139?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration commented on WFLY-2139:
-----------------------------------------------
Jakub Cechacek <jcechace(a)redhat.com> changed the Status of [bug 1010672|https://bugzilla.redhat.com/show_bug.cgi?id=1010672] from ON_QA to VERIFIED
> ProxyStepHandler/Controller need to check access before attempting to read information
> --------------------------------------------------------------------------------------
>
> Key: WFLY-2139
> URL: https://issues.jboss.org/browse/WFLY-2139
> Project: WildFly
> Issue Type: Sub-task
> Components: Domain Management, Security
> Reporter: Kabir Khan
> Assignee: Kabir Khan
> Fix For: 8.0.0.Beta1
>
>
> This affects things like recursive :read-resource(-description) :read-children-resources and so on. The problem as it stands is that if you have, say, a host scoped role scoped to host=master, and there is also a slave host controller, and you try to :read-resource(recursive=true,proxies=true), the master will list the slave host controller in its list of child addresses. It will then execute /host=slave:read-resource(recursive=true,proxies=true), which will fail and roll back the tx since the master host scoped role does not have access to that resource.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 9 months
[JBoss JIRA] (WFLY-2139) ProxyStepHandler/Controller need to check access before attempting to read information
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-2139?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration commented on WFLY-2139:
-----------------------------------------------
Jakub Cechacek <jcechace(a)redhat.com> made a comment on [bug 1010672|https://bugzilla.redhat.com/show_bug.cgi?id=1010672]
Verified 6.2.0.ER3
> ProxyStepHandler/Controller need to check access before attempting to read information
> --------------------------------------------------------------------------------------
>
> Key: WFLY-2139
> URL: https://issues.jboss.org/browse/WFLY-2139
> Project: WildFly
> Issue Type: Sub-task
> Components: Domain Management, Security
> Reporter: Kabir Khan
> Assignee: Kabir Khan
> Fix For: 8.0.0.Beta1
>
>
> This affects things like recursive :read-resource(-description) :read-children-resources and so on. The problem as it stands is that if you have, say, a host scoped role scoped to host=master, and there is also a slave host controller, and you try to :read-resource(recursive=true,proxies=true), the master will list the slave host controller in its list of child addresses. It will then execute /host=slave:read-resource(recursive=true,proxies=true), which will fail and roll back the tx since the master host scoped role does not have access to that resource.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 9 months
[JBoss JIRA] (WFLY-2089) Error executing composite operation as server group role
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-2089?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration commented on WFLY-2089:
-----------------------------------------------
Jakub Cechacek <jcechace(a)redhat.com> made a comment on [bug 1008087|https://bugzilla.redhat.com/show_bug.cgi?id=1008087]
verified 6.2.0.ER3
> Error executing composite operation as server group role
> --------------------------------------------------------
>
> Key: WFLY-2089
> URL: https://issues.jboss.org/browse/WFLY-2089
> Project: WildFly
> Issue Type: Sub-task
> Components: Domain Management
> Affects Versions: 8.0.0.Alpha4
> Reporter: Heiko Braun
> Assignee: Brian Stansberry
> Fix For: 8.0.0.Beta1
>
>
> This role
> {noformat}
> [domain@localhost:9999 /] /core-service=management/access=authorization/server-group-scoped-role=main-MAINTAINER:read-resource
> {
> "outcome" => "success",
> "result" => {
> "base-role" => "MAINTAINER",
> "server-groups" => ["main-server-group"]
> }
> }
> {noformat}
> ... executing this operation
> {noformat}
> [INFO] {
> [INFO] "address" => [],
> [INFO] "operation" => "composite",
> [INFO] "steps" => [
> [INFO] {
> [INFO] "address" => [],
> [INFO] "operation" => "read-children-resources",
> [INFO] "child-type" => "deployment"
> [INFO] },
> [INFO] {
> [INFO] "operation" => "read-children-resources",
> [INFO] "child-type" => "server-group"
> [INFO] },
> [INFO] {
> [INFO] "address" => [
> [INFO] ("server-group" => "*"),
> [INFO] ("deployment" => "*")
> [INFO] ],
> [INFO] "operation" => "read-resource"
> [INFO] }
> [INFO] ]
> [INFO] }
> {noformat}
> ... leads to:
> {noformat}
> [Host Controller] 19:37:41,713 FINE [com.sun.net.httpserver] (HttpManagementService-threads - 2) POST /management HTTP/1.1 [401 Unauthorized] ()
> [Host Controller] 19:37:41,713 FINE [com.sun.net.httpserver] (HttpManagementService-threads - 1) POST /management HTTP/1.1 [401 Unauthorized] ()
> [Host Controller] 19:37:41,762 FINE [com.sun.net.httpserver] (HttpManagementService-threads - 2) POST /management HTTP/1.1 [200 OK] ()
> [Host Controller] 19:37:41,766 DEBUG [org.jboss.as.controller.management-operation] (HttpManagementService-threads - 1) JBAS014616: Operation ("resolve") failed - address: ([]) - failure description: "JBAS013456: Unauthorized to execute operation 'resolve' for resource '[]' -- \"JBAS013475: Permission denied\""
> [Host Controller] 19:37:41,767 FINE [com.sun.net.httpserver] (HttpManagementService-threads - 1) POST /management HTTP/1.1 [500 Internal Server Error] ()
> [Host Controller] 19:37:41,821 FINE [com.sun.net.httpserver] (HttpManagementService-threads - 1) POST /management HTTP/1.1 [200 OK] ()
> [Host Controller] 19:37:41,852 DEBUG [org.jboss.as.controller.management-operation] (HttpManagementService-threads - 2) JBAS014616: Operation ("composite") failed - address: ([]) - failure description: "JBAS014883: No resource definition is registered for address [
> [Host Controller] (\"host\" => \"master\"),
> [Host Controller] (\"server\" => \"server-two\")
> [Host Controller] ]"
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 9 months