[JBoss JIRA] (WFLY-3079) Wildfly JDK 8
by Tomaz Cerar (JIRA)
[ https://issues.jboss.org/browse/WFLY-3079?page=com.atlassian.jira.plugin.... ]
Tomaz Cerar closed WFLY-3079.
-----------------------------
Resolution: Rejected
> Wildfly JDK 8
> -------------
>
> Key: WFLY-3079
> URL: https://issues.jboss.org/browse/WFLY-3079
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security, Server
> Affects Versions: 8.0.0.Final
> Reporter: Otávio Garcia
> Assignee: Tomaz Cerar
> Labels: jdk8, wildfly
>
> When I start wildfly in standalone mode I got this error.
> {noformat}
> 02:55:28,938 ERROR [org.xnio.listener] (XNIO-1 I/O-2) XNIO001007: A channel event listener threw an exception: java.lang.NoClassDefFoundError: Could not initialize class sun.security.ec.CurveDB
> at sun.security.ec.SunECEntries.putEntries(SunECEntries.java:72)
> at sun.security.ec.SunEC.<init>(SunEC.java:76)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0]
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0]
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0]
> at java.lang.reflect.Constructor.newInstance(Constructor.java:408) [rt.jar:1.8.0]
> at java.lang.Class.newInstance(Class.java:433) [rt.jar:1.8.0]
> at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:221) [rt.jar:1.8.0]
> at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206) [rt.jar:1.8.0]
> at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0]
> at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206) [rt.jar:1.8.0]
> at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187) [rt.jar:1.8.0]
> at sun.security.jca.ProviderList.loadAll(ProviderList.java:282) [rt.jar:1.8.0]
> at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:299) [rt.jar:1.8.0]
> at sun.security.jca.Providers.getFullProviderList(Providers.java:173) [rt.jar:1.8.0]
> at java.security.Security.getProviders(Security.java:452) [rt.jar:1.8.0]
> at org.xnio.sasl.SaslUtils.getFactories(SaslUtils.java:121) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> at org.xnio.sasl.SaslUtils.getSaslServerFactories(SaslUtils.java:75) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.initialiseCapabilities(ServerConnectionOpenListener.java:165) [jboss-remoting-4.0.0.Final.jar:4.0.0.Final]
> at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.sendCapabilities(ServerConnectionOpenListener.java:413) [jboss-remoting-4.0.0.Final.jar:4.0.0.Final]
> at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:260) [jboss-remoting-4.0.0.Final.jar:4.0.0.Final]
> at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:139) [jboss-remoting-4.0.0.Final.jar:4.0.0.Final]
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:196) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:110) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:87)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:531)
> 02:55:34,171 ERROR [org.xnio.listener] (XNIO-1 I/O-1) XNIO001007: A channel event listener threw an exception: java.lang.NoClassDefFoundError: Could not initialize class sun.security.ec.CurveDB
> at sun.security.ec.SunECEntries.putEntries(SunECEntries.java:72)
> at sun.security.ec.SunEC.<init>(SunEC.java:76)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0]
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0]
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0]
> at java.lang.reflect.Constructor.newInstance(Constructor.java:408) [rt.jar:1.8.0]
> at java.lang.Class.newInstance(Class.java:433) [rt.jar:1.8.0]
> at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:221) [rt.jar:1.8.0]
> at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206) [rt.jar:1.8.0]
> at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0]
> at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206) [rt.jar:1.8.0]
> at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187) [rt.jar:1.8.0]
> at sun.security.jca.ProviderList.loadAll(ProviderList.java:282) [rt.jar:1.8.0]
> at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:299) [rt.jar:1.8.0]
> at sun.security.jca.Providers.getFullProviderList(Providers.java:173) [rt.jar:1.8.0]
> at java.security.Security.getProviders(Security.java:452) [rt.jar:1.8.0]
> at org.xnio.sasl.SaslUtils.getFactories(SaslUtils.java:121) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> at org.xnio.sasl.SaslUtils.getSaslServerFactories(SaslUtils.java:75) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.initialiseCapabilities(ServerConnectionOpenListener.java:165) [jboss-remoting-4.0.0.Final.jar:4.0.0.Final]
> at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.sendCapabilities(ServerConnectionOpenListener.java:413) [jboss-remoting-4.0.0.Final.jar:4.0.0.Final]
> at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:260) [jboss-remoting-4.0.0.Final.jar:4.0.0.Final]
> at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:139) [jboss-remoting-4.0.0.Final.jar:4.0.0.Final]
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.2.0.Final.jar:3.2.0.Final]
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years
[JBoss JIRA] (JBJCA-1159) ConnectionListener leaked if TSR throws IllegalStateException
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/JBJCA-1159?page=com.atlassian.jira.plugin... ]
RH Bugzilla Integration commented on JBJCA-1159:
------------------------------------------------
Carlo de Wolf <cdewolf(a)redhat.com> changed the Status of [bug 1088469|https://bugzilla.redhat.com/show_bug.cgi?id=1088469] from POST to MODIFIED
> ConnectionListener leaked if TSR throws IllegalStateException
> -------------------------------------------------------------
>
> Key: JBJCA-1159
> URL: https://issues.jboss.org/browse/JBJCA-1159
> Project: IronJacamar
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.0.24.Final, 1.1.4.Final
> Environment: AS7 EAP6.1
> Reporter: Koen Janssens
> Assignee: Jesper Pedersen
> Priority: Blocker
> Fix For: 1.0.25.Final, 1.1.5.Final, 1.2.0.Beta1
>
>
> When a connection is retrieved from the MCP, ironjacamar will register it to ongoing JTA transaction. However, if the ongoing TX is not 'active' anymore the connection is lost.
> The code of AbstractPool demonstrates the problem. The call to getLock will throw an exception if the current TX is not active anymore and the cl is not returned to the pool.
> This issue can be reproduced on AS7 by using any EJB that requires a tx and does something with a DB connection. Put a breakpoint in the code below after retrieving the connectionlistener, and then wait for the transaction to timeout. Once that's done, continue the thread. The connection is not release (can be seen in JMX)
> We have noticed this problem regularly during our performance tests.
> {code}
> ConnectionListener cl = mcp.getConnection(subject, cri);
> if (trace)
> log.tracef("Got connection from pool tracked by transaction=%s tx=%s", cl, trackByTransaction);
> TransactionSynchronizationRegistry tsr = getTransactionSynchronizationRegistry();
> Lock lock = getLock();
> try
> {
> lock.lockInterruptibly();
> }
> catch (InterruptedException ie)
> {
> Thread.interrupted();
> throw new ResourceException(bundle.unableObtainLock(), ie);
> }
> {code}
> It seems this issue was introduced by changes done for https://issues.jboss.org/browse/JBJCA-572
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years
[JBoss JIRA] (SECURITY-640) Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/SECURITY-640?page=com.atlassian.jira.plug... ]
RH Bugzilla Integration commented on SECURITY-640:
--------------------------------------------------
Carlo de Wolf <cdewolf(a)redhat.com> changed the Status of [bug 1085503|https://bugzilla.redhat.com/show_bug.cgi?id=1085503] from POST to MODIFIED
> Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.
> ------------------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-640
> URL: https://issues.jboss.org/browse/SECURITY-640
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Environment: Active Directory Winwos 2003, Client Machine windows XP, Jboss Server Machine Window XP and Jboss 6.1
> Reporter: Hrishi Salvi
> Assignee: Derek Horton
> Fix For: Negotiation_2_2_8, Negotiation_2_3_0_CR2
>
>
> We are trying to configure the single sign on using jboss negotiation.
> We are able to login successfully if the user is present in active directory.
> But in case if user is not present in active directory users, it throw 401 error page.
> Instead of 401 we want user to access login form and authenticate user using different login module.
> In our case we have login page we authenticate user on that page.
> If we receive user credentials we login the user without asking for password.
> Now if the user credentials are not received then we want user to open login form present
> on login page, but before that is throws 401 error.
> We have configure the login-config.xml, web.xml and jboss-web.xml as per the documentation.
> Also defined
> <web-resource-collection>
> <web-resource-name>Restricted</web-resource-name>
> <url-pattern>/Request</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> in web.xml
> Our application is access through Request servlet.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years
[JBoss JIRA] (JBJCA-1161) NPE in SemaphoreArrayListManagedConnectionPool
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/JBJCA-1161?page=com.atlassian.jira.plugin... ]
RH Bugzilla Integration commented on JBJCA-1161:
------------------------------------------------
Carlo de Wolf <cdewolf(a)redhat.com> changed the Status of [bug 1088469|https://bugzilla.redhat.com/show_bug.cgi?id=1088469] from POST to MODIFIED
> NPE in SemaphoreArrayListManagedConnectionPool
> ----------------------------------------------
>
> Key: JBJCA-1161
> URL: https://issues.jboss.org/browse/JBJCA-1161
> Project: IronJacamar
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.0.25.Final
> Reporter: Jesper Pedersen
> Assignee: Jesper Pedersen
> Priority: Blocker
> Fix For: 1.0.26.Final
>
>
> {noformat}
> at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.doDestroy(SemaphoreArrayListManagedConnectionPool.java:866)
> at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:312)
> at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:404)
> {noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years
[JBoss JIRA] (SECURITY-815) NegotiationAuthenticator loses post data
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/SECURITY-815?page=com.atlassian.jira.plug... ]
RH Bugzilla Integration commented on SECURITY-815:
--------------------------------------------------
Carlo de Wolf <cdewolf(a)redhat.com> changed the Status of [bug 1085504|https://bugzilla.redhat.com/show_bug.cgi?id=1085504] from POST to MODIFIED
> NegotiationAuthenticator loses post data
> ----------------------------------------
>
> Key: SECURITY-815
> URL: https://issues.jboss.org/browse/SECURITY-815
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Affects Versions: Negotiation_2_2_5
> Reporter: Derek Horton
> Assignee: Darran Lofthouse
> Fix For: Negotiation_2_2_8, Negotiation_2_3_0_CR2
>
>
> The NegotiationAuthenticator loses post data.
> A customer is attempting to use Negotiation along with PicketLink at the IDP. This works fine as long as the SP is using HTTP-Redirect SAML binding.
> If the SP is using HTTP-Redirect, then this issue is avoided as the SAMLRequest is passed along through the redirects on the URL.
> If the HTTP-POST binding is used, then the NegotiationAuthenticator will lose the SAMLRequest post parameter. This means that after a user is successfully authenticated, the IDP will not know where to redirect the user to. As a result, the user will be left at the IDP index.html page.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years
[JBoss JIRA] (SECURITY-803) SecureIdentityLoginModule (and ConfiguredIdentityLoginModule) results are not cached by the JAAS cache
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/SECURITY-803?page=com.atlassian.jira.plug... ]
RH Bugzilla Integration commented on SECURITY-803:
--------------------------------------------------
Carlo de Wolf <cdewolf(a)redhat.com> changed the Status of [bug 1069886|https://bugzilla.redhat.com/show_bug.cgi?id=1069886] from POST to MODIFIED
> SecureIdentityLoginModule (and ConfiguredIdentityLoginModule) results are not cached by the JAAS cache
> ------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-803
> URL: https://issues.jboss.org/browse/SECURITY-803
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: PicketBox
> Affects Versions: PicketBox_4_0_19.Final
> Reporter: Derek Horton
> Assignee: Stefan Guilhen
> Attachments: SECURITY-803.patch
>
>
> In EAP 6, when using the SecureIdentityLoginModule to encrypt datasource passwords, the results are not cached by the JAAS cache. In EAP 5, the results are cached. This can lead to a performance issue.
> The root cause appears to be that the EAP 6 JAAS cache does not allow for a JAAS cache key to be null.
> The issue only occurs when the application that uses the datasource is not secured. In this situation, the principal is null when isValid() and updateCache() are called. When the application is secured, the results are cached. I think it is working because the result of the SecureIdentityLoginModule are cached using the authenticated user's principal as the cache key.
> Workaround:
> Use vault for encrypting the database password. This does not use a JAAS login module so the JAAS cache and login module are completely avoided.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years