December 2015 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-5774) Add Elytron security domain mappings

by Darran Lofthouse (JIRA)

Darran Lofthouse created WFLY-5774: -------------------------------------- Summary: Add Elytron security domain mappings Key: WFLY-5774 URL: https://issues.jboss.org/browse/WFLY-5774 Project: WildFly Issue Type: Task Components: Web (Undertow) Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 11.0.0.Alpha1 This is a mapping from the security domain as specified in a deployment to the HTTP authentication definition within Elytron. This will also need an option to specify if the authentication methods as defined in the web.xml should be honoured or if the Elytron selected mechanisms should be used. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5773) Remove ASM from Hibernate module as its no longer needed

by Scott Marlow (JIRA)

Scott Marlow created WFLY-5773: ---------------------------------- Summary: Remove ASM from Hibernate module as its no longer needed Key: WFLY-5773 URL: https://issues.jboss.org/browse/WFLY-5773 Project: WildFly Issue Type: Task Components: JPA / Hibernate Affects Versions: 10.0.0.CR4 Reporter: Scott Marlow Assignee: Scott Marlow cglib was removed (see [http://in.relation.to/2010/08/19/deprecated-cglib-support]) from Hibernate, so we no longer need it. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (JGRP-1991) TCP_NIO2: copy on demand

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-1991?page=com.atlassian.jira.plugin.... ] Bela Ban commented on JGRP-1991: -------------------------------- When using copying (a user might disable copying altogether if they pass copies to the write() anyway), we need to know which buffers have been copied yet, and which ones haven't. Since we're writing buffers from left to right (and thus copy from left to right, too), we could use a marker {{last_copied}} which is the index of the last copied buffer. All buffer after that index have not yet been copied. The following transitions can happen: * The contents of the buffers are moved to the left -> the marker moves with the data, possibly to the first index * We add a buffer -> marker stays in place * We write a few buffers -> the marker moves just beyond the last _successfully_ written buffer * A partial write occurs -> copy *all* buffers after the last successful write, up to the end of the buffer list Whether or not to copy may also be a field of {{WriteBuffers}}. > TCP_NIO2: copy on demand > ------------------------ > > Key: JGRP-1991 > URL: https://issues.jboss.org/browse/JGRP-1991 > Project: JGroups > Issue Type: Enhancement > Reporter: Bela Ban > Assignee: Bela Ban > Fix For: 3.6.7 > > > When TCP_NIO2 writes data, we always pass a copy of data of it, because of JGRP-1961 [1]. > However, if we copied the data only on a *partial write* (full writes don't need a copy), then we could always pass data from reused buffers down to the transport. > Example: we want to write 3 buffers of 100, 200 and 700 bytes in a gathering write (the buffers are allocated from reusable byte[] arrays). > If the write returns 1000, we know that all 3 buffers have been written and there is no need to copy any of the buffers. However, if only 500 bytes were written, then we can trash the first 2 buffers, but need to make a copy of the 3rd buffer in range [201 .. 700]. > This allows the sender to reuse previously allocated buffers, as all transports (UDP, TCP, TCP_NIO2) now guarantee that, on return of the send(), either the data was written completely, or a copy was made. > [1] https://issues.jboss.org/browse/JGRP-1961 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-459) correct JPA dependency injection (stop injecting javassist)

by Scott Marlow (JIRA)

[ https://issues.jboss.org/browse/WFLY-459?page=com.atlassian.jira.plugin.s... ] Scott Marlow commented on WFLY-459: ----------------------------------- We probably need both (JPADependencyProcessor + static) exports of javassist, to cover all three cases: 1. native Hibernate applications 2. container managed JPA applications 3. container managed JPA applications that embed their own copy of Hibernate jars > correct JPA dependency injection (stop injecting javassist) > ----------------------------------------------------------- > > Key: WFLY-459 > URL: https://issues.jboss.org/browse/WFLY-459 > Project: WildFly > Issue Type: Task > Components: JPA / Hibernate > Reporter: Scott Marlow > Assignee: Scott Marlow > > Rather than export the javassist dependency, see if we can change javassist to generate proxies for the application classes which aren't on the hibernate module class path. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5771) IIOP operations need SerializablePermission("enableSubclassImplementation")

by Ivo Studensky (JIRA)

[ https://issues.jboss.org/browse/WFLY-5771?page=com.atlassian.jira.plugin.... ] Ivo Studensky commented on WFLY-5771: ------------------------------------- Similar fix has to be done for Narayana as well, see JBTM-2577. > IIOP operations need SerializablePermission("enableSubclassImplementation") > --------------------------------------------------------------------------- > > Key: WFLY-5771 > URL: https://issues.jboss.org/browse/WFLY-5771 > Project: WildFly > Issue Type: Bug > Components: IIOP, Transactions > Affects Versions: 10.0.0.CR4 > Reporter: Ivo Studensky > Assignee: Ivo Studensky > > Since JDK 7u25 version {{org.omg.CORBA_2_3.portable.Output/InputStream}} classes need extra permissions if Security Manager is enabled. Because of a previous vulnerability, it now checks {{SerializablePermission("enableSubclassImplementation")}}. There is a property flag to allow subclass instantiations without the security check (jdk.corba.allowOutputStreamSubclass=true), but this system property is subject to removal in the future Java releases, according to my findings. > At the moment, our IIOP code fails (can be seen in iiop tests of WildFly testsuite) when running with SM enabled. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5521) Tests from IIOP module fails with security manager

by Ivo Studensky (JIRA)

[ https://issues.jboss.org/browse/WFLY-5521?page=com.atlassian.jira.plugin.... ] Ivo Studensky commented on WFLY-5521: ------------------------------------- I've filed PR with a fix for IIOPSecurityInvocationTestCase. Remaining issues in IIOP tests are covered by WFLY-5771 and JBTM-2577. > Tests from IIOP module fails with security manager > -------------------------------------------------- > > Key: WFLY-5521 > URL: https://issues.jboss.org/browse/WFLY-5521 > Project: WildFly > Issue Type: Bug > Components: Test Suite > Affects Versions: 10.0.0.CR2 > Reporter: Marek Kopecký > Assignee: Ivo Studensky > Attachments: IIOP.tests.txt > > > *Description of problem:* > Tests from IIOP module fails with security manager. > *How reproducible:* > Always > *Steps to Reproduce:* > # ./integration-tests.sh -Dmaven.repo.local=$MAVEN_REPO_LOCAL -fae -Dmaven.test.failure.ignore=true -Dnode0=$MYTESTIP_1 -Dnode1=$MYTESTIP_2 -Dmcast=$MCAST_ADDR -Djboss.dist=$JBOSS_DIST -Dsecurity.manager -Dts.IIOP -Dts.noSmoke > *Actual results:* > See attached file > *Expected results:* > No errors -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-996) Default Stateless Session in Kie Server

by Justin Goldsmith (JIRA)

[ https://issues.jboss.org/browse/DROOLS-996?page=com.atlassian.jira.plugin... ] Justin Goldsmith updated DROOLS-996: ------------------------------------ Component/s: kie server Affects Version/s: 6.3.0.Final > Default Stateless Session in Kie Server > --------------------------------------- > > Key: DROOLS-996 > URL: https://issues.jboss.org/browse/DROOLS-996 > Project: Drools > Issue Type: Feature Request > Components: kie server > Affects Versions: 6.3.0.Final > Reporter: Justin Goldsmith > Assignee: Justin Goldsmith > Priority: Minor > > When executing against a container in kie server if the default session is stateful you do not have to provide a lookup, but if the default session is stateless it throws an exception stating there is no default session. While this is easy to work around its not intuitive. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-996) Default Stateless Session in Kie Server

by Justin Goldsmith (JIRA)

Justin Goldsmith created DROOLS-996: --------------------------------------- Summary: Default Stateless Session in Kie Server Key: DROOLS-996 URL: https://issues.jboss.org/browse/DROOLS-996 Project: Drools Issue Type: Feature Request Reporter: Justin Goldsmith Assignee: Justin Goldsmith Priority: Minor When executing against a container in kie server if the default session is stateful you do not have to provide a lookup, but if the default session is stateless it throws an exception stating there is no default session. While this is easy to work around its not intuitive. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5771) IIOP operations need SerializablePermission("enableSubclassImplementation")

by Ivo Studensky (JIRA)

[ https://issues.jboss.org/browse/WFLY-5771?page=com.atlassian.jira.plugin.... ] Ivo Studensky commented on WFLY-5771: ------------------------------------- stacktrace: {noformat} at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:271) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) at org.omg.CORBA_2_3.portable.InputStream.checkPermission(InputStream.java:67) at org.omg.CORBA_2_3.portable.InputStream.<init>(InputStream.java:84) at com.sun.corba.se.impl.encoding.CDRInputStream.<init>(CDRInputStream.java:116) at com.sun.corba.se.impl.encoding.EncapsInputStream.<init>(EncapsInputStream.java:66) at com.sun.corba.se.impl.encoding.EncapsInputStream.<init>(EncapsInputStream.java:120) at com.sun.corba.se.impl.encoding.EncapsInputStream.<init>(EncapsInputStream.java:98) at org.wildfly.iiop.openjdk.csiv2.CSIV2IORToSocketInfo.readCompoundSecMechList(CSIV2IORToSocketInfo.java:146) at org.wildfly.iiop.openjdk.csiv2.CSIV2IORToSocketInfo.selectSSLTransportAddress(CSIV2IORToSocketInfo.java:117) at org.wildfly.iiop.openjdk.csiv2.CSIV2IORToSocketInfo.getSocketInfo(CSIV2IORToSocketInfo.java:99) at com.sun.corba.se.impl.transport.CorbaContactInfoListImpl.addRemoteContactInfos(CorbaContactInfoListImpl.java:189) at com.sun.corba.se.impl.transport.CorbaContactInfoListImpl.createContactInfoList(CorbaContactInfoListImpl.java:178) at com.sun.corba.se.impl.transport.CorbaContactInfoListImpl.iterator(CorbaContactInfoListImpl.java:80) - locked <0x359a> (a com.sun.corba.se.impl.transport.CorbaContactInfoListImpl) at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:122) at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449) at org.jboss.as.ejb3.iiop.stub.DynamicIIOPStub.invoke(DynamicIIOPStub.java:123) at interface org.jboss.as.test.iiop.transaction.IIOPTransactionalStatefulRemote_Stub.sameTransaction(Unknown Source:-1) at org.jboss.as.test.iiop.transaction.ClientEjb.testSynchronization(ClientEjb.java:61) {noformat} > IIOP operations need SerializablePermission("enableSubclassImplementation") > --------------------------------------------------------------------------- > > Key: WFLY-5771 > URL: https://issues.jboss.org/browse/WFLY-5771 > Project: WildFly > Issue Type: Bug > Components: IIOP, Transactions > Affects Versions: 10.0.0.CR4 > Reporter: Ivo Studensky > Assignee: Ivo Studensky > > Since JDK 7u25 version {{org.omg.CORBA_2_3.portable.Output/InputStream}} classes need extra permissions if Security Manager is enabled. Because of a previous vulnerability, it now checks {{SerializablePermission("enableSubclassImplementation")}}. There is a property flag to allow subclass instantiations without the security check (jdk.corba.allowOutputStreamSubclass=true), but this system property is subject to removal in the future Java releases, according to my findings. > At the moment, our IIOP code fails (can be seen in iiop tests of WildFly testsuite) when running with SM enabled. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 7 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5772) Upgrade Infinispan to 8.1.0.Final

by Paul Ferraro (JIRA)

Paul Ferraro created WFLY-5772: ---------------------------------- Summary: Upgrade Infinispan to 8.1.0.Final Key: WFLY-5772 URL: https://issues.jboss.org/browse/WFLY-5772 Project: WildFly Issue Type: Component Upgrade Components: Clustering Affects Versions: 10.0.0.CR4 Reporter: Paul Ferraro Assignee: Paul Ferraro -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 7 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira December 2015