[JBoss JIRA] (WFLY-3478) subnet-match is completely broken
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-3478?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration commented on WFLY-3478:
-----------------------------------------------
Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1111575|https://bugzilla.redhat.com/show_bug.cgi?id=1111575] from MODIFIED to ON_QA
> subnet-match is completely broken
> ---------------------------------
>
> Key: WFLY-3478
> URL: https://issues.jboss.org/browse/WFLY-3478
> Project: WildFly
> Issue Type: Bug
> Affects Versions: 8.1.0.Final
> Reporter: Rich DiCroce
> Assignee: Ivo Studensky
> Fix For: 8.2.0.CR1, 9.0.0.Alpha1
>
>
> subnet-match does not respect the value attribute. Instead, it seems to just pick the first interface it finds. No matter what I specify as a value, even if it's a value that's complete nonsense and doesn't match any IP address on my system, e.g.
> {code:xml}
> <interface name="public">
> <subnet-match value="1.2.3.0/24"/>
> </interface>
> {code}
> the ports end up bound to the only interface that is currently connected
> {noformat}
> 14:45:16,740 INFO [stdout] (ServerService Thread Pool -- 40) -------------------------------------------------------------------
> 14:45:16,740 INFO [stdout] (ServerService Thread Pool -- 40) GMS: address=normandy/GamingPortal, cluster=GamingPortal, physical address=192.168.1.105:3100
> 14:45:16,741 INFO [stdout] (ServerService Thread Pool -- 40) -------------------------------------------------------------------
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
10 years
[JBoss JIRA] (SECURITY-851) Base64Utils class cuts leading zeroes from encoded bytes
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/SECURITY-851?page=com.atlassian.jira.plug... ]
RH Bugzilla Integration commented on SECURITY-851:
--------------------------------------------------
Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1125004|https://bugzilla.redhat.com/show_bug.cgi?id=1125004] from MODIFIED to ON_QA
> Base64Utils class cuts leading zeroes from encoded bytes
> --------------------------------------------------------
>
> Key: SECURITY-851
> URL: https://issues.jboss.org/browse/SECURITY-851
> Project: PicketBox
> Issue Type: Bug
> Affects Versions: PicketBox_4_0_21.Beta2
> Reporter: Josef Cacek
> Assignee: Josef Cacek
> Priority: Blocker
> Fix For: PicketBox_4_0_21.Beta4
>
>
> Vault util is failing for some password/salt/iteration combinations because Base64Utils class strips zeroes from provided byte array.
> So if a user encodes a key with length 8 and the leading byte of the key is zero, then after decoding he only gets 7 (or less) bytes.
> For instance:
> {code}
> encode ( { 0, 81, 121, -37, 46, -64, 20, 114 } ) -> "1HUTikm1Ho"
> decode ("1HUTikm1Ho") -> { 81, 121, -37, 46, -64, 20, 114 }
> {code}
> As a result the PBEUtil will fail with javax.crypto.IllegalBlockSizeException.
> IMHO the same problem can occur on other places where the Base64Utils class is used (not only the Vault).
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
10 years
[JBoss JIRA] (WFLY-838) Can't get implementing classname for JSR77 MBean
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-838?page=com.atlassian.jira.plugin.s... ]
RH Bugzilla Integration commented on WFLY-838:
----------------------------------------------
Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1138595|https://bugzilla.redhat.com/show_bug.cgi?id=1138595] from MODIFIED to ON_QA
> Can't get implementing classname for JSR77 MBean
> ------------------------------------------------
>
> Key: WFLY-838
> URL: https://issues.jboss.org/browse/WFLY-838
> Project: WildFly
> Issue Type: Bug
> Components: JMX
> Reporter: Anders Welen
> Priority: Minor
> Fix For: Awaiting Volunteers
>
>
> The following exception are thrown when asking the MBean server for the classname implementing "jboss.jsr77:j2eeType=WebModule,name=MyWar.war,J2EEServer=default".
> It should be a legal call. Why are the code clearly states it's illegal?
>
> java.lang.IllegalStateException: JBAS019905: Should not get called
> at org.jboss.as.jsr77.managedobject.J2EEDeployedObjectHandlers$J2EEModuleHandler.queryObjectNames(J2EEDeployedObjectHandlers.java:245)
> at org.jboss.as.jsr77.managedobject.BaseHandler.getMBeanInfo(BaseHandler.java:64)
> at org.jboss.as.jsr77.managedobject.J2EEDeployedObjectHandlers.getMBeanInfo(J2EEDeployedObjectHandlers.java:147)
> at org.jboss.as.jsr77.managedobject.ManagedObjectHandlerRegistry.getMBeanInfo(ManagedObjectHandlerRegistry.java:112)
> at org.jboss.as.jsr77.subsystem.JSR77ManagementMBeanServer.getMBeanInfo(JSR77ManagementMBeanServer.java:179)
> at org.jboss.as.jmx.PluggableMBeanServerImpl.getMBeanInfo(PluggableMBeanServerImpl.java:212)
>
> The error can easily be triggered by using JConsole to browse the same MBean.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
10 years
[JBoss JIRA] (WFLY-3492) JSSE configuration in security domain wrongly acceptes empty parameters
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-3492?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration commented on WFLY-3492:
-----------------------------------------------
Paul Gier <pgier(a)redhat.com> changed the Status of [bug 1080069|https://bugzilla.redhat.com/show_bug.cgi?id=1080069] from MODIFIED to ON_QA
> JSSE configuration in security domain wrongly acceptes empty parameters
> -----------------------------------------------------------------------
>
> Key: WFLY-3492
> URL: https://issues.jboss.org/browse/WFLY-3492
> Project: WildFly
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 8.1.0.Final
> Reporter: Chao Wang
> Assignee: Alexey Loubyansky
> Fix For: 8.2.0.CR1
>
>
> Description from https://bugzilla.redhat.com/show_bug.cgi?id=1080069:
> {noformat}
> When adding a jsse configuration in security domain through CLI, it's not persisted correctly.
> Steps to reproduce:
> * Run CLI (./jboss-cli.sh -c) and use this commands to configure new security domain:
> /subsystem=security/security-domain=trust-domain:add
> /subsystem=security/security-domain=trust-domain/jsse=classic:add(truststore=>{password=1234test,url=/home/jcacek/projects/ocsp-check/build/trusted-clients.jks})
> reload
> * check standalone.xml, where should be sth. like
> <security-domain name="trust-domain">
> <jsse truststore-password="1234test" truststore-url="/home/jcacek/projects/ocsp-check/build/trusted-clients.jks"/>
> </security-domain>
> But there is:
> <security-domain name="trust-domain">
> <jsse/>
> </security-domain>
> {noformat}
> {noformat}
> I had a mistake in the second command, it should be:
> /subsystem=security/security-domain=trust-domain/jsse=classic:add(truststore={password=>1234test,url=>/home/jcacek/projects/ocsp-check/build/trusted-clients.jks})
> Then it works.
> Nevertheless it's probably still a bug, when the original command returns:
> {
> "outcome" => "success",
> "response-headers" => {
> "operation-requires-reload" => true,
> "process-state" => "reload-required"
> }
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
10 years
[JBoss JIRA] (WFLY-3101) CLI: hide stacktraces for exceptions w/o messages when logging errors
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/WFLY-3101?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration commented on WFLY-3101:
-----------------------------------------------
Paul Gier <pgier(a)redhat.com> changed the Status of [bug 997584|https://bugzilla.redhat.com/show_bug.cgi?id=997584] from MODIFIED to ON_QA
> CLI: hide stacktraces for exceptions w/o messages when logging errors
> ---------------------------------------------------------------------
>
> Key: WFLY-3101
> URL: https://issues.jboss.org/browse/WFLY-3101
> Project: WildFly
> Issue Type: Task
> Components: CLI
> Affects Versions: 8.0.0.Final
> Reporter: Alexey Loubyansky
> Assignee: Alexey Loubyansky
> Fix For: 8.1.0.CR1, 8.1.0.Final
>
>
> CommandContextImpl contains the following logic
> public void handleSafe(String line) {
> exitCode = 0;
> try {
> handle(line);
> } catch(Throwable t) {
> final StringBuilder buf = new StringBuilder();
> buf.append(t.getLocalizedMessage());
> Throwable t1 = t.getCause();
> while(t1 != null) {
> if(t1.getLocalizedMessage() != null) {
> buf.append(": ").append(t1.getLocalizedMessage());
> } else {
> t1.printStackTrace();
> }
> t1 = t1.getCause();
> }
> error(buf.toString());
> }
> }
> When an exception does not contain any message, e.g. in some cases IllegalArgumentException, etc, the full stacktraces are logged that are useful for debugging but not nice from the user interface point of view. It was suggested to hide them.
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
10 years