[JBoss JIRA] (JBWEB-258) DigestAuthenticator generates duplicate nonces
by Aaron Ogburn (JIRA)
[ https://issues.jboss.org/browse/JBWEB-258?page=com.atlassian.jira.plugin.... ]
Aaron Ogburn commented on JBWEB-258:
------------------------------------
7.5.x: r2588
7.4.x: r2589
> DigestAuthenticator generates duplicate nonces
> ----------------------------------------------
>
> Key: JBWEB-258
> URL: https://issues.jboss.org/browse/JBWEB-258
> Project: JBoss Web
> Issue Type: Bug
> Affects Versions: JBossWeb-2.1.12.GA, JBossWeb-7.0.16.GA, JBossWeb-7.2.0.Alpha3
> Reporter: Aaron Ogburn
> Assignee: Remy Maucherat
> Attachments: 21x.diff, 70x.diff, 72x.diff
>
>
> DigestAuthenticator currently generates nonces as a hash of the client's remote ip, the current time at generation time, and an internal server key. With high concurrent load in a scenario where many clients show a single ip (such as behind a loadbalancer/proxy), then it is very easy for DigestAuthenticator to give out duplicate nonces when they are generated at the same time.
> This then leads to authentication failues as counts for the duplicate nonces get out of whack.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
9 years, 3 months
[JBoss JIRA] (JBWEB-258) DigestAuthenticator generates duplicate nonces
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/JBWEB-258?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration commented on JBWEB-258:
-----------------------------------------------
Aaron Ogburn <aogburn(a)redhat.com> changed the Status of [bug 1188744|https://bugzilla.redhat.com/show_bug.cgi?id=1188744] from NEW to POST
> DigestAuthenticator generates duplicate nonces
> ----------------------------------------------
>
> Key: JBWEB-258
> URL: https://issues.jboss.org/browse/JBWEB-258
> Project: JBoss Web
> Issue Type: Bug
> Affects Versions: JBossWeb-2.1.12.GA, JBossWeb-7.0.16.GA, JBossWeb-7.2.0.Alpha3
> Reporter: Aaron Ogburn
> Assignee: Remy Maucherat
> Attachments: 21x.diff, 70x.diff, 72x.diff
>
>
> DigestAuthenticator currently generates nonces as a hash of the client's remote ip, the current time at generation time, and an internal server key. With high concurrent load in a scenario where many clients show a single ip (such as behind a loadbalancer/proxy), then it is very easy for DigestAuthenticator to give out duplicate nonces when they are generated at the same time.
> This then leads to authentication failues as counts for the duplicate nonces get out of whack.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
9 years, 3 months
[JBoss JIRA] (WFLY-4308) Proxies created via ContextService.createContextualProxy(...) are not Serializable
by Paul Ferraro (JIRA)
[ https://issues.jboss.org/browse/WFLY-4308?page=com.atlassian.jira.plugin.... ]
Paul Ferraro commented on WFLY-4308:
------------------------------------
Some more detail...
It appears that the invocation handler of the generated proxies contains a reference to the ContextService itself, which can be serialized more intelligently.
> Proxies created via ContextService.createContextualProxy(...) are not Serializable
> ----------------------------------------------------------------------------------
>
> Key: WFLY-4308
> URL: https://issues.jboss.org/browse/WFLY-4308
> Project: WildFly
> Issue Type: Bug
> Components: EE
> Affects Versions: 9.0.0.Alpha1
> Reporter: Paul Ferraro
> Assignee: David Lloyd
> Priority: Critical
>
> Setting priority to critical since, I believe, this is a matter of compliance with the concurrency utilities specification.
> Section 3.3.4 of the specification states that:
> "All invocation handlers for the contextual proxy implementation must implement java.io.Serializable."
> While the invocation handler of the generated proxy does indeed implement Serializable, it contains a reference to org.jboss.as.server.moduleservice.ServiceModuleLoader, which is not serializable, thus attempts to serialize the proxies generated via ContextService.createContextualProxy(...) via JBoss Marshalling throw a org.infinispan.commons.marshall.NotSerializableException: org.jboss.as.server.moduleservice.ServiceModuleLoader
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
9 years, 3 months
[JBoss JIRA] (JBWEB-258) DigestAuthenticator generates duplicate nonces
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/JBWEB-258?page=com.atlassian.jira.plugin.... ]
RH Bugzilla Integration updated JBWEB-258:
------------------------------------------
Bugzilla Update: Perform
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=1188744
> DigestAuthenticator generates duplicate nonces
> ----------------------------------------------
>
> Key: JBWEB-258
> URL: https://issues.jboss.org/browse/JBWEB-258
> Project: JBoss Web
> Issue Type: Bug
> Affects Versions: JBossWeb-2.1.12.GA, JBossWeb-7.0.16.GA, JBossWeb-7.2.0.Alpha3
> Reporter: Aaron Ogburn
> Assignee: Remy Maucherat
> Attachments: 21x.diff, 70x.diff, 72x.diff
>
>
> DigestAuthenticator currently generates nonces as a hash of the client's remote ip, the current time at generation time, and an internal server key. With high concurrent load in a scenario where many clients show a single ip (such as behind a loadbalancer/proxy), then it is very easy for DigestAuthenticator to give out duplicate nonces when they are generated at the same time.
> This then leads to authentication failues as counts for the duplicate nonces get out of whack.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
9 years, 3 months
[JBoss JIRA] (DROOLS-704) Java scriptTask compilation error reports invalid line
by Владимир Боднарчук (JIRA)
[ https://issues.jboss.org/browse/DROOLS-704?page=com.atlassian.jira.plugin... ]
Владимир Боднарчук updated DROOLS-704:
--------------------------------------
Description:
In case of a compilation error inside the scriptTask java code, the line and the column reported inside the org.drools.compiler.kie.builder.impl.MessageImpl are incorrect.
The MessageImpl.getPath() should also return a path with the node id that contains the compilation error.
To reproduce:
{code:java}
KieHelper kieHelper = new KieHelper();
kieHelper.addResource(ResourceFactory.newClassPathResource("processes/sample-jbpm6.bpmn"));
Results res = kieHelper.verify();
for (Message msg : res.getMessages()) {
System.out.println("Error: " + msg);
}
if (res.hasMessages(Message.Level.ERROR)) {
throw new IllegalStateException("Could not verify the workflow");
}
{code}
{noformat}
Error: class org.drools.compiler.kie.builder.impl.MessageImpl
[main] ERROR org.drools.compiler.kie.builder.impl.AbstractKieModule - Unable to build KieBaseModel:defaultKieBase
Process Compilation error : Process org.jbpm.Hello World(com.sample.bpmn.hello)
org/jbpm/Process_org$u46$jbpm$u46$Hello_World265679914.java (9:416) : Syntax error on token "halskdjfh", delete this token
Exception in thread "main" java.lang.IllegalStateException: Could not verify the workflow
at Main.main(Main.java:26)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:134)
Process finished with exit code 1
{noformat}
I've tested with both with "ECLIPSE" and "NATIVE" as values of the "drools.dialect.java.compiler".
was:
In case of a compilation error inside the scriptTask java code, the line and the column reported inside the org.drools.compiler.kie.builder.impl.MessageImpl are incorrect.
The MessageImpl.getPath() should also return a path with the node id that contains the compilation error.
To reproduce:
{code:Java}
KieHelper kieHelper = new KieHelper();
kieHelper.addResource(ResourceFactory.newClassPathResource("processes/sample-jbpm6.bpmn"));
Results res = kieHelper.verify();
for (Message msg : res.getMessages()) {
System.out.println("Error: " + msg);
}
if (res.hasMessages(Message.Level.ERROR)) {
throw new IllegalStateException("Could not verify the workflow");
}
{code}
{noformat}
Error: class org.drools.compiler.kie.builder.impl.MessageImpl
[main] ERROR org.drools.compiler.kie.builder.impl.AbstractKieModule - Unable to build KieBaseModel:defaultKieBase
Process Compilation error : Process org.jbpm.Hello World(com.sample.bpmn.hello)
org/jbpm/Process_org$u46$jbpm$u46$Hello_World265679914.java (9:416) : Syntax error on token "halskdjfh", delete this token
Exception in thread "main" java.lang.IllegalStateException: Could not verify the workflow
at Main.main(Main.java:26)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:134)
Process finished with exit code 1
{noformat}
I've tested with both with "ECLIPSE" and "NATIVE" as values of the "drools.dialect.java.compiler".
> Java scriptTask compilation error reports invalid line
> ------------------------------------------------------
>
> Key: DROOLS-704
> URL: https://issues.jboss.org/browse/DROOLS-704
> Project: Drools
> Issue Type: Bug
> Affects Versions: 6.1.0.Final
> Environment: Windows 7 x64,
> jdk1.6.0_45 x64
> jbpm 6.1.0.Final
> Reporter: Владимир Боднарчук
> Assignee: Mark Proctor
> Priority: Minor
>
> In case of a compilation error inside the scriptTask java code, the line and the column reported inside the org.drools.compiler.kie.builder.impl.MessageImpl are incorrect.
> The MessageImpl.getPath() should also return a path with the node id that contains the compilation error.
> To reproduce:
> {code:java}
> KieHelper kieHelper = new KieHelper();
> kieHelper.addResource(ResourceFactory.newClassPathResource("processes/sample-jbpm6.bpmn"));
> Results res = kieHelper.verify();
> for (Message msg : res.getMessages()) {
> System.out.println("Error: " + msg);
> }
> if (res.hasMessages(Message.Level.ERROR)) {
> throw new IllegalStateException("Could not verify the workflow");
> }
> {code}
> {noformat}
> Error: class org.drools.compiler.kie.builder.impl.MessageImpl
> [main] ERROR org.drools.compiler.kie.builder.impl.AbstractKieModule - Unable to build KieBaseModel:defaultKieBase
> Process Compilation error : Process org.jbpm.Hello World(com.sample.bpmn.hello)
> org/jbpm/Process_org$u46$jbpm$u46$Hello_World265679914.java (9:416) : Syntax error on token "halskdjfh", delete this token
> Exception in thread "main" java.lang.IllegalStateException: Could not verify the workflow
> at Main.main(Main.java:26)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:134)
> Process finished with exit code 1
> {noformat}
> I've tested with both with "ECLIPSE" and "NATIVE" as values of the "drools.dialect.java.compiler".
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
9 years, 3 months