January 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-1266) Incorreclty bypass the SecurityManager and call AccessControl.checkPermission() directly

by Jason Shepherd (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1266?page=com.atlassian.jira.plugi... ] Jason Shepherd updated WFCORE-1266: ----------------------------------- Steps to Reproduce: 1. Recompile jboss-modules after removing AllPermission from getAllPermissions. {code} Jasons-MacBook-Pro:jboss-modules jasonshepherd$ git branch * (HEAD detached at 1.4.4.Final) master Jasons-MacBook-Pro:jboss-modules jasonshepherd$ git diff src/main/java/org/jboss/modules/ModulesPolicy.java diff --git a/src/main/java/org/jboss/modules/ModulesPolicy.java b/src/main/java/org/jboss/modules/ModulesPolicy.java index 1b8da50..0db9345 100644 --- a/src/main/java/org/jboss/modules/ModulesPolicy.java +++ b/src/main/java/org/jboss/modules/ModulesPolicy.java @@ -39,7 +39,7 @@ final class ModulesPolicy extends Policy { private static Permissions getAllPermission() { final Permissions permissions = new Permissions(); - permissions.add(ALL_PERMISSION); + //permissions.add(ALL_PERMISSION); return permissions; } {code} 2. Remove the Throw clauses from WildflySecurityManager {code} Jasons-MacBook-Pro:wildfly-elytron jasonshepherd$ git branch * (HEAD detached at 1.0.2.Final) master Jasons-MacBook-Pro:wildfly-elytron jasonshepherd$ git diff diff --git a/src/main/java/org/wildfly/security/manager/WildFlySecurityManager.java b/src/main/java/org/wildfly/security/manager/WildFlySecurityManager.java index 379c61f..11dddff 100644 --- a/src/main/java/org/wildfly/security/manager/WildFlySecurityManager.java +++ b/src/main/java/org/wildfly/security/manager/WildFlySecurityManager.java @@ -270,7 +270,7 @@ public final class WildFlySecurityManager extends SecurityManager { } else { access.accessCheckFailed(perm, codeSource, classLoader, Arrays.toString(principals)); } - throw access.accessControlException(perm, perm, codeSource, classLoader); + //throw access.accessControlException(perm, perm, codeSource, classLoader); } } } finally { @@ -302,7 +302,7 @@ public final class WildFlySecurityManager extends SecurityManager { } else { access.accessCheckFailed(perm, codeSource, classLoader, Arrays.toString(principals)); } - throw access.accessControlException(perm, perm, codeSource, classLoader); + //throw access.accessControlException(perm, perm, codeSource, classLoader); } } } finally { @@ -1061,7 +1061,7 @@ public final class WildFlySecurityManager extends SecurityManager { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); - throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); + //throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } private static void checkEnvPropertyReadPermission(Class<?> clazz, String propertyName) { @@ -1082,7 +1082,7 @@ public final class WildFlySecurityManager extends SecurityManager { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); - throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); + //throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } private static void checkPropertyWritePermission(Class<?> clazz, String propertyName) { @@ -1103,7 +1103,7 @@ public final class WildFlySecurityManager extends SecurityManager { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); - throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); + //throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } private static void checkPDPermission(Class<?> clazz, Permission permission) { @@ -1120,7 +1120,7 @@ public final class WildFlySecurityManager extends SecurityManager { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); - throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); + //throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } /** {code} 3. Start Wildfly was: # recompile jboss-modules after removing AllPermission from getAllPermissions. {code} Jasons-MacBook-Pro:jboss-modules jasonshepherd$ git branch * (HEAD detached at 1.4.4.Final) master {code} {code} Jasons-MacBook-Pro:jboss-modules jasonshepherd$ git diff src/main/java/org/jboss/modules/ModulesPolicy.java diff --git a/src/main/java/org/jboss/modules/ModulesPolicy.java b/src/main/java/org/jboss/modules/ModulesPolicy.java index 1b8da50..0db9345 100644 --- a/src/main/java/org/jboss/modules/ModulesPolicy.java +++ b/src/main/java/org/jboss/modules/ModulesPolicy.java @@ -39,7 +39,7 @@ final class ModulesPolicy extends Policy { private static Permissions getAllPermission() { final Permissions permissions = new Permissions(); - permissions.add(ALL_PERMISSION); + //permissions.add(ALL_PERMISSION); return permissions; } {code} # Remove the Throw clauses from WildflySecurityManager {code} Jasons-MacBook-Pro:wildfly-elytron jasonshepherd$ git branch * (HEAD detached at 1.0.2.Final) master {code} {code} Jasons-MacBook-Pro:wildfly-elytron jasonshepherd$ git diff diff --git a/src/main/java/org/wildfly/security/manager/WildFlySecurityManager.java b/src/main/java/org/wildfly/security/manager/WildFlySecurityManager.java index 379c61f..11dddff 100644 --- a/src/main/java/org/wildfly/security/manager/WildFlySecurityManager.java +++ b/src/main/java/org/wildfly/security/manager/WildFlySecurityManager.java @@ -270,7 +270,7 @@ public final class WildFlySecurityManager extends SecurityManager { } else { access.accessCheckFailed(perm, codeSource, classLoader, Arrays.toString(principals)); } - throw access.accessControlException(perm, perm, codeSource, classLoader); + //throw access.accessControlException(perm, perm, codeSource, classLoader); } } } finally { @@ -302,7 +302,7 @@ public final class WildFlySecurityManager extends SecurityManager { } else { access.accessCheckFailed(perm, codeSource, classLoader, Arrays.toString(principals)); } - throw access.accessControlException(perm, perm, codeSource, classLoader); + //throw access.accessControlException(perm, perm, codeSource, classLoader); } } } finally { @@ -1061,7 +1061,7 @@ public final class WildFlySecurityManager extends SecurityManager { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); - throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); + //throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } private static void checkEnvPropertyReadPermission(Class<?> clazz, String propertyName) { @@ -1082,7 +1082,7 @@ public final class WildFlySecurityManager extends SecurityManager { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); - throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); + //throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } private static void checkPropertyWritePermission(Class<?> clazz, String propertyName) { @@ -1103,7 +1103,7 @@ public final class WildFlySecurityManager extends SecurityManager { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); - throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); + //throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } private static void checkPDPermission(Class<?> clazz, Permission permission) { @@ -1120,7 +1120,7 @@ public final class WildFlySecurityManager extends SecurityManager { return; } access.accessCheckFailed(permission, protectionDomain.getCodeSource(), classLoader); - throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); + //throw access.accessControlException(permission, permission, protectionDomain.getCodeSource(), classLoader); } /** {code} #Start Wildfly > Incorreclty bypass the SecurityManager and call AccessControl.checkPermission() directly > ---------------------------------------------------------------------------------------- > > Key: WFCORE-1266 > URL: https://issues.jboss.org/browse/WFCORE-1266 > Project: WildFly Core > Issue Type: Bug > Components: Server > Affects Versions: 2.0.5.Final > Reporter: Jason Shepherd > Assignee: Jason Shepherd > > If we modify jboss-modules to remove the allPermissions by default, then change the WildflySecurityManager to avoid throwing exceptions, we get this error when starting Wildfly: > {code} > org.jboss.msc.service.StartException in service jboss.as: Failed to start service > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.security.AccessControlException: access denied ("org.jboss.as.server.security.ServerPermission" "setCurrentServiceContainer") > at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at java.security.AccessController.checkPermission(AccessController.java:884) > at org.jboss.as.server.CurrentServiceContainer.checkPermission(CurrentServiceContainer.java:63) > at org.jboss.as.server.CurrentServiceContainer.setServiceContainer(CurrentServiceContainer.java:56) > at org.jboss.as.server.ApplicationServerService.start(ApplicationServerService.java:137) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) > ... 3 more > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (JBREM-1332) Java-level deadlock found in RMI TCP Connection in Startup log

by Ron Sigal (JIRA)

[ https://issues.jboss.org/browse/JBREM-1332?page=com.atlassian.jira.plugin... ] Ron Sigal commented on JBREM-1332: ---------------------------------- Hi Rajesh, It definitely isn't a Remoting issue. Remoting does have an RMI transport, but it isn't used in EAP 5 (or anywhere else, as far as I know). -Ron > Java-level deadlock found in RMI TCP Connection in Startup log > -------------------------------------------------------------- > > Key: JBREM-1332 > URL: https://issues.jboss.org/browse/JBREM-1332 > Project: JBoss Remoting > Issue Type: Bug > Components: general > Environment: jboss-eap-5.1 & jdk1.6.0_25 > Reporter: Rajesh Ramaswamy > > Please help me out here. Is this Jboss issue or application level issue? > Found one Java-level deadlock: > ============================= > "RMI TCP Connection(454)-3.239.221.80": > waiting to lock monitor 0x0000000050f57e18 (object 0x00000000c331e4a0, a java.util.logging.ConsoleHandler), > which is held by "RMI TCP Connection(293)-3.239.221.80" > "RMI TCP Connection(293)-3.239.221.80": > waiting to lock monitor 0x00000000469e1638 (object 0x00000000ae823070, a org.apache.log4j.spi.RootLogger), > which is held by "ajp-3.34.191.100-9909-12" > "ajp-3.34.191.100-9909-12": > waiting to lock monitor 0x00000000469de068 (object 0x00000000b0665e40, a org.jboss.logging.util.LoggerStream), > which is held by "ajp-3.34.191.100-9909-31" > "ajp-3.34.191.100-9909-31": > waiting to lock monitor 0x00000000469e1638 (object 0x00000000ae823070, a org.apache.log4j.spi.RootLogger), > which is held by "ajp-3.34.191.100-9909-12" > Java stack information for the threads listed above: > =================================================== > "RMI TCP Connection(454)-3.239.221.80": > at java.util.logging.StreamHandler.publish(StreamHandler.java:174) > - waiting to lock <0x00000000c331e4a0> (a java.util.logging.ConsoleHandler) > at java.util.logging.ConsoleHandler.publish(ConsoleHandler.java:88) > at java.util.logging.Logger.log(Logger.java:481) > at java.util.logging.Logger.doLog(Logger.java:503) > at java.util.logging.Logger.logp(Logger.java:619) > at sun.rmi.runtime.Log$LoggerLog.log(Log.java:212) > at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:732) > at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649) > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > "RMI TCP Connection(293)-3.239.221.80": > at org.apache.log4j.Category.callAppenders(Category.java:201) > - waiting to lock <0x00000000ae823070> (a org.apache.log4j.spi.RootLogger) > at org.apache.log4j.Category.forcedLog(Category.java:388) > at org.apache.log4j.Category.log(Category.java:835) > at org.jboss.logging.util.LoggerStream.write(LoggerStream.java:156) > at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:202) > at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:272) > at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:276) > at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122) > - locked <0x00000000c331eeb0> (a java.io.OutputStreamWriter) > at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212) > at java.util.logging.StreamHandler.flush(StreamHandler.java:225) > - locked <0x00000000c331e4a0> (a java.util.logging.ConsoleHandler) > at java.util.logging.ConsoleHandler.publish(ConsoleHandler.java:89) > at java.util.logging.Logger.log(Logger.java:481) > at java.util.logging.Logger.doLog(Logger.java:503) > at java.util.logging.Logger.logp(Logger.java:619) > at sun.rmi.runtime.Log$LoggerLog.log(Log.java:212) > at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:732) > at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649) > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > "ajp-3.34.191.100-9909-12": > at java.io.PrintStream.flush(PrintStream.java:285) > - waiting to lock <0x00000000b0665e40> (a org.jboss.logging.util.LoggerStream) > at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:278) > at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122) > - locked <0x00000000c563f248> (a java.io.OutputStreamWriter) > at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212) > at org.apache.log4j.helpers.QuietWriter.flush(QuietWriter.java:57) > at org.apache.log4j.WriterAppender.subAppend(WriterAppender.java:315) > at org.apache.log4j.WriterAppender.append(WriterAppender.java:159) > at org.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:230) > - locked <0x00000000c563ee20> (a org.apache.log4j.ConsoleAppender) > at org.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:65) > at org.apache.log4j.Category.callAppenders(Category.java:203) > - locked <0x00000000ae823070> (a org.apache.log4j.spi.RootLogger) > at org.apache.log4j.Category.forcedLog(Category.java:388) > at org.apache.log4j.Category.log(Category.java:835) > at org.jboss.logging.util.LoggerStream.write(LoggerStream.java:156) > at org.jboss.logging.util.LoggerStream.println(LoggerStream.java:97) > at org.exoplatform.sample.portal.web.SampleFilter.doFilter(SampleFilter.java:43) > at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:108) > at org.exoplatform.web.filter.ExtensibleFilter.doFilter(ExtensibleFilter.java:84) > at org.exoplatform.web.filter.GenericFilter.doFilter(GenericFilter.java:66) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433) > at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) > at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) > at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) > at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436) > at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:384) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) > at java.lang.Thread.run(Thread.java:662) > "ajp-3.34.191.100-9909-31": > at org.apache.log4j.Category.callAppenders(Category.java:201) > - waiting to lock <0x00000000ae823070> (a org.apache.log4j.spi.RootLogger) > at org.apache.log4j.Category.forcedLog(Category.java:388) > at org.apache.log4j.Category.log(Category.java:835) > at org.jboss.logging.util.LoggerStream.write(LoggerStream.java:156) > at org.jboss.logging.util.LoggerStream.println(LoggerStream.java:97) > at java.lang.Throwable.printStackTrace(Throwable.java:464) > - locked <0x00000000b0665e40> (a org.jboss.logging.util.LoggerStream) > at com.gewt.kc.util.library.LibraryVirtualMapping.service(LibraryVirtualMapping.java:174) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.exoplatform.frameworks.jcr.web.ThreadLocalSessionProviderInitializedFilter.doFilter(ThreadLocalSessionProviderInitializedFilter.java:116) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.exoplatform.web.CacheUserProfileFilter.doFilter(CacheUserProfileFilter.java:72) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.exoplatform.services.security.web.SetCurrentIdentityFilter.doFilter(SetCurrentIdentityFilter.java:88) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:112) > at org.exoplatform.sample.portal.web.SampleFilter.doFilter(SampleFilter.java:46) > at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:108) > at org.exoplatform.sample.portal.web.SampleFilter.doFilter(SampleFilter.java:46) > at org.exoplatform.web.filter.ExtensibleFilter$ExtensibleFilterChain.doFilter(ExtensibleFilter.java:108) > at org.exoplatform.web.filter.ExtensibleFilter.doFilter(ExtensibleFilter.java:84) > at org.exoplatform.web.filter.GenericFilter.doFilter(GenericFilter.java:66) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433) > at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) > at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) > at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) > at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436) > at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:384) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) > at java.lang.Thread.run(Thread.java:662) > Found 1 deadlock. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1266) Incorreclty bypass the SecurityManager and call AccessControl.checkPermission() directly

by Jason Shepherd (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1266?page=com.atlassian.jira.plugi... ] Jason Shepherd reassigned WFCORE-1266: -------------------------------------- Assignee: Jason Shepherd (was: Jason Greene) > Incorreclty bypass the SecurityManager and call AccessControl.checkPermission() directly > ---------------------------------------------------------------------------------------- > > Key: WFCORE-1266 > URL: https://issues.jboss.org/browse/WFCORE-1266 > Project: WildFly Core > Issue Type: Bug > Components: Server > Affects Versions: 2.0.5.Final > Reporter: Jason Shepherd > Assignee: Jason Shepherd > > If we modify jboss-modules to remove the allPermissions by default, then change the WildflySecurityManager to avoid throwing exceptions, we get this error when starting Wildfly: > {code} > org.jboss.msc.service.StartException in service jboss.as: Failed to start service > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.security.AccessControlException: access denied ("org.jboss.as.server.security.ServerPermission" "setCurrentServiceContainer") > at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at java.security.AccessController.checkPermission(AccessController.java:884) > at org.jboss.as.server.CurrentServiceContainer.checkPermission(CurrentServiceContainer.java:63) > at org.jboss.as.server.CurrentServiceContainer.setServiceContainer(CurrentServiceContainer.java:56) > at org.jboss.as.server.ApplicationServerService.start(ApplicationServerService.java:137) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) > ... 3 more > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1266) Incorreclty bypass the SecurityManager and call AccessControl.checkPermission() directly

by Jason Shepherd (JIRA)

Jason Shepherd created WFCORE-1266: -------------------------------------- Summary: Incorreclty bypass the SecurityManager and call AccessControl.checkPermission() directly Key: WFCORE-1266 URL: https://issues.jboss.org/browse/WFCORE-1266 Project: WildFly Core Issue Type: Bug Components: Server Affects Versions: 2.0.5.Final Reporter: Jason Shepherd Assignee: Jason Greene If we modify jboss-modules to remove the allPermissions by default, then change the WildflySecurityManager to avoid throwing exceptions, we get this error when starting Wildfly: {code} org.jboss.msc.service.StartException in service jboss.as: Failed to start service at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.security.AccessControlException: access denied ("org.jboss.as.server.security.ServerPermission" "setCurrentServiceContainer") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:884) at org.jboss.as.server.CurrentServiceContainer.checkPermission(CurrentServiceContainer.java:63) at org.jboss.as.server.CurrentServiceContainer.setServiceContainer(CurrentServiceContainer.java:56) at org.jboss.as.server.ApplicationServerService.start(ApplicationServerService.java:137) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) ... 3 more {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5919) Wildfly 10 CR5 Regression - Schema not added to query

by John Ament (JIRA)

[ https://issues.jboss.org/browse/WFLY-5919?page=com.atlassian.jira.plugin.... ] John Ament edited comment on WFLY-5919 at 1/4/16 7:50 PM: ---------------------------------------------------------- [~smarlow] yes, its not an issue of strings (we actually use constants here). I apologize, as I also created an issue in HHH for this with more info. The fact that switching from schema to catalog fixes it makes me think its not configuration related. The HHH issue is https://hibernate.atlassian.net/browse/HHH-10408 which was closed - rejected. While I can update my mappings to use catalog over schema, it doesn't seem consistent with prior versions of hibernate (in fact, my output shows this was working fine in 5.0.1). In addition, this may be an issue for your customers upgrading to EAP7. was (Author: meetoblivion): [~smarlow] yes, its not an issue of strings (we actually use constants here). I apologize, as I also created an issue in HHH for this with more info. The fact that switching from schema to catalog fixes it The HHH issue is https://hibernate.atlassian.net/browse/HHH-10408 which was closed - rejected. While I can update my mappings to use catalog over schema, it doesn't seem consistent with prior versions of hibernate (in fact, my output shows this was working fine in 5.0.1). In addition, this may be an issue for your customers upgrading to EAP7. > Wildfly 10 CR5 Regression - Schema not added to query > ----------------------------------------------------- > > Key: WFLY-5919 > URL: https://issues.jboss.org/browse/WFLY-5919 > Project: WildFly > Issue Type: Bug > Components: JPA / Hibernate > Affects Versions: 10.0.0.CR5 > Reporter: John Ament > Assignee: Scott Marlow > > My app, working fine in Wildfly 9.0.2 now fails in 10.0.0.CR5 (it was fine in earlier CR's) > {code} > 2016-01-03 08:30:43,626 WARN [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService Thread Pool -- 87) SQL Error: 1046, SQLState: 3D000 > 2016-01-03 08:30:43,626 ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService Thread Pool -- 87) No database selected > 2016-01-03 08:30:43,627 INFO [org.hibernate.event.internal.DefaultLoadEventListener] (ServerService Thread Pool -- 87) HHH000327: Error performing load command : org.hibernate.exception.GenericJDBCException: could not extract ResultSet > {code} > I turned on query debug, and the query being generated is now skipping the schema name defined in my entity's schema (I'm using MySQL) > The config looks like this > {code} > @Table(name = "types", schema = "config") > {code} > I have an orm.xml file, I tried removing the default schema stanza without luck. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5919) Wildfly 10 CR5 Regression - Schema not added to query

by John Ament (JIRA)

[ https://issues.jboss.org/browse/WFLY-5919?page=com.atlassian.jira.plugin.... ] John Ament commented on WFLY-5919: ---------------------------------- [~smarlow] yes, its not an issue of strings (we actually use constants here). I apologize, as I also created an issue in HHH for this with more info. The fact that switching from schema to catalog fixes it The HHH issue is https://hibernate.atlassian.net/browse/HHH-10408 which was closed - rejected. While I can update my mappings to use catalog over schema, it doesn't seem consistent with prior versions of hibernate (in fact, my output shows this was working fine in 5.0.1). In addition, this may be an issue for your customers upgrading to EAP7. > Wildfly 10 CR5 Regression - Schema not added to query > ----------------------------------------------------- > > Key: WFLY-5919 > URL: https://issues.jboss.org/browse/WFLY-5919 > Project: WildFly > Issue Type: Bug > Components: JPA / Hibernate > Affects Versions: 10.0.0.CR5 > Reporter: John Ament > Assignee: Scott Marlow > > My app, working fine in Wildfly 9.0.2 now fails in 10.0.0.CR5 (it was fine in earlier CR's) > {code} > 2016-01-03 08:30:43,626 WARN [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService Thread Pool -- 87) SQL Error: 1046, SQLState: 3D000 > 2016-01-03 08:30:43,626 ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService Thread Pool -- 87) No database selected > 2016-01-03 08:30:43,627 INFO [org.hibernate.event.internal.DefaultLoadEventListener] (ServerService Thread Pool -- 87) HHH000327: Error performing load command : org.hibernate.exception.GenericJDBCException: could not extract ResultSet > {code} > I turned on query debug, and the query being generated is now skipping the schema name defined in my entity's schema (I'm using MySQL) > The config looks like this > {code} > @Table(name = "types", schema = "config") > {code} > I have an orm.xml file, I tried removing the default schema stanza without luck. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5928) Intermittent NPE registering a slave HC in mixed-domain test suite

by Brian Stansberry (JIRA)

Brian Stansberry created WFLY-5928: -------------------------------------- Summary: Intermittent NPE registering a slave HC in mixed-domain test suite Key: WFLY-5928 URL: https://issues.jboss.org/browse/WFLY-5928 Project: WildFly Issue Type: Bug Components: Domain Management, Test Suite Affects Versions: 10.0.0.CR4 Reporter: Brian Stansberry Assignee: Brian Stansberry I've occasionally seen test failures in the mixed domain tests when a testsuite cannot start because the slave HC can't register due to an NPE on the master: For example: http://brontes.lab.eng.brq.redhat.com/viewLog.html?buildId=82653&tab=buil... Critical log details: {code}&amp#27;[0m16:16:15,252 INFO [org.jboss.modules] (main) JBoss Modules version 1.3.3.Final-redhat-1 &amp#27;[0m&amp#27;[0m16:16:15,363 INFO [org.jboss.as.process.Host Controller.status] (main) JBAS012017: Starting process 'Host Controller' &amp#27;[0m[Host Controller] &amp#27;[0m16:16:15,871 INFO [org.jboss.modules] (main) JBoss Modules version 1.3.3.Final-redhat-1&amp#27;[0m [Host Controller] &amp#27;[0m&amp#27;[0m16:16:16,015 INFO [org.jboss.msc] (main) JBoss MSC version 1.1.5.Final-redhat-1&amp#27;[0m [Host Controller] &amp#27;[0m&amp#27;[0m16:16:16,068 INFO [org.jboss.as] (MSC service thread 1-4) JBAS015899: JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19) starting&amp#27;[0m [Host Controller] &amp#27;[0m&amp#27;[0m16:16:16,625 INFO [org.xnio] (MSC service thread 1-2) XNIO Version 3.0.10.GA-redhat-1&amp#27;[0m [Host Controller] &amp#27;[0m&amp#27;[0m16:16:16,629 INFO [org.xnio.nio] (MSC service thread 1-2) XNIO NIO Implementation Version 3.0.10.GA-redhat-1&amp#27;[0m [Host Controller] &amp#27;[0m&amp#27;[0m16:16:16,657 INFO [org.jboss.remoting] (MSC service thread 1-2) JBoss Remoting version (unknown)&amp#27;[0m [Host Controller] &amp#27;[0m&amp#27;[0m16:16:16,705 INFO [org.jboss.as.remoting] (MSC service thread 1-2) JBAS017100: Listening on [::1]:19999&amp#27;[0m INFO [org.jboss.as.test.integration.domain.management.util.DomainLifecycleUtil] ServerIdentity{name=server-one, host=slave, server-group=other-server-group} status is starting [Host Controller] &amp#27;[0m&amp#27;[31m16:16:17,913 ERROR [org.jboss.as.controller.management-operation] (Host Controller Service Threads - 50) WFLYCTL0013: Operation ("read-master-domain-model") failed - address: ([]): java.lang.NullPointerException&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.registry.OperationTransformerRegistry$1.getResourceTransformer(OperationTransformerRegistry.java:83)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.transform.ResourceTransformationContextImpl.resolveTransformer(ResourceTransformationContextImpl.java:235)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.transform.ResourceTransformationContextImpl.processChild(ResourceTransformationContextImpl.java:285)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.transform.ResourceTransformationContextImpl.processChildren(ResourceTransformationContextImpl.java:254)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.transform.ResourceTransformer$1.transformResource(ResourceTransformer.java:53)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.transform.description.TransformingDescription$3.invokeNext(TransformingDescription.java:161)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.transform.description.AttributeTransformationRule.transformResource(AttributeTransformationRule.java:103)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.transform.description.TransformingDescription.transformResource(TransformingDescription.java:167)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.transform.ResourceTransformationContextImpl.processChild(ResourceTransformationContextImpl.java:289)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.transform.ResourceTransformationContextImpl.processChildren(ResourceTransformationContextImpl.java:254)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.transform.ResourceTransformer$1.transformResource(ResourceTransformer.java:53)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.transform.TransformersImpl.transformRootResource(TransformersImpl.java:115)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.domain.controller.operations.ReadMasterDomainModelUtil.readMasterDomainResourcesForInitialConnect(ReadMasterDomainModelUtil.java:88)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.domain.controller.operations.ReadDomainModelHandler.execute(ReadDomainModelHandler.java:51)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:890)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:659)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:370)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1343)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:395)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.controller.AbstractControllerService.internalExecute(AbstractControllerService.java:408)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.host.controller.DomainModelControllerService.access$900(DomainModelControllerService.java:175)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.host.controller.DomainModelControllerService$InternalExecutor.execute(DomainModelControllerService.java:1229)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.host.controller.mgmt.HostControllerRegistrationHandler$RegistrationContext.processRegistration(HostControllerRegistrationHandler.java:424)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.host.controller.mgmt.HostControllerRegistrationHandler$RegistrationContext.access$400(HostControllerRegistrationHandler.java:334)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.host.controller.mgmt.HostControllerRegistrationHandler$InitiateRegistrationHandler$1.execute(HostControllerRegistrationHandler.java:230)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.protocol.mgmt.AbstractMessageHandler$ManagementRequestContextImpl$1.doExecute(AbstractMessageHandler.java:363)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:465)&amp#27;[0m [Host Controller] &amp#27;[31m at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)&amp#27;[0m [Host Controller] &amp#27;[31m at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)&amp#27;[0m [Host Controller] &amp#27;[31m at java.lang.Thread.run(Thread.java:745)&amp#27;[0m [Host Controller] &amp#27;[31m at org.jboss.threads.JBossThread.run(JBossThread.java:320)&amp#27;[0m [Host Controller] &amp#27;[31m&amp#27;[0m [Host Controller] &amp#27;[0m&amp#27;[33m16:16:17,935 WARN [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010900: Could not connect to remote domain controller at remote://[::1]:9999 -- 1-$-WFLYCTL0158: Operation handler failed: java.lang.NullPointerException&amp#27;[0m [Host Controller] &amp#27;[33m&amp#27;[0m&amp#27;[33m16:16:17,936 WARN [org.jboss.as.host.controller] (Controller Boot Thread) JBAS016581: No domain controller discovery options remain.&amp#27;[0m [Host Controller] &amp#27;[33m&amp#27;[0m&amp#27;[31m16:16:17,939 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010901: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: JBAS016519: Tried all domain controller discovery option(s) but unable to connect&amp#27;[0m {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1263) MBeanServer.queryMBeans will include the ObjectInstance for the root mbean for the jboss.as[.expr] JMX domains

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1263?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-1263: ------------------------------------- Git Pull Request: https://github.com/wildfly/wildfly-core/pull/1338 (was: https://github.com/wildfly/wildfly-core/pull/1335) > MBeanServer.queryMBeans will include the ObjectInstance for the root mbean for the jboss.as[.expr] JMX domains > -------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-1263 > URL: https://issues.jboss.org/browse/WFCORE-1263 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, JMX > Affects Versions: 2.0.5.Final > Reporter: Brian Stansberry > Assignee: Brian Stansberry > Priority: Minor > > ModelControllerMBeanHelper.queryMBeans is incorrectly checking for the presence of the root mbean by seeing if a Set<ObjectInstance> contains an ObjectName. Wrong type. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5926) org.wildfly.bom tag for version 10.0.0.CR5

by Tomaz Cerar (JIRA)

[ https://issues.jboss.org/browse/WFLY-5926?page=com.atlassian.jira.plugin.... ] Tomaz Cerar resolved WFLY-5926. ------------------------------- Fix Version/s: 10.0.0.CR5 Resolution: Done > org.wildfly.bom tag for version 10.0.0.CR5 > ------------------------------------------ > > Key: WFLY-5926 > URL: https://issues.jboss.org/browse/WFLY-5926 > Project: WildFly > Issue Type: Task > Affects Versions: 10.0.0.CR5 > Reporter: Leandro Kersting de Freitas > Assignee: Tomaz Cerar > Labels: bom, maven > Fix For: 10.0.0.CR5 > > > Hi > I am waiting for the artifact release 10.0.0.CR5 of org.wildfly.bom "wildfly-javaee7" and "wildfly-javaee7-with-tools", but it seems that has not been created yet. > {code:xml} > <dependency> > <groupId>org.wildfly.bom</groupId> > <artifactId>wildfly-javaee7</artifactId> > <version>10.0.0.CR5</version> > <type>pom</type> > <scope>import</scope> > </dependency> > <dependency> > <groupId>org.wildfly.bom</groupId> > <artifactId>wildfly-javaee7-with-tools</artifactId> > <version>10.0.0.CR5</version> > <type>pom</type> > <scope>import</scope> > </dependency> > {code} > org.wildfly.bom is deprecated for 10.0.0.CR5 or after? > https://github.com/wildfly/boms/issues/17 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5918) ServletContext.getResourceAsStream fails on windows

by Alban Chadenas (JIRA)

[ https://issues.jboss.org/browse/WFLY-5918?page=com.atlassian.jira.plugin.... ] Alban Chadenas commented on WFLY-5918: -------------------------------------- Hi Stuart, I can confirm that applying your patch in the latest CR5 release fixes this issue. I am using 'junction' (symbolic links) in Windows which seems to have been causing this issue. > ServletContext.getResourceAsStream fails on windows > --------------------------------------------------- > > Key: WFLY-5918 > URL: https://issues.jboss.org/browse/WFLY-5918 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 10.0.0.CR5 > Environment: Wildfly 10.0.0 CR5 > Windows 7 > JDK 1.8_66 64Bit > Reporter: Alban Chadenas > Assignee: Stuart Douglas > > Struts 1 ActionServlet fails to initialize with latest Wildfly 10.0.0 CR5 though it was working fine on the previous CR4 release. The failure occurs when Servlet tries to read the /WEB-INF/web.xml inside my web application. > Looking at the struts source code, getServletContext().getResourceAsStream("/WEB-INF/web.xml") returns null during the Servlet initialization. > *problem only occurs when server is started from path that is not case equal to real path on file system.* -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2016