[JBoss JIRA] (WFLY-2496) Concurrent access to ModuleSpecification causes race condition
by Jason Greene (JIRA)
[ https://issues.jboss.org/browse/WFLY-2496?page=com.atlassian.jira.plugin.... ]
Jason Greene commented on WFLY-2496:
------------------------------------
I am not sure its safe for a sub deployment to modify another sub deployments module spec, it might have already created a module. I need to look into this.
> Concurrent access to ModuleSpecification causes race condition
> --------------------------------------------------------------
>
> Key: WFLY-2496
> URL: https://issues.jboss.org/browse/WFLY-2496
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Server
> Affects Versions: 8.0.0.Beta1
> Reporter: Jozef Hartinger
> Assignee: Jason Greene
> Priority: Blocker
> Fix For: 8.0.0.Final
>
>
> [ModuleSpecification|https://github.com/wildfly/wildfly/blob/master/server...] does not use any form of synchronization to protect its mutable state yet may be used from multiple threads in multi-module deployment when a DeploymentUnitProcessor touches ModuleSpecification of a different deployment unit which is processed at that moment.
> Here is an example of such access: https://github.com/wildfly/wildfly/blob/master/jsf/subsystem/src/main/jav...
> Here's how I think this problem manifests:
> {noformat}
> Caused by: java.lang.NullPointerException
> at org.jboss.as.server.deployment.module.ModuleSpecProcessor.createDependencies(ModuleSpecProcessor.java:284) [wildfly-server-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
> at org.jboss.as.server.deployment.module.ModuleSpecProcessor.createModuleService(ModuleSpecProcessor.java:220) [wildfly-server-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
> at org.jboss.as.server.deployment.module.ModuleSpecProcessor.deployModuleSpec(ModuleSpecProcessor.java:125) [wildfly-server-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
> at org.jboss.as.server.deployment.module.ModuleSpecProcessor.deploy(ModuleSpecProcessor.java:88) [wildfly-server-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:159) [wildfly-server-8.0.0.Beta2-SNAPSHOT.jar:8.0.0.Beta2-SNAPSHOT]
> ... 5 more
> {noformat}
> and here's my attempt to verify concurrent access by changing the code slightly to deadlock on concurrent access:
> {noformat}
> "MSC service thread 1-6":
> at sun.misc.Unsafe.park(Native Method)
> - parking to wait for <0x00000000f742ba28> (a java.util.concurrent.locks.ReentrantLock$NonfairSync)
> at java.util.concurrent.locks.LockSupport.park(LockSupport.java:186)
> at java.util.concurrent.locks.AbstractQueuedSynchronizer.parkAndCheckInterrupt(AbstractQueuedSynchronizer.java:834)
> at java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireQueued(AbstractQueuedSynchronizer.java:867)
> at java.util.concurrent.locks.AbstractQueuedSynchronizer.acquire(AbstractQueuedSynchronizer.java:1197)
> at java.util.concurrent.locks.ReentrantLock$NonfairSync.lock(ReentrantLock.java:214)
> at java.util.concurrent.locks.ReentrantLock.lock(ReentrantLock.java:290)
> at org.jboss.as.server.deployment.module.ModuleSpecification.foo(ModuleSpecification.java:170)
> at org.jboss.as.server.deployment.module.ModuleSpecification.addSystemDependency(ModuleSpecification.java:121)
> at org.jboss.as.jsf.deployment.JSFDependencyProcessor.addJSFAPI(JSFDependencyProcessor.java:115)
> at org.jboss.as.jsf.deployment.JSFDependencyProcessor.deploy(JSFDependencyProcessor.java:93)
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:159)
> - locked <0x00000000f69a8e88> (a org.jboss.as.server.deployment.DeploymentUnitPhaseService)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1944)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1877)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:744)
> "MSC service thread 1-3":
> at sun.misc.Unsafe.park(Native Method)
> - parking to wait for <0x00000000f742ba58> (a java.util.concurrent.locks.ReentrantLock$NonfairSync)
> at java.util.concurrent.locks.LockSupport.park(LockSupport.java:186)
> at java.util.concurrent.locks.AbstractQueuedSynchronizer.parkAndCheckInterrupt(AbstractQueuedSynchronizer.java:834)
> at java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireQueued(AbstractQueuedSynchronizer.java:867)
> at java.util.concurrent.locks.AbstractQueuedSynchronizer.acquire(AbstractQueuedSynchronizer.java:1197)
> at java.util.concurrent.locks.ReentrantLock$NonfairSync.lock(ReentrantLock.java:214)
> at java.util.concurrent.locks.ReentrantLock.lock(ReentrantLock.java:290)
> at org.jboss.as.server.deployment.module.ModuleSpecification.foo(ModuleSpecification.java:175)
> at org.jboss.as.server.deployment.module.ModuleSpecification.addSystemDependency(ModuleSpecification.java:121)
> at org.jboss.as.jsf.deployment.JSFDependencyProcessor.addJSFAPI(JSFDependencyProcessor.java:115)
> at org.jboss.as.jsf.deployment.JSFDependencyProcessor.deploy(JSFDependencyProcessor.java:93)
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:159)
> - locked <0x00000000f6782960> (a org.jboss.as.server.deployment.DeploymentUnitPhaseService)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1944)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1877)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:744)
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (WFLY-156) Unable to start jboss AS on windows if installed on path containig non-ascii characters
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-156?page=com.atlassian.jira.plugin.s... ]
Brian Stansberry updated WFLY-156:
----------------------------------
Fix Version/s: (was: 8.0.0.Final)
> Unable to start jboss AS on windows if installed on path containig non-ascii characters
> ----------------------------------------------------------------------------------------
>
> Key: WFLY-156
> URL: https://issues.jboss.org/browse/WFLY-156
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Server
> Environment: windows 2008 x64
> Reporter: Ales Kolenc
> Assignee: Tomaz Cerar
> Priority: Critical
> Fix For: 8.0.0.CR1
>
>
> 1.) Install jboss into a folder containing non-ascii characters. (i.e. "C:\Testチ").
> 2.) run standalone.bat
> C:\Test?\jboss-as-7.1.1.Final\bin>set JAVA_HOME=C:\Program Files\Java\jre7
> C:\Test?\jboss-as-7.1.1.Final\bin>standalone.bat
> Calling "C:\Test?\jboss-as-7.1.1.Final\bin\standalone.conf.bat"
> ===============================================================================
> JBoss Bootstrap Environment
> JBOSS_HOME: C:\Test?\jboss-as-7.1.1.Final
> JAVA: C:\Program Files\Java\jre7\bin\java
> JAVA_OPTS: -XX:+TieredCompilation -Dprogram.name=standalone.bat -Xms64M -Xmx512M -XX:MaxPermSize=256M -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djb
> oss.server.default.config=standalone.xml
> ===============================================================================
> Error: Unable to access jarfile C:\Test?\jboss-as-7.1.1.Final\jboss-modules.jar
> Press any key to continue . . .
> C:\Test?\jboss-as-7.1.1.Final\bin>
> 3.) pleas note that: "Testチ" used in path -> 'チ' does not bellong to system locale code page. E.g.: char 'チ' is in CP 932, system locale code page used 437/1252,..
> 4.) i would also like to add that jboss does not start if it installed in "normal" folder, but JBOSS_CONFIG_DIR && JBOSS_LOG_DIR are set to folder with non-ascii characters:
> c:\test\jboss-as-7.1.1.Final\bin>set JBOSS_LOG_DIR=c:\Test?
> c:\test\jboss-as-7.1.1.Final\bin>set JBOSS_CONFIG_DIR=c:\Test?\configuration
> c:\test\jboss-as-7.1.1.Final\bin>dir %JBOSS_CONFIG_DIR%
> Volume in drive C has no label.
> Volume Serial Number is 2C2F-FA6F
> Directory of c:\Test?\configuration
> 01/04/2013 02:34 AM <DIR> .
> 01/04/2013 02:34 AM <DIR> ..
> 01/04/2013 01:42 AM 634 application-roles.properties
> 01/04/2013 01:42 AM 812 application-users.properties
> 01/04/2013 01:42 AM 2,042 logging.properties
> 01/04/2013 01:42 AM 836 mgmt-users.properties
> 01/04/2013 01:42 AM 27,024 standalone-full-ha.xml
> 01/04/2013 01:42 AM 20,794 standalone-full.xml
> 01/04/2013 01:42 AM 20,358 standalone-ha.xml
> 01/04/2013 01:42 AM 15,372 standalone.xml
> 01/04/2013 02:34 AM <DIR> standalone_xml_history
> 8 File(s) 87,872 bytes
> 3 Dir(s) 20,185,866,240 bytes free
> c:\test\jboss-as-7.1.1.Final\bin>standalone.bat -Djboss.server.config.dir=%JBOSS_CONFIG_DIR%
> Calling "c:\test\jboss-as-7.1.1.Final\bin\standalone.conf.bat"
> ===============================================================================
> JBoss Bootstrap Environment
> JBOSS_HOME: c:\test\jboss-as-7.1.1.Final
> JAVA: C:\Program Files\Java\jre7\bin\java
> JAVA_OPTS: -XX:+TieredCompilation -Dprogram.name=standalone.bat -Xms64M -Xmx512M -XX:MaxPermSize=256M -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djb
> oss.server.default.config=standalone.xml
> ===============================================================================
> Unable to read the logging configuration from 'file:c:\Test?\configuration/logging.properties' (java.io.FileNotFoundException: c:\Test?\configuration\logging.properties (The filename, directory name, or volume label syntax is incorrect))
> java.lang.IllegalStateException: JBAS018701: Configuration directory does not exist: c:\Test?\configuration
> at org.jboss.as.server.ServerEnvironment.<init>(ServerEnvironment.java:371)
> at org.jboss.as.server.Main.determineEnvironment(Main.java:242)
> at org.jboss.as.server.Main.main(Main.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at org.jboss.modules.Module.run(Module.java:260)
> at org.jboss.modules.Main.main(Main.java:291)
> Press any key to continue . . .
> c:\test\jboss-as-7.1.1.Final\bin>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (WFLY-156) Unable to start jboss AS on windows if installed on path containig non-ascii characters
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-156?page=com.atlassian.jira.plugin.s... ]
Brian Stansberry updated WFLY-156:
----------------------------------
Fix Version/s: Awaiting Volunteers
(was: 8.0.0.CR1)
> Unable to start jboss AS on windows if installed on path containig non-ascii characters
> ----------------------------------------------------------------------------------------
>
> Key: WFLY-156
> URL: https://issues.jboss.org/browse/WFLY-156
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Server
> Environment: windows 2008 x64
> Reporter: Ales Kolenc
> Assignee: Tomaz Cerar
> Priority: Critical
> Fix For: Awaiting Volunteers
>
>
> 1.) Install jboss into a folder containing non-ascii characters. (i.e. "C:\Testチ").
> 2.) run standalone.bat
> C:\Test?\jboss-as-7.1.1.Final\bin>set JAVA_HOME=C:\Program Files\Java\jre7
> C:\Test?\jboss-as-7.1.1.Final\bin>standalone.bat
> Calling "C:\Test?\jboss-as-7.1.1.Final\bin\standalone.conf.bat"
> ===============================================================================
> JBoss Bootstrap Environment
> JBOSS_HOME: C:\Test?\jboss-as-7.1.1.Final
> JAVA: C:\Program Files\Java\jre7\bin\java
> JAVA_OPTS: -XX:+TieredCompilation -Dprogram.name=standalone.bat -Xms64M -Xmx512M -XX:MaxPermSize=256M -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djb
> oss.server.default.config=standalone.xml
> ===============================================================================
> Error: Unable to access jarfile C:\Test?\jboss-as-7.1.1.Final\jboss-modules.jar
> Press any key to continue . . .
> C:\Test?\jboss-as-7.1.1.Final\bin>
> 3.) pleas note that: "Testチ" used in path -> 'チ' does not bellong to system locale code page. E.g.: char 'チ' is in CP 932, system locale code page used 437/1252,..
> 4.) i would also like to add that jboss does not start if it installed in "normal" folder, but JBOSS_CONFIG_DIR && JBOSS_LOG_DIR are set to folder with non-ascii characters:
> c:\test\jboss-as-7.1.1.Final\bin>set JBOSS_LOG_DIR=c:\Test?
> c:\test\jboss-as-7.1.1.Final\bin>set JBOSS_CONFIG_DIR=c:\Test?\configuration
> c:\test\jboss-as-7.1.1.Final\bin>dir %JBOSS_CONFIG_DIR%
> Volume in drive C has no label.
> Volume Serial Number is 2C2F-FA6F
> Directory of c:\Test?\configuration
> 01/04/2013 02:34 AM <DIR> .
> 01/04/2013 02:34 AM <DIR> ..
> 01/04/2013 01:42 AM 634 application-roles.properties
> 01/04/2013 01:42 AM 812 application-users.properties
> 01/04/2013 01:42 AM 2,042 logging.properties
> 01/04/2013 01:42 AM 836 mgmt-users.properties
> 01/04/2013 01:42 AM 27,024 standalone-full-ha.xml
> 01/04/2013 01:42 AM 20,794 standalone-full.xml
> 01/04/2013 01:42 AM 20,358 standalone-ha.xml
> 01/04/2013 01:42 AM 15,372 standalone.xml
> 01/04/2013 02:34 AM <DIR> standalone_xml_history
> 8 File(s) 87,872 bytes
> 3 Dir(s) 20,185,866,240 bytes free
> c:\test\jboss-as-7.1.1.Final\bin>standalone.bat -Djboss.server.config.dir=%JBOSS_CONFIG_DIR%
> Calling "c:\test\jboss-as-7.1.1.Final\bin\standalone.conf.bat"
> ===============================================================================
> JBoss Bootstrap Environment
> JBOSS_HOME: c:\test\jboss-as-7.1.1.Final
> JAVA: C:\Program Files\Java\jre7\bin\java
> JAVA_OPTS: -XX:+TieredCompilation -Dprogram.name=standalone.bat -Xms64M -Xmx512M -XX:MaxPermSize=256M -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djb
> oss.server.default.config=standalone.xml
> ===============================================================================
> Unable to read the logging configuration from 'file:c:\Test?\configuration/logging.properties' (java.io.FileNotFoundException: c:\Test?\configuration\logging.properties (The filename, directory name, or volume label syntax is incorrect))
> java.lang.IllegalStateException: JBAS018701: Configuration directory does not exist: c:\Test?\configuration
> at org.jboss.as.server.ServerEnvironment.<init>(ServerEnvironment.java:371)
> at org.jboss.as.server.Main.determineEnvironment(Main.java:242)
> at org.jboss.as.server.Main.main(Main.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at org.jboss.modules.Module.run(Module.java:260)
> at org.jboss.modules.Main.main(Main.java:291)
> Press any key to continue . . .
> c:\test\jboss-as-7.1.1.Final\bin>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (WFLY-2675) Boot (???) deadlock
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-2675?page=com.atlassian.jira.plugin.... ]
Brian Stansberry resolved WFLY-2675.
------------------------------------
Resolution: Done
Resolved with upgrade to MSC 1.2.0.CR2 or later. Master is now on .Final.
> Boot (???) deadlock
> -------------------
>
> Key: WFLY-2675
> URL: https://issues.jboss.org/browse/WFLY-2675
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Domain Management
> Reporter: Brian Stansberry
> Assignee: Brian Stansberry
> Priority: Critical
> Fix For: 8.0.0.Final
>
>
> A deadlock occurred during a testsuite/domain run:
> http://brontes.lab.eng.brq.redhat.com/viewLog.html?buildId=7356&buildType...
> The test hung during domain shutdown:
> {code}
> at org.jboss.as.test.integration.domain.management.util.ProcessWrapper.waitFor(ProcessWrapper.java:97)
> at org.jboss.as.test.integration.domain.management.util.DomainLifecycleUtil.stop(DomainLifecycleUtil.java:312)
> - locked <0xa7ac7318> (a org.jboss.as.test.integration.domain.management.util.DomainLifecycleUtil)
> at org.jboss.as.test.integration.domain.management.util.DomainTestSupport.stop(DomainTestSupport.java:370)
> at org.jboss.as.test.integration.domain.ServerManagementTestCase.tearDownDomain(ServerManagementTestCase.java:116)
> {code}
> It's possible that's just when the test client hung, and the issue may have occurred at some earlier point. On the thread dump of all processes, one of the servers under the slave HC reported this:
> {code}
> Found one Java-level deadlock:
> =============================
> "Controller Boot Thread":
> waiting to lock monitor 0x9a2566e0 (object 0xafdc6028, a org.jboss.msc.service.ServiceControllerImpl),
> which is held by "MSC service thread 1-1"
> "MSC service thread 1-1":
> waiting to lock monitor 0x9a2575b8 (object 0xb014ea70, a java.lang.Object),
> which is held by "Controller Boot Thread"
> Java stack information for the threads listed above:
> ===================================================
> "Controller Boot Thread":
> at org.jboss.msc.service.ServiceControllerImpl.removeMonitorNoCallback(ServiceControllerImpl.java:1486)
> - waiting to lock <0xafdc6028> (a org.jboss.msc.service.ServiceControllerImpl)
> at org.jboss.msc.service.StabilityMonitor.clear(StabilityMonitor.java:175)
> - locked <0xb014ea70> (a java.lang.Object)
> at org.jboss.as.server.BootstrapListener.printBootStatistics(BootstrapListener.java:70)
> at org.jboss.as.server.ServerService.boot(ServerService.java:345)
> at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:256)
> at java.lang.Thread.run(Thread.java:724)
> "MSC service thread 1-1":
> at org.jboss.msc.service.StabilityMonitor.removeControllerNoCallback(StabilityMonitor.java:151)
> - waiting to lock <0xb014ea70> (a java.lang.Object)
> at org.jboss.msc.service.ServiceControllerImpl.transition(ServiceControllerImpl.java:688)
> at org.jboss.msc.service.ServiceControllerImpl$RemoveTask.run(ServiceControllerImpl.java:2267)
> - locked <0xafdc6028> (a org.jboss.msc.service.ServiceControllerImpl)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:724)
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (WFLY-1895) Provide a "default" role for management users with no other role specified
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-1895?page=com.atlassian.jira.plugin.... ]
Brian Stansberry updated WFLY-1895:
-----------------------------------
Fix Version/s: 8.0.1.Final
(was: 8.0.0.Final)
> Provide a "default" role for management users with no other role specified
> --------------------------------------------------------------------------
>
> Key: WFLY-1895
> URL: https://issues.jboss.org/browse/WFLY-1895
> Project: WildFly
> Issue Type: Enhancement
> Security Level: Public(Everyone can see)
> Components: Domain Management, Security
> Reporter: Jakub Cechacek
> Assignee: Brian Stansberry
> Labels: rbac-filed-by-qa
> Fix For: 8.0.1.Final
>
>
> Currently it seems that when using RBAC provider users with no defined role are unable to read domain model at all. Consequently logging into Admin Console leads to 500 error page. Similar errors in CLI.
> In relation to this, it should be considered what is the expected behavior of unsecured management interface.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (WFLY-1895) Provide a "default" role for management users with no other role specified
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-1895?page=com.atlassian.jira.plugin.... ]
Brian Stansberry commented on WFLY-1895:
----------------------------------------
With no security realm configured on the interface and the 'simple' provider chosen, behavior is as expected: anyone can connect and administer.
With no security realm configured on the interface and the 'rbac' provider chosen, console behavior is pretty good. The user gets an unauthorized dialogue with no prompt to authenticate. Minor flaw is that dialogue is dismissed with a button that says "Logout" which in incorrect, since in this case the user didn't log in.
With no security realm configured on the interface and the 'rbac' provider chosen, CLI behavior is not very intuitive. You can connect and you get the [standalone@localhost:9990 /] prompt. But if you attempt to do anything the requires server-side work you get various errors indicating your aren't authorized.
> Provide a "default" role for management users with no other role specified
> --------------------------------------------------------------------------
>
> Key: WFLY-1895
> URL: https://issues.jboss.org/browse/WFLY-1895
> Project: WildFly
> Issue Type: Enhancement
> Security Level: Public(Everyone can see)
> Components: Domain Management, Security
> Reporter: Jakub Cechacek
> Assignee: Brian Stansberry
> Labels: rbac-filed-by-qa
> Fix For: 8.0.0.Final
>
>
> Currently it seems that when using RBAC provider users with no defined role are unable to read domain model at all. Consequently logging into Admin Console leads to 500 error page. Similar errors in CLI.
> In relation to this, it should be considered what is the expected behavior of unsecured management interface.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (WFLY-490) Domain Management Role Based Access Control
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-490?page=com.atlassian.jira.plugin.s... ]
Brian Stansberry resolved WFLY-490.
-----------------------------------
Resolution: Done
> Domain Management Role Based Access Control
> -------------------------------------------
>
> Key: WFLY-490
> URL: https://issues.jboss.org/browse/WFLY-490
> Project: WildFly
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Domain Management, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Blocker
> Labels: Authorization
> Fix For: 8.0.0.Final
>
>
> Implement some coarse permissions for domain operations. Possibly allowing a break down for subsystem, profile, server, server-group - maybe read - write - execute.
> Also consider confidentiality in exchange e.g. Can read metrics over http but must use https to add new server.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (WFLY-1895) Provide a "default" role for management users with no other role specified
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-1895?page=com.atlassian.jira.plugin.... ]
Brian Stansberry updated WFLY-1895:
-----------------------------------
Summary: Provide a "default" role for management users with no other role specified (was: Provide a "default" role for users with no other role specified)
> Provide a "default" role for management users with no other role specified
> --------------------------------------------------------------------------
>
> Key: WFLY-1895
> URL: https://issues.jboss.org/browse/WFLY-1895
> Project: WildFly
> Issue Type: Sub-task
> Security Level: Public(Everyone can see)
> Components: Domain Management, Security
> Reporter: Jakub Cechacek
> Assignee: Brian Stansberry
> Labels: rbac-filed-by-qa
> Fix For: 8.0.0.Final
>
>
> Currently it seems that when using RBAC provider users with no defined role are unable to read domain model at all. Consequently logging into Admin Console leads to 500 error page. Similar errors in CLI.
> In relation to this, it should be considered what is the expected behavior of unsecured management interface.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months