January 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-5484) Calling HttpServletRequest.logout() with single sign-on enabled only works every second time

by Paul Ferraro (JIRA)

[ https://issues.jboss.org/browse/WFLY-5484?page=com.atlassian.jira.plugin.... ] Paul Ferraro reassigned WFLY-5484: ---------------------------------- Assignee: Stuart Douglas (was: Paul Ferraro) > Calling HttpServletRequest.logout() with single sign-on enabled only works every second time > -------------------------------------------------------------------------------------------- > > Key: WFLY-5484 > URL: https://issues.jboss.org/browse/WFLY-5484 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Reporter: Richard Janík > Assignee: Stuart Douglas > Priority: Blocker > Fix For: 10.0.0.CR5 > > Attachments: reproducer-jbeap-1282.zip > > > See "Steps to Reproduce". Logging out from an application only works every second time, e.g. HttpRequestServlet.logout() has to be called twice in order to have any effect > This doesn't occur without <single-sign-on/> enabled - logout() has the expected effect. The issue is security related, thus I'm adding our security team members as watchers. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5951) pending-puts cache configuration is not started by the JPA subsystem

by Scott Marlow (JIRA)

[ https://issues.jboss.org/browse/WFLY-5951?page=com.atlassian.jira.plugin.... ] Scott Marlow edited comment on WFLY-5951 at 1/7/16 12:53 PM: ------------------------------------------------------------- sample TRACE output: {noformat} 2016-01-07 11:12:47,305 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependencies with properties '{timestamps=timestamps, pending-puts=pending-puts, natural-id=entity, container=hibernate, entity=entity, query=local-query, immutable-entity=immutable-entity, collection=entity}' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.entity.config' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.immutable-entity.config' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.entity.config' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.entity.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.pending-puts.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.timestamps.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.local-query.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) added PersistenceUnitService (phase 2 of 2) for 'service jboss.persistenceunit."jboss-as-hibernate4Test.war#secondary"'. PU is {noformat} was (Author: smarlow): sample TRACE output: {quote} 2016-01-07 11:12:47,305 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependencies with properties '{timestamps=timestamps, pending-puts=pending-puts, natural-id=entity, container=hibernate, entity=entity, query=local-query, immutable-entity=immutable-entity, collection=entity}' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.entity.config' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.immutable-entity.config' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.entity.config' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.entity.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.pending-puts.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.timestamps.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.local-query.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) added PersistenceUnitService (phase 2 of 2) for 'service jboss.persistenceunit."jboss-as-hibernate4Test.war#secondary"'. PU is {quote} > pending-puts cache configuration is not started by the JPA subsystem > -------------------------------------------------------------------- > > Key: WFLY-5951 > URL: https://issues.jboss.org/browse/WFLY-5951 > Project: WildFly > Issue Type: Bug > Components: JPA / Hibernate > Reporter: Paul Ferraro > Assignee: Scott Marlow > Fix For: 10.0.0.Final > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5951) pending-puts cache configuration is not started by the JPA subsystem

by Scott Marlow (JIRA)

[ https://issues.jboss.org/browse/WFLY-5951?page=com.atlassian.jira.plugin.... ] Scott Marlow commented on WFLY-5951: ------------------------------------ sample TRACE output: {quote} 2016-01-07 11:12:47,305 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependencies with properties '{timestamps=timestamps, pending-puts=pending-puts, natural-id=entity, container=hibernate, entity=entity, query=local-query, immutable-entity=immutable-entity, collection=entity}' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.entity.config' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.immutable-entity.config' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.entity.config' 2016-01-07 11:12:47,306 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.entity.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.pending-puts.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.timestamps.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) add second level cache dependency on service 'jboss.infinispan.hibernate.local-query.config' 2016-01-07 11:12:47,307 TRACE [org.jboss.as.jpa] (MSC service thread 1-1) added PersistenceUnitService (phase 2 of 2) for 'service jboss.persistenceunit."jboss-as-hibernate4Test.war#secondary"'. PU is {quote} > pending-puts cache configuration is not started by the JPA subsystem > -------------------------------------------------------------------- > > Key: WFLY-5951 > URL: https://issues.jboss.org/browse/WFLY-5951 > Project: WildFly > Issue Type: Bug > Components: JPA / Hibernate > Reporter: Paul Ferraro > Assignee: Scott Marlow > Fix For: 10.0.0.Final > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5951) pending-puts cache configuration is not started by the JPA subsystem

by Scott Marlow (JIRA)

[ https://issues.jboss.org/browse/WFLY-5951?page=com.atlassian.jira.plugin.... ] Scott Marlow commented on WFLY-5951: ------------------------------------ In order to see the additional TRACE logging, enable TRACE for org.jboss.as.clustering.infinispan + org.jboss.as.jpa > pending-puts cache configuration is not started by the JPA subsystem > -------------------------------------------------------------------- > > Key: WFLY-5951 > URL: https://issues.jboss.org/browse/WFLY-5951 > Project: WildFly > Issue Type: Bug > Components: JPA / Hibernate > Reporter: Paul Ferraro > Assignee: Scott Marlow > Fix For: 10.0.0.Final > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5484) Calling HttpServletRequest.logout() with single sign-on enabled only works every second time

by Paul Ferraro (JIRA)

[ https://issues.jboss.org/browse/WFLY-5484?page=com.atlassian.jira.plugin.... ] Paul Ferraro commented on WFLY-5484: ------------------------------------ [~swd847] Can you have a look at this? It appears that the initial HttpServletRequest.logout() does not triggering the requisite SecurityNotification that triggers invalidation of the SSO (i.e. via the notification listener registered during authentication). > Calling HttpServletRequest.logout() with single sign-on enabled only works every second time > -------------------------------------------------------------------------------------------- > > Key: WFLY-5484 > URL: https://issues.jboss.org/browse/WFLY-5484 > Project: WildFly > Issue Type: Bug > Components: Clustering, Web (Undertow) > Reporter: Richard Janík > Assignee: Paul Ferraro > Priority: Blocker > Fix For: 10.0.0.CR5 > > Attachments: reproducer-jbeap-1282.zip > > > See "Steps to Reproduce". Logging out from an application only works every second time, e.g. HttpRequestServlet.logout() has to be called twice in order to have any effect > This doesn't occur without <single-sign-on/> enabled - logout() has the expected effect. The issue is security related, thus I'm adding our security team members as watchers. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5473) Session.invalidate() does not invalidate SSO context for non-distributable applications

by Paul Ferraro (JIRA)

[ https://issues.jboss.org/browse/WFLY-5473?page=com.atlassian.jira.plugin.... ] Paul Ferraro closed WFLY-5473. ------------------------------ Resolution: Cannot Reproduce Bug [~rjanik] I was not able to reproduce the issue against WF master using the steps provided in https://issues.jboss.org/browse/WFLY-5473?focusedCommentId=13144859&page=... Whenever I invalidate a non-distributed session, I see in the logs that the associated SSO is removed. Any subsequent requests using the same SSO are forced to reauthenticate, since the associated SSO is no longer valid. > Session.invalidate() does not invalidate SSO context for non-distributable applications > --------------------------------------------------------------------------------------- > > Key: WFLY-5473 > URL: https://issues.jboss.org/browse/WFLY-5473 > Project: WildFly > Issue Type: Bug > Components: Clustering, Web (Undertow) > Reporter: Richard Janík > Assignee: Paul Ferraro > Priority: Blocker > Fix For: 10.0.0.Final > > Attachments: reproducer.zip > > > See "Steps to Reproduce" for detailed description. > According to my limited knowledge, this was also the core issue in https://bugzilla.redhat.com/show_bug.cgi?id=924456 which has been dispatched as a one-off to a customer. Thus, I'm setting the priority to blocker as this is a regression against 6.4.x. No exceptions have been observed in the server output however. > Adding Clustering component as I've been trying this with standalone-ha.xml and BZ 924456 relates to clustering. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5951) pending-puts cache configuration is not started by the JPA subsystem

by Scott Marlow (JIRA)

[ https://issues.jboss.org/browse/WFLY-5951?page=com.atlassian.jira.plugin.... ] Scott Marlow commented on WFLY-5951: ------------------------------------ Example persistence unit {quote} <persistence-unit name="primary"> <jta-data-source>java:jboss/datasources/Hibernate4QuickstartDS</jta-data-source> <shared-cache-mode>ENABLE_SELECTIVE</shared-cache-mode> <class>org.jboss.as.quickstart.hibernate4.model.Member</class> <exclude-unlisted-classes>true</exclude-unlisted-classes> <properties> <property name="hibernate.cache.use_second_level_cache" value="true"/> <property name="hibernate.cache.use_query_cache" value="true"/> <property name="hibernate.cache.infinispan.immutable-entity.cfg" value="immutable-entity"/> <property name="hibernate.cache.infinispan.timestamps.cfg" value="timestamps"/> <property name="hibernate.cache.infinispan.pending-puts.cfg" value="pending-puts"/> </properties> </persistence-unit> {quote} > pending-puts cache configuration is not started by the JPA subsystem > -------------------------------------------------------------------- > > Key: WFLY-5951 > URL: https://issues.jboss.org/browse/WFLY-5951 > Project: WildFly > Issue Type: Bug > Components: JPA / Hibernate > Reporter: Paul Ferraro > Assignee: Scott Marlow > Fix For: 10.0.0.Final > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5473) Session.invalidate() does not invalidate SSO context for non-distributable applications

by Paul Ferraro (JIRA)

[ https://issues.jboss.org/browse/WFLY-5473?page=com.atlassian.jira.plugin.... ] Paul Ferraro edited comment on WFLY-5473 at 1/7/16 12:00 PM: ------------------------------------------------------------- My suspicion is that there is a bug in undertow's security context implementation causing both this issue and WFLY-5484 - as it appears that the initial logout is not correctly triggering the requisite SecurityNotification callback which performs the SSO invalidation. I will keep investigating, but would like [~swd847] to have a look as well. was (Author: pferraro): My suspicion is that there is a bug in undertow's security context implementation causing both this issue and WFLY-5484 - as it appears that the initial logout is not correctly triggering the requisite SecurityNotification(LOGGED_OUT). > Session.invalidate() does not invalidate SSO context for non-distributable applications > --------------------------------------------------------------------------------------- > > Key: WFLY-5473 > URL: https://issues.jboss.org/browse/WFLY-5473 > Project: WildFly > Issue Type: Bug > Components: Clustering, Web (Undertow) > Reporter: Richard Janík > Assignee: Paul Ferraro > Priority: Blocker > Fix For: 10.0.0.Final > > Attachments: reproducer.zip > > > See "Steps to Reproduce" for detailed description. > According to my limited knowledge, this was also the core issue in https://bugzilla.redhat.com/show_bug.cgi?id=924456 which has been dispatched as a one-off to a customer. Thus, I'm setting the priority to blocker as this is a regression against 6.4.x. No exceptions have been observed in the server output however. > Adding Clustering component as I've been trying this with standalone-ha.xml and BZ 924456 relates to clustering. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5473) Session.invalidate() does not invalidate SSO context for non-distributable applications

by Paul Ferraro (JIRA)

[ https://issues.jboss.org/browse/WFLY-5473?page=com.atlassian.jira.plugin.... ] Paul Ferraro commented on WFLY-5473: ------------------------------------ My suspicion is that there is a bug in undertow's security context implementation causing both this issue and WFLY-5484 - as it appears that the initial logout is not correctly triggering the requisite SecurityNotification(LOGGED_OUT). > Session.invalidate() does not invalidate SSO context for non-distributable applications > --------------------------------------------------------------------------------------- > > Key: WFLY-5473 > URL: https://issues.jboss.org/browse/WFLY-5473 > Project: WildFly > Issue Type: Bug > Components: Clustering, Web (Undertow) > Reporter: Richard Janík > Assignee: Paul Ferraro > Priority: Blocker > Fix For: 10.0.0.Final > > Attachments: reproducer.zip > > > See "Steps to Reproduce" for detailed description. > According to my limited knowledge, this was also the core issue in https://bugzilla.redhat.com/show_bug.cgi?id=924456 which has been dispatched as a one-off to a customer. Thus, I'm setting the priority to blocker as this is a regression against 6.4.x. No exceptions have been observed in the server output however. > Adding Clustering component as I've been trying this with standalone-ha.xml and BZ 924456 relates to clustering. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-402) A wrapper KeyStore that can filter by alias

by Darran Lofthouse (JIRA)

Darran Lofthouse created ELY-402: ------------------------------------ Summary: A wrapper KeyStore that can filter by alias Key: ELY-402 URL: https://issues.jboss.org/browse/ELY-402 Project: WildFly Elytron Issue Type: Feature Request Components: SSL Reporter: Darran Lofthouse Fix For: 1.1.0.Beta4 A common request is that when a server is configured for SSL the alias to use from the KeyStore can be specified - this can be a little short sighted as a huge advantage of multiple entries in a single KeyStore is that different entries can be used depending on the selected cipher suite. A better option may be to add alias filtering so a wrapper KeyStore can still make a number of underlying entries available. Alias filtering is better handled at the KeyStore level as the KeyManager should be performing additional checks to ensure the keys and signatures are compatible with the current cipher suite. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2016