April 2014 - jboss-jira - Jboss List Archives

[JBoss JIRA] (SECURITY-267) Review any MIC verification is being performed as required.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-267?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-267: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > Review any MIC verification is being performed as required. > ----------------------------------------------------------- > > Key: SECURITY-267 > URL: https://issues.jboss.org/browse/SECURITY-267 > Project: PicketBox > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Negotiation > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-538) Document the AdvancedADLoginModule

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-538?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-538: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > Document the AdvancedADLoginModule > ---------------------------------- > > Key: SECURITY-538 > URL: https://issues.jboss.org/browse/SECURITY-538 > Project: PicketBox > Issue Type: Task > Security Level: Public(Everyone can see) > Reporter: Darran Lofthouse > Assignee: Anil Saldhana > Fix For: Negotiation_2_1_7 > > > The AdvancedADLoginModule was added to allow the users primary group to be identified, documentation needs to be added on the use of this login module. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-473) Add documentation for IBM JRE

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-473?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-473: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > Add documentation for IBM JRE > ----------------------------- > > Key: SECURITY-473 > URL: https://issues.jboss.org/browse/SECURITY-473 > Project: PicketBox > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Documentation, Negotiation > Affects Versions: Negotiation_2.0.3.SP2 > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > > Add documentation for IBM JRE > http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rz... > http://www.ibm.com/developerworks/java/jdk/security/50/secguides/jgssDocs... > Example: - > <application-policy name="host-ibm"> > <authentication> > <login-module code="com.ibm.security.auth.module.Krb5LoginModule" > flag="required"> > <module-option name="useKeytab">file:///home/darranl/src/negotiation-as/jboss-5.1.0.GA-vm137/bin/service.keytab</module-option> > <module-option name="principal">host/testserver(a)VM137DOMAIN.GSSLAB</module-option> > <module-option name="credsType">both</module-option> > > <module-option name="debug">false</module-option> > </login-module> > </authentication> > </application-policy> > Also see JBAS-4969 the property jboss.security.disable.secdomain.option=true needs to be set. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-457) User guide builds incorrectly using Java 6

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-457?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-457: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > User guide builds incorrectly using Java 6 > ------------------------------------------ > > Key: SECURITY-457 > URL: https://issues.jboss.org/browse/SECURITY-457 > Project: PicketBox > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Negotiation > Affects Versions: Negotiation_2.0.3.SP2 > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > > The user guide builds incorrectly running Java 6, however Java 5 still works as expected. > Suspect XML parsing differences, documentation should be updated to work with Java 6. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-357) Add Active Directory Debugging to User Guide

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-357?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-357: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > Add Active Directory Debugging to User Guide > -------------------------------------------- > > Key: SECURITY-357 > URL: https://issues.jboss.org/browse/SECURITY-357 > Project: PicketBox > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Negotiation > Affects Versions: Negotiation_2.0.3.GA > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > > Reference the following article which describes how to add additional event logging: - > http://support.microsoft.com/default.aspx?scid=kb;en-us;314980&sd=tech -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-824) Release JBoss Negotiation 2.1.6

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-824?page=com.atlassian.jira.plug... ] Darran Lofthouse resolved SECURITY-824. --------------------------------------- Resolution: Done > Release JBoss Negotiation 2.1.6 > ------------------------------- > > Key: SECURITY-824 > URL: https://issues.jboss.org/browse/SECURITY-824 > Project: PicketBox > Issue Type: Release > Security Level: Public(Everyone can see) > Components: Negotiation > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: Negotiation_2_1_6 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-573) Improve handling of IOException thrown from NegotiationAuthenticator

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-573?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-573: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > Improve handling of IOException thrown from NegotiationAuthenticator > -------------------------------------------------------------------- > > Key: SECURITY-573 > URL: https://issues.jboss.org/browse/SECURITY-573 > Project: PicketBox > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Negotiation > Affects Versions: Negotiation_2.0.3.GA > Environment: JBoss EPP 5.1.GA with SPNEGO support, JBoss Negotiation 2.0.3, commons-http-client 3.1 used as HTTP client > Reporter: Marek Posolda > Assignee: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > > Currently if IOException is thrown from NegotiationAuthenticator (For example from line 123 from statement: NegotiationMessage requestMessage = mf.createMessage(authTokenIS); ) > then this exception is never logged but it's catched and ignored in CoyoteAdapter.service. Result is that client receives response code 200 OK and emtpy HTTP response. And there is nothing in server log, which can be used to recognize error. So I need to debug if I want to find the real cause of IO issue. > Example for simulating of this issue can be using of Kerberos OID instead of SPNEGO OID as described in Jira SECURITY-572 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-3281) Cannot call getOutputStream(), getWriter() already called

by Jakob Munih (JIRA)

[ https://issues.jboss.org/browse/WFLY-3281?page=com.atlassian.jira.plugin.... ] Jakob Munih resolved WFLY-3281. ------------------------------- Fix Version/s: 8.1.0.Final Resolution: Done With the last the update of CXF to 2.7.11 which resolves CXF-5620 in master, the exception has gone. > Cannot call getOutputStream(), getWriter() already called > --------------------------------------------------------- > > Key: WFLY-3281 > URL: https://issues.jboss.org/browse/WFLY-3281 > Project: WildFly > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Web (Undertow) > Affects Versions: 8.1.0.CR1 > Environment: linux > Reporter: Jakob Munih > Assignee: Stuart Douglas > Priority: Minor > Fix For: 8.1.0.Final > > > Similar to WFL-1276 I got “UT005023: Exception handling request to /hsb/web-services/: java.lang.IllegalStateException: UT010005: Cannot call getOutputStream(), getWriter() already called” when accessing CXFNonSpringServlet servlet that shows all web services deployed with ApacheCamel 2.13.0. The exception is was not present in WF 8.0. Even with the exception the servlet renders all available service correctly. > Servlet: > {code} > import com.parsek.hsb.commons.Hsb; > import org.apache.cxf.Bus; > import org.apache.cxf.transport.servlet.CXFNonSpringServlet; > import javax.inject.Inject; > import javax.servlet.ServletConfig; > import javax.servlet.ServletException; > import javax.servlet.annotation.WebServlet; > // reuse camel bus > @WebServlet(value = "/web-services/*", name = "HsbWebServices", asyncSupported = true, loadOnStartup = 1) > public class ExposeCxf extends CXFNonSpringServlet { > @Hsb > @Inject > private Bus bus; > @Override > public void init(ServletConfig sc) throws ServletException { > setBus(bus); > super.init(sc); > } > } > {code} > Exception > {noformat} > 11:12:05,900 ERROR [io.undertow.request] (default task-11) UT005023: Exception handling request to /hsb/web-services/: java.lang.IllegalStateException: UT010005: Cannot call getOutputStream(), getWriter() already called > at io.undertow.servlet.spec.HttpServletResponseImpl.getOutputStream(HttpServletResponseImpl.java:283) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at org.apache.cxf.transport.servlet.servicelist.ServiceListGeneratorServlet.renderStyleSheet(ServiceListGeneratorServlet.java:174) [cxf-rt-transports-http-2.7.10.jar:2.7.10] > at org.apache.cxf.transport.servlet.servicelist.ServiceListGeneratorServlet.service(ServiceListGeneratorServlet.java:89) [cxf-rt-transports-http-2.7.10.jar:2.7.10] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final] > at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:170) [cxf-rt-transports-http-2.7.10.jar:2.7.10] > at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153) [cxf-rt-transports-http-2.7.10.jar:2.7.10] > at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:167) [cxf-rt-transports-http-2.7.10.jar:2.7.10] > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286) [cxf-rt-transports-http-2.7.10.jar:2.7.10] > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:211) [cxf-rt-transports-http-2.7.10.jar:2.7.10] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final] > at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262) [cxf-rt-transports-http-2.7.10.jar:2.7.10] > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.5.Final.jar:1.0.5.Final] > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168) [undertow-core-1.0.5.Final.jar:1.0.5.Final] > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.5.Final.jar:1.0.5.Final] > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0] > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0] > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.8.0] > {noformat} > {code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (JBJCA-1110) Pool statistics are not cleared

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/JBJCA-1110?page=com.atlassian.jira.plugin... ] RH Bugzilla Integration commented on JBJCA-1110: ------------------------------------------------ Lin Gao <lgao(a)redhat.com> changed the Status of [bug 1088469|https://bugzilla.redhat.com/show_bug.cgi?id=1088469] from ASSIGNED to POST > Pool statistics are not cleared > ------------------------------- > > Key: JBJCA-1110 > URL: https://issues.jboss.org/browse/JBJCA-1110 > Project: IronJacamar > Issue Type: Bug > Components: Core > Affects Versions: 1.0.19.Final > Reporter: Koen Janssens > Assignee: Jesper Pedersen > Fix For: 1.1.2.Final > > > Invoking the 'clear statistics' JMX method on a connection pool has no effect. > Quite annoying since it forces me to restart to get a useful value for the 'average' values such as 'averageblockingtime' > Better implement the method or don't provide a clear method at all. > Today, org.jboss.jca.core.connectionmanager.pool.mcp.ManagedConnectionPoolStatisticsImpl#clear is a no-op... -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (JBJCA-1161) NPE in SemaphoreArrayListManagedConnectionPool

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/JBJCA-1161?page=com.atlassian.jira.plugin... ] RH Bugzilla Integration commented on JBJCA-1161: ------------------------------------------------ Lin Gao <lgao(a)redhat.com> changed the Status of [bug 1088469|https://bugzilla.redhat.com/show_bug.cgi?id=1088469] from ASSIGNED to POST > NPE in SemaphoreArrayListManagedConnectionPool > ---------------------------------------------- > > Key: JBJCA-1161 > URL: https://issues.jboss.org/browse/JBJCA-1161 > Project: IronJacamar > Issue Type: Bug > Components: Core > Affects Versions: 1.0.25.Final > Reporter: Jesper Pedersen > Assignee: Jesper Pedersen > Priority: Blocker > Fix For: 1.0.26.Final > > > {noformat} > at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.doDestroy(SemaphoreArrayListManagedConnectionPool.java:866) > at org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.getConnection(SemaphoreArrayListManagedConnectionPool.java:312) > at org.jboss.jca.core.connectionmanager.pool.AbstractPool.getSimpleConnection(AbstractPool.java:404) > {noformat} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2014