[JBoss JIRA] (WFLY-3050) '=' character removed from request cookie
by roy mizrachi (JIRA)
[ https://issues.jboss.org/browse/WFLY-3050?page=com.atlassian.jira.plugin.... ]
roy mizrachi edited comment on WFLY-3050 at 3/20/14 6:26 AM:
-------------------------------------------------------------
There should add "allow-equals-in-cookie-value" attribute to wildfly-undertow_1_0.xsd under http-listener.
The options already exists in io.undertow.UndertowOptions.
Will this be fixed in the near future and is there a bypass for this for final version?
This issue is a major issue and prevent me to migrate to jboss.
By the way the issue does not exists in wildfly 8 beta 1
Thanks
was (Author: roim):
Will this be fixed in the near future and is there a bypass for this for final version?
This issue is a major issue and prevent me to migrate to jboss.
By the way the issue does not exists in wildfly 8 beta 1
Thanks
> '=' character removed from request cookie
> ------------------------------------------
>
> Key: WFLY-3050
> URL: https://issues.jboss.org/browse/WFLY-3050
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (Undertow)
> Affects Versions: 8.0.0.Final
> Environment: windows 7
> Reporter: roy mizrachi
> Assignee: Stuart Douglas
>
> I'm saving encrypted user token in session cookie:
> Cookie: JCORESESSIONID=aes256$/tew4VVsfdJ32iUX1AOqBGRb717TJC9KkejjAPl6BIAG6kCP4beSraL51eQG2iu5bV9uT3OsubXUcjO+sG2lYNWbu5NliQd361oUz2Yl4LQ=
> The problem is that in the server i see that the '=' character is removed hence i cannot decrypt it.
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 1 month
[JBoss JIRA] (WFLY-2658) (-Djboss.dist) jboss.dist property is not correctly propagated using -Djboss.dist
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-2658?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration commented on WFLY-2658:
-----------------------------------------------
Pavel Jelinek <pjelinek(a)redhat.com> changed the Status of [bug 1078701|https://bugzilla.redhat.com/show_bug.cgi?id=1078701] from NEW to POST
> (-Djboss.dist) jboss.dist property is not correctly propagated using -Djboss.dist
> ---------------------------------------------------------------------------------
>
> Key: WFLY-2658
> URL: https://issues.jboss.org/browse/WFLY-2658
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Test Suite
> Affects Versions: 8.0.0.Beta1
> Reporter: Ondrej Lukas
> Assignee: Ondrej Zizka
>
> This JIRA is clone of bz-970610 (https://bugzilla.redhat.com/show_bug.cgi?id=970610)
> When I run testsuite of EAP 6.1.0 using command [1], where JBOSS_HOME is a path EAP 6.1.0, the manualmode tests fail with error [2]:
> It uses path defined in jboss.dist property defined in testsuite/integration/pom.xml instead of the one provided -Djboss.dist which should redefine it.
> [1] ./integration-tests.sh -Dpublic-repos -DallTests -Dmaven.repo.local=${MAVEN_REPO_LOCAL} -Djboss.dist=${JBOSS_HOME} -Dmaven.test.failure.ignore=true -Dsurefire.forked.process.timeout=3600
> [2]
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.7-redhat-1:run (build-manual-mode-servers) on project jboss-as-ts-integ-manualmode: An Ant BuildException has occured: The following error occurred while executing this line:
> [ERROR] /mnt/hudson_workspace/workspace/eap-60-as-testsuite-one-offs-rhatlapa/jboss-eap-6.1-src/testsuite/integration/src/test/scripts/manualmode-build.xml:52: /mnt/hudson_workspace/workspace/eap-60-as-testsuite-one-offs-rhatlapa/jboss-eap-6.1-src/build/target/jboss-as-7.2.0.Final-redhat-8/modules does not exist.
> [ERROR] around Ant part ...<ant antfile="/mnt/hudson_workspace/workspace/eap-60-as-testsuite-one-offs-rhatlapa/jboss-eap-6.1-src/testsuite/integration/manualmode/../src/test/scripts/manualmode-build.xml">... @ 4:180 in /mnt/hudson_workspace/workspace/eap-60-as-testsuite-one-offs-rhatlapa/jboss-eap-6.1-src/testsuite/integration/manualmode/target/antrun/build-main.xml
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 1 month
[JBoss JIRA] (SECURITY-808) Password not passed into DatabaseServerLoginModule
by Stefan Eder (JIRA)
Stefan Eder created SECURITY-808:
------------------------------------
Summary: Password not passed into DatabaseServerLoginModule
Key: SECURITY-808
URL: https://issues.jboss.org/browse/SECURITY-808
Project: PicketBox
Issue Type: Bug
Security Level: Public (Everyone can see)
Environment: WildFly8 on Windows 7 64-bit
Reporter: Stefan Eder
Assignee: Stefan Guilhen
Priority: Critical
Trying to migrate an application to WildFly (from AS6.1) the migration went pretty smooth except for using the security domain.
The application uses a the ClientLoginModule on the client side and the DatabaseserverLoginModule on the server side.
Though the DatabaseServerLoginModule is called the validation of the password fails. I debugged it and the reason seems to be that in {{org.jboss.security.auth.callback.JBossCallbackHandler.getPassword()}} a {{org.jboss.as.security.remoting.RemotingConnectionCredential@22341334}} is not handled and hence instead of a password the String {{org.jboss.as.security.remoting.RemotingConnectionCredential@22341334}} is passed through to the DatabaseLoginModule.
See also [DatabaseServerLoginModule broken?|https://community.jboss.org/message/863295] and the related posts
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 1 month
[JBoss JIRA] (WFLY-3050) '=' character removed from request cookie
by roy mizrachi (JIRA)
[ https://issues.jboss.org/browse/WFLY-3050?page=com.atlassian.jira.plugin.... ]
roy mizrachi commented on WFLY-3050:
------------------------------------
Will this be fixed in the near future and is there a bypass for this for final version?
This issue is a major issue and prevent me to migrate to jboss.
By the way the issue does not exists in wildfly 8 beta 1
Thanks
> '=' character removed from request cookie
> ------------------------------------------
>
> Key: WFLY-3050
> URL: https://issues.jboss.org/browse/WFLY-3050
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (Undertow)
> Affects Versions: 8.0.0.Final
> Environment: windows 7
> Reporter: roy mizrachi
> Assignee: Stuart Douglas
>
> I'm saving encrypted user token in session cookie:
> Cookie: JCORESESSIONID=aes256$/tew4VVsfdJ32iUX1AOqBGRb717TJC9KkejjAPl6BIAG6kCP4beSraL51eQG2iu5bV9uT3OsubXUcjO+sG2lYNWbu5NliQd361oUz2Yl4LQ=
> The problem is that in the server i see that the '=' character is removed hence i cannot decrypt it.
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 1 month
[JBoss JIRA] (WFLY-2658) (-Djboss.dist) jboss.dist property is not correctly propagated using -Djboss.dist
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-2658?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration updated WFLY-2658:
------------------------------------------
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=970610, https://bugzilla.redhat.com/show_bug.cgi?id=1078701 (was: https://bugzilla.redhat.com/show_bug.cgi?id=970610)
> (-Djboss.dist) jboss.dist property is not correctly propagated using -Djboss.dist
> ---------------------------------------------------------------------------------
>
> Key: WFLY-2658
> URL: https://issues.jboss.org/browse/WFLY-2658
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Test Suite
> Affects Versions: 8.0.0.Beta1
> Reporter: Ondrej Lukas
> Assignee: Ondrej Zizka
>
> This JIRA is clone of bz-970610 (https://bugzilla.redhat.com/show_bug.cgi?id=970610)
> When I run testsuite of EAP 6.1.0 using command [1], where JBOSS_HOME is a path EAP 6.1.0, the manualmode tests fail with error [2]:
> It uses path defined in jboss.dist property defined in testsuite/integration/pom.xml instead of the one provided -Djboss.dist which should redefine it.
> [1] ./integration-tests.sh -Dpublic-repos -DallTests -Dmaven.repo.local=${MAVEN_REPO_LOCAL} -Djboss.dist=${JBOSS_HOME} -Dmaven.test.failure.ignore=true -Dsurefire.forked.process.timeout=3600
> [2]
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.7-redhat-1:run (build-manual-mode-servers) on project jboss-as-ts-integ-manualmode: An Ant BuildException has occured: The following error occurred while executing this line:
> [ERROR] /mnt/hudson_workspace/workspace/eap-60-as-testsuite-one-offs-rhatlapa/jboss-eap-6.1-src/testsuite/integration/src/test/scripts/manualmode-build.xml:52: /mnt/hudson_workspace/workspace/eap-60-as-testsuite-one-offs-rhatlapa/jboss-eap-6.1-src/build/target/jboss-as-7.2.0.Final-redhat-8/modules does not exist.
> [ERROR] around Ant part ...<ant antfile="/mnt/hudson_workspace/workspace/eap-60-as-testsuite-one-offs-rhatlapa/jboss-eap-6.1-src/testsuite/integration/manualmode/../src/test/scripts/manualmode-build.xml">... @ 4:180 in /mnt/hudson_workspace/workspace/eap-60-as-testsuite-one-offs-rhatlapa/jboss-eap-6.1-src/testsuite/integration/manualmode/target/antrun/build-main.xml
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 1 month
[JBoss JIRA] (WFLY-1547) deploy directories not cleaned up
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-1547?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration updated WFLY-1547:
------------------------------------------
Bugzilla Update: Perform
> deploy directories not cleaned up
> ---------------------------------
>
> Key: WFLY-1547
> URL: https://issues.jboss.org/browse/WFLY-1547
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: 8.0.0.Alpha1
> Reporter: Shaun Appleton
> Assignee: jaikiran pai
> Fix For: 8.0.0.Beta1
>
> Attachments: deployment_with_hack_no_hook.txt
>
>
> JBoss EAP 6.0.0 (and 6.0.1.ER3) doesn't clean up it's tmp/vfs directories.
> The following reproduces this -
> i) ensure run.conf has the -Xrs set
> ii) ensure deployments has a deployable .ear in it
> iii) ./run standalone.sh and allow the deployments to deploy
> iv) stop the EAP process ie kill <process_id>
> v) observe content tmp/vfs
> (The -Xrs parameter is used to "-Xrs" to prevent possible interference when JVM is running as a service and receives CTRL_LOGOFF_EVENT or SIGHUP)
> This will eventually cause problems with lack of disk space.
> Note if the -Xrs parameter content is removed but the tmp/vfs dirs stills exist. This could potentially cause inode problems.
> It would be better if there were any additional code so the temp dirs are cleaned up on start up. That would resolve both the -Xrs problem and the excessive dir creation.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 1 month
[JBoss JIRA] (AS7-1509) JSP subsystem configurations lost during marshalling
by no boundaries ! (JIRA)
[ https://issues.jboss.org/browse/AS7-1509?page=com.atlassian.jira.plugin.s... ]
no boundaries ! commented on AS7-1509:
--------------------------------------
$JBOSS_HOME$\standalone\configuration\standalone.xml
> JSP subsystem configurations lost during marshalling
> -----------------------------------------------------
>
> Key: AS7-1509
> URL: https://issues.jboss.org/browse/AS7-1509
> Project: Application Server 7
> Issue Type: Bug
> Components: Web
> Environment: AS7 upstream
> Reporter: jaikiran pai
> Assignee: jaikiran pai
> Fix For: 7.0.1.Final
>
>
> If the web subsystem is configured with the jsp configuration:
> {code}
> <configuration>
> <jsp-configuration development="true"/>
> </configuration>
> {code}
> and some management operation is carried out like deploying some application, the entire "configuration" element is lost from the xml file during marshalling.
> Please see the referenced forum thread for details
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 1 month
[JBoss JIRA] (WFLY-3137) logging errors in destroying a requestscoped entitymanager
by Stuart Douglas (JIRA)
[ https://issues.jboss.org/browse/WFLY-3137?page=com.atlassian.jira.plugin.... ]
Stuart Douglas commented on WFLY-3137:
--------------------------------------
The entity manager is a container managed transaction scoped entity manager, calling close will result in an error.
All you really need is:
@PersistenceContext(unitName = mydatasource)
@Produces
@MyEm
private EntityManager em;
The EM is automatically closed at transaction commit/rollback time.
> logging errors in destroying a requestscoped entitymanager
> ----------------------------------------------------------
>
> Key: WFLY-3137
> URL: https://issues.jboss.org/browse/WFLY-3137
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: CDI / Weld
> Affects Versions: 8.0.0.Final
> Environment: window 7 64bits, javaee 1.7
> Reporter: Richard Yang
> Assignee: Stuart Douglas
>
> I have a simple producer for a requestscoped entitymanager:
> @PersistenceContext(unitName = mydatasource)
> private EntityManager em;
> @Produces
> @myEM
> @RequestScoped
> protected EntityManager createEntityManager() {
> return em;
> }
> protected void closeEntityManager(
> @Disposes @myEM EntityManager entityManager) {
> if (entityManager.isOpen()) {
> entityManager.close();
> }
> }
> I inject this to applicationScoped bean. In the log, I see for each close of entityManager, wildfly logs an error:
> WELD-000019: Error destroying an instance org.jboss.as.jpa.container.TransactionScopedEntityManager@7c213180 of Producer Method [EntityManager] with qualifiers [@myEM @Any] declared as [[BackedAnnotatedMethod] @Produces @myEM @RequestScoped protected createEntityManager()]
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 1 month
[JBoss JIRA] (WFLY-3137) logging errors in destroying a requestscoped entitymanager
by Stuart Douglas (JIRA)
[ https://issues.jboss.org/browse/WFLY-3137?page=com.atlassian.jira.plugin.... ]
Stuart Douglas resolved WFLY-3137.
----------------------------------
Resolution: Rejected
> logging errors in destroying a requestscoped entitymanager
> ----------------------------------------------------------
>
> Key: WFLY-3137
> URL: https://issues.jboss.org/browse/WFLY-3137
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: CDI / Weld
> Affects Versions: 8.0.0.Final
> Environment: window 7 64bits, javaee 1.7
> Reporter: Richard Yang
> Assignee: Stuart Douglas
>
> I have a simple producer for a requestscoped entitymanager:
> @PersistenceContext(unitName = mydatasource)
> private EntityManager em;
> @Produces
> @myEM
> @RequestScoped
> protected EntityManager createEntityManager() {
> return em;
> }
> protected void closeEntityManager(
> @Disposes @myEM EntityManager entityManager) {
> if (entityManager.isOpen()) {
> entityManager.close();
> }
> }
> I inject this to applicationScoped bean. In the log, I see for each close of entityManager, wildfly logs an error:
> WELD-000019: Error destroying an instance org.jboss.as.jpa.container.TransactionScopedEntityManager@7c213180 of Producer Method [EntityManager] with qualifiers [@myEM @Any] declared as [[BackedAnnotatedMethod] @Produces @myEM @RequestScoped protected createEntityManager()]
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 1 month