June 2015 - jboss-jira - Jboss List Archives

[JBoss JIRA] (JGRP-1914) S3_PING doesn't work with S3 buckets created in Frankfurt region

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-1914?page=com.atlassian.jira.plugin.... ] Bela Ban updated JGRP-1914: --------------------------- Fix Version/s: 3.6.5 (was: 3.6.4) Mark, I need to start the 3.6.4 release, moved this to 3.6.5. > S3_PING doesn't work with S3 buckets created in Frankfurt region > ----------------------------------------------------------------- > > Key: JGRP-1914 > URL: https://issues.jboss.org/browse/JGRP-1914 > Project: JGroups > Issue Type: Bug > Reporter: Gleb Leonov > Assignee: Bela Ban > Fix For: 3.6.5 > > > I tried to use S3_PING with access and secret key pair. However, I got 400 (Bad Request) error. After some investigation, I found that modern S3 buckets created in Frankfurt needs amazon v4 authentication, which needs hmac-sha256. But now S3_PING supports only hmac-sha1, so I see no way to use S3_PING with buckets in Frankfurt region. -- This message was sent by Atlassian JIRA (v6.3.15#6346)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (JGRP-886) TCP_NIO: revive and support as additional transport

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-886?page=com.atlassian.jira.plugin.s... ] Bela Ban updated JGRP-886: -------------------------- Fix Version/s: 3.6.5 (was: 4.0) Moved to 3.6.5, so people can still use Java 7. > TCP_NIO: revive and support as additional transport > --------------------------------------------------- > > Key: JGRP-886 > URL: https://issues.jboss.org/browse/JGRP-886 > Project: JGroups > Issue Type: Task > Reporter: Bela Ban > Assignee: Bela Ban > Fix For: 3.6.5 > > > Merge TCP and TCP_NIO into one protocol. Adapt it to use NIO2 (when available). -- This message was sent by Atlassian JIRA (v6.3.15#6346)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-897) Unable to authenticate in SPNEGO Login Module with NullPointerException

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/SECURITY-897?page=com.atlassian.jira.plug... ] RH Bugzilla Integration updated SECURITY-897: --------------------------------------------- Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=1236606 > Unable to authenticate in SPNEGO Login Module with NullPointerException > ----------------------------------------------------------------------- > > Key: SECURITY-897 > URL: https://issues.jboss.org/browse/SECURITY-897 > Project: PicketBox > Issue Type: Bug > Components: Negotiation > Affects Versions: Negotiation_2_3_6_Final, Negotiation_2_3_3_Final > Environment: Red Hat JBoss EAP 6.3.2 > Reporter: Kunjan Rathod > Assignee: Darran Lofthouse > Labels: jboss, jboss-as > > Description of problem: > The configuration with SPNEGO works fine, however from time to time the authentication fails with the following error: > ERROR (HTTP-341) [org.jboss.security.auth.spi.AbstractServerLoginModule] Unable to authenticate: java.lang.NullPointerException > at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:420) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:356) > Version-Release number of selected component (if applicable): > JBoss Security Negotiation 2.3.3.Final > How reproducible: > This happens very rarely (20 times in a day on a system where about 50 users are working) and it is extremely hard to reproduce. > Additional info: > At line 420 in [1], the GSSToken is null > ~~~~ > if (respToken != null) > { > NegotiationMessage response; > if (requestMessage instanceof KerberosMessage) > { > response = new KerberosMessage(Constants.KERBEROS_V5, respToken); > } > else > { > NegTokenTarg negTokenTarg = new NegTokenTarg(); > negTokenTarg.setResponseToken(respToken); > response = negTokenTarg; > } > ~~~~ > It looks like a GSSToken can be or is null, check the line#344 as follows:- > ~~~~~~~~~ > public Object run() > { > try > { > // The message type will have already been checked before this point so we know it is > // a SPNEGO message. > NegotiationMessage requestMessage = negotiationContext.getRequestMessage(); > // TODO - Ensure no way to fall through with gssToken still null. > byte[] gssToken = null; > if (requestMessage instanceof NegTokenInit) > { > ... > ~~~~~~~~~ > [1] : https://github.com/wildfly-security/jboss-negotiation/blob/2.3.3.Final/jb... -- This message was sent by Atlassian JIRA (v6.3.15#6346)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-897) Unable to authenticate in SPNEGO Login Module with NullPointerException

by Kunjan Rathod (JIRA)

Kunjan Rathod created SECURITY-897: -------------------------------------- Summary: Unable to authenticate in SPNEGO Login Module with NullPointerException Key: SECURITY-897 URL: https://issues.jboss.org/browse/SECURITY-897 Project: PicketBox Issue Type: Bug Components: Negotiation Affects Versions: Negotiation_2_3_3_Final, Negotiation_2_3_6_Final Environment: Red Hat JBoss EAP 6.3.2 Reporter: Kunjan Rathod Assignee: Darran Lofthouse Description of problem: The configuration with SPNEGO works fine, however from time to time the authentication fails with the following error: ERROR (HTTP-341) [org.jboss.security.auth.spi.AbstractServerLoginModule] Unable to authenticate: java.lang.NullPointerException at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:420) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:356) Version-Release number of selected component (if applicable): JBoss Security Negotiation 2.3.3.Final How reproducible: This happens very rarely (20 times in a day on a system where about 50 users are working) and it is extremely hard to reproduce. Additional info: At line 420 in [1], the GSSToken is null ~~~~ if (respToken != null) { NegotiationMessage response; if (requestMessage instanceof KerberosMessage) { response = new KerberosMessage(Constants.KERBEROS_V5, respToken); } else { NegTokenTarg negTokenTarg = new NegTokenTarg(); negTokenTarg.setResponseToken(respToken); response = negTokenTarg; } ~~~~ It looks like a GSSToken can be or is null, check the line#344 as follows:- ~~~~~~~~~ public Object run() { try { // The message type will have already been checked before this point so we know it is // a SPNEGO message. NegotiationMessage requestMessage = negotiationContext.getRequestMessage(); // TODO - Ensure no way to fall through with gssToken still null. byte[] gssToken = null; if (requestMessage instanceof NegTokenInit) { ... ~~~~~~~~~ [1] : https://github.com/wildfly-security/jboss-negotiation/blob/2.3.3.Final/jb... -- This message was sent by Atlassian JIRA (v6.3.15#6346)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-221) Implement a better X.500 principal mapper

by David Lloyd (JIRA)

David Lloyd created ELY-221: ------------------------------- Summary: Implement a better X.500 principal mapper Key: ELY-221 URL: https://issues.jboss.org/browse/ELY-221 Project: WildFly Elytron Issue Type: Feature Request Reporter: David Lloyd We can provide something better than a flat string mapping. Some thoughts on requirements: * Require that a minimum set of keys are present, else return {{null}} * Allow piecewise assembly of principal names with the following components: ** Static string ** Single attribute value e.g. {{dc[0]}} ** Joined attribute value (with optional subrange) e.g. {{dc:"."}} would convert {{dc=example,dc=com}} to {{example.com}} ** Joined attribute value in reverse (with optional subrange) -- This message was sent by Atlassian JIRA (v6.3.15#6346)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-4827) Network Connection leak on client abort connection

by Stuart Douglas (JIRA)

[ https://issues.jboss.org/browse/WFLY-4827?page=com.atlassian.jira.plugin.... ] Stuart Douglas commented on WFLY-4827: -------------------------------------- Can you try building the latest version of the undertow 1.1.x branch? to build: {code} git clone git@github.com:undertow-io/undertow.git cd undertow mvn install {code} > Network Connection leak on client abort connection > -------------------------------------------------- > > Key: WFLY-4827 > URL: https://issues.jboss.org/browse/WFLY-4827 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow), Web Sockets > Affects Versions: 8.2.0.Final > Environment: On Windows Server 2012, JDK 1.8.0_45, Wildfly 8.2.0.Final in standalone mode. > Reporter: Andrea Bertolini > Assignee: Stuart Douglas > > We have a classic client-server application, all written in Java. Each client is installed on a forklift which can move all around a large area. This area is under wi-fi coverage. > Sometimes the clients can have a bad connection quality and the client-server communication is interrupted; in such a case it takes too many seconds to be restored. > To fix this situation, we add a timeout client-side. After 5 seconds it aborts the call and tries again a second time. > To achieve this call we use apache httpcomponents library (version 4.4). We use the abort method of httppost to interrupt this call. > Server-side, we have a group of web-servlets which listen to the incoming calls, manage requests and send a response. > It appears that sometimes a communication remains stuck in reading or writing from/to the stream. When the client aborts the communication, an exception is thrown on the server caused by the channel being closed. > It happens that a large number of connections remains stuck in connection status 'established' (only server-side) even if the real connection is actually closed (client doesn't have that connection active anymore). > When the number of established connections grows up to 200, server stops responding on port 8080, so it cannot accept more connections and it seems to freeze. > We tried to add tcp-keep-alive=true and no-request-timeout=120000 on http-listener in undertow subsystem, but sometimes it removes idle connections after any incoming requests are received for 2 minutes, some other times it keep connections as established and doesn't close them. -- This message was sent by Atlassian JIRA (v6.3.15#6346)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-220) Add a RegExSplittingNameRewriter

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-220?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse resolved ELY-220. ---------------------------------- Resolution: Rejected Thanks, that last example does the trick ;-) > Add a RegExSplittingNameRewriter > --------------------------------- > > Key: ELY-220 > URL: https://issues.jboss.org/browse/ELY-220 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Utils > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.0.0.Alpha2 > > > The existing implementations allow for replacing a portion of a name based on a regular expression or validating a name based on a regular expression - however we do not have a form that allows you to easily extract a portion of a name. -- This message was sent by Atlassian JIRA (v6.3.15#6346)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-4766) Filter matching static resource confuses servlet matching logic

by Stuart Douglas (JIRA)

[ https://issues.jboss.org/browse/WFLY-4766?page=com.atlassian.jira.plugin.... ] Stuart Douglas resolved WFLY-4766. ---------------------------------- Fix Version/s: 9.0.0.Final 10.0.0.Beta1 Resolution: Done > Filter matching static resource confuses servlet matching logic > --------------------------------------------------------------- > > Key: WFLY-4766 > URL: https://issues.jboss.org/browse/WFLY-4766 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 8.1.0.Final, 8.2.0.Final, 9.0.0.CR2, 10.0.0.Alpha2 > Reporter: Peter Major > Assignee: Stuart Douglas > Fix For: 9.0.0.Final, 10.0.0.Beta1 > > Attachments: hello.war > > > Imagine the following setup: > * There are static files stored under the servlet context in the helloworld folder > * there is a servlet mapped to /hello/* > * there is a filter configured to match /helloworld/index.html > For some reason with this set up the end result is that when I request /helloworld or /helloworld/index.html then the servlet is displayed instead of my static files (note that welcome-file-list was configured for index.html). As /hello/* *really* shouldn't match /helloworld I can only think that this is a bug in wildfly, possibly somewhere in undertow. > Oddly enough, once the filter mapping is removed, suddenly the static file is served correctly, so the filter must have some role in this issue. -- This message was sent by Atlassian JIRA (v6.3.15#6346)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-220) Add a RegExSplittingNameRewriter

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-220?page=com.atlassian.jira.plugin.sy... ] David Lloyd commented on ELY-220: --------------------------------- However this case is better solved by a better PrincipalDecoder that handles structure less naively than simply flattening the X.500 principal to a string. Maybe something that allows you to select components out of the principal, and perhaps require certain components in order to successfully decode. > Add a RegExSplittingNameRewriter > --------------------------------- > > Key: ELY-220 > URL: https://issues.jboss.org/browse/ELY-220 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Utils > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.0.0.Alpha2 > > > The existing implementations allow for replacing a portion of a name based on a regular expression or validating a name based on a regular expression - however we do not have a form that allows you to easily extract a portion of a name. -- This message was sent by Atlassian JIRA (v6.3.15#6346)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-220) Add a RegExSplittingNameRewriter

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-220?page=com.atlassian.jira.plugin.sy... ] David Lloyd commented on ELY-220: --------------------------------- Ah yes, my mistake: {code} NameRewriter transformingRewriter = new RegexNameRewriter(Pattern.compile("^.*?\\bdc=([^,]++).*$"), "$1", false); {code} > Add a RegExSplittingNameRewriter > --------------------------------- > > Key: ELY-220 > URL: https://issues.jboss.org/browse/ELY-220 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Utils > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.0.0.Alpha2 > > > The existing implementations allow for replacing a portion of a name based on a regular expression or validating a name based on a regular expression - however we do not have a form that allows you to easily extract a portion of a name. -- This message was sent by Atlassian JIRA (v6.3.15#6346)

8 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira June 2015