October 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-7339) Add an option to delete messages from a jms queue.

by Ingo Weiss (JIRA)

[ https://issues.jboss.org/browse/WFLY-7339?page=com.atlassian.jira.plugin.... ] Ingo Weiss reassigned WFLY-7339: -------------------------------- Assignee: Harald Pehl (was: Jeff Mesnil) > Add an option to delete messages from a jms queue. > -------------------------------------------------- > > Key: WFLY-7339 > URL: https://issues.jboss.org/browse/WFLY-7339 > Project: WildFly > Issue Type: Enhancement > Components: Web Console > Affects Versions: 10.1.0.Final > Reporter: Filippe Spolti > Assignee: Harald Pehl > Priority: Minor > > Actually there is no way to do this on admin console, only through CLI. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7339) Add an option to delete messages from a jms queue.

by Filippe Spolti (JIRA)

[ https://issues.jboss.org/browse/WFLY-7339?page=com.atlassian.jira.plugin.... ] Filippe Spolti updated WFLY-7339: --------------------------------- Component/s: Web Console (was: JMS) > Add an option to delete messages from a jms queue. > -------------------------------------------------- > > Key: WFLY-7339 > URL: https://issues.jboss.org/browse/WFLY-7339 > Project: WildFly > Issue Type: Enhancement > Components: Web Console > Affects Versions: 10.1.0.Final > Reporter: Filippe Spolti > Assignee: Jeff Mesnil > Priority: Minor > > Actually there is no way to do this on admin console, only through CLI. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7340) Unable to configure Krb5LoginModule options in elytron kerberos implementation

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-7340?page=com.atlassian.jira.plugin.... ] Martin Choma moved JBEAP-6481 to WFLY-7340: ------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-7340 (was: JBEAP-6481) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) Affects Version/s: 11.0.0.Alpha1 (was: 7.1.0.DR6) > Unable to configure Krb5LoginModule options in elytron kerberos implementation > ------------------------------------------------------------------------------ > > Key: WFLY-7340 > URL: https://issues.jboss.org/browse/WFLY-7340 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Martin Choma > Priority: Blocker > > Krb5LoginModule options are not configurable. I mean there are some of them exposed (debug, keytab, acceptor/initiator), but not all. In my opinion, sooner or later customers will hunt us to provide all of them. Because there are various use-cases out there needing to tweak kerberos configuration somehow. Legacy KerberosLoginModule exposed these options https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-appli... > {code:java} > if (debug) { > options.put("debug", "true"); > } > options.put("principal", principal); > final AppConfigurationEntry ace; > if (IS_IBM) { > options.put("noAddress", "true"); > options.put("credsType", isServer ? "acceptor" : "initiator"); > options.put("useKeytab", keyTab.toURI().toURL().toString()); > ace = new AppConfigurationEntry(IBMKRB5LoginModule, REQUIRED, options); > } else { > options.put("storeKey", "true"); > options.put("useKeyTab", "true"); > options.put("keyTab", keyTab.getAbsolutePath()); > options.put("isInitiator", isServer ? "false" : "true"); > ace = new AppConfigurationEntry(KRB5LoginModule, REQUIRED, options); > } > {code} > * http://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/s... > * https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7339) Add an option to delete messages from a jms queue.

by Filippe Spolti (JIRA)

[ https://issues.jboss.org/browse/WFLY-7339?page=com.atlassian.jira.plugin.... ] Filippe Spolti updated WFLY-7339: --------------------------------- Description: Actually there is no way to do this on admin console, only through CLI. > Add an option to delete messages from a jms queue. > -------------------------------------------------- > > Key: WFLY-7339 > URL: https://issues.jboss.org/browse/WFLY-7339 > Project: WildFly > Issue Type: Enhancement > Components: JMS > Affects Versions: 10.1.0.Final > Reporter: Filippe Spolti > Assignee: Jeff Mesnil > Priority: Minor > > Actually there is no way to do this on admin console, only through CLI. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7339) Add an option to delete messages from a jms queue.

by Filippe Spolti (JIRA)

Filippe Spolti created WFLY-7339: ------------------------------------ Summary: Add an option to delete messages from a jms queue. Key: WFLY-7339 URL: https://issues.jboss.org/browse/WFLY-7339 Project: WildFly Issue Type: Enhancement Components: JMS Affects Versions: 10.1.0.Final Reporter: Filippe Spolti Assignee: Jeff Mesnil Priority: Minor -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7338) Logstash TCP-Input throws "Bad record MAC" when trying to connect with WildFly over SSL/TLS

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/WFLY-7338?page=com.atlassian.jira.plugin.... ] David Lloyd reassigned WFLY-7338: --------------------------------- Assignee: James Perkins (was: Jason Greene) > Logstash TCP-Input throws "Bad record MAC" when trying to connect with WildFly over SSL/TLS > ------------------------------------------------------------------------------------------- > > Key: WFLY-7338 > URL: https://issues.jboss.org/browse/WFLY-7338 > Project: WildFly > Issue Type: Bug > Affects Versions: 10.0.0.Final, 10.1.0.Final > Reporter: Patrick Kleindienst > Assignee: James Perkins > Labels: jboss, logging, ssl > > I use the jboss-logmanger-ext library for transfering log records to Logstash over a secure socket. For that purpose, my Logstash TCP-Input config authenticates with WildFly by means of a self-signed certificate. However, some time after SSL handshake has started, the following exception is thrown: > {code:java} > LogManager error of type FLUSH_FAILURE: Error on flush > java.net.SocketException: Socket is closed > at sun.security.ssl.SSLSocketImpl.getOutputStream(SSLSocketImpl.java:2240) > at org.jboss.logmanager.handlers.TcpOutputStream.flush(TcpOutputStream.java:210) > at org.jboss.logmanager.handlers.UninterruptibleOutputStream.flush(UninterruptibleOutputStream.java:110) > at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:297) > at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141) > at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229) > at org.jboss.logmanager.ext.handlers.SocketHandler.safeFlush(SocketHandler.java:340) > at org.jboss.logmanager.ext.handlers.SocketHandler.flush(SocketHandler.java:169) > at org.jboss.logmanager.ExtHandler.doPublish(ExtHandler.java:104) > at org.jboss.logmanager.ext.handlers.SocketHandler.doPublish(SocketHandler.java:159) > at org.jboss.logmanager.ExtHandler.publish(ExtHandler.java:76) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:314) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) > at org.jboss.logmanager.Logger.logRaw(Logger.java:850) > at org.jboss.logmanager.Logger.log(Logger.java:596) > at org.jboss.stdio.AbstractLoggingWriter.write(AbstractLoggingWriter.java:71) > at org.jboss.stdio.WriterOutputStream.finish(WriterOutputStream.java:143) > at org.jboss.stdio.WriterOutputStream.flush(WriterOutputStream.java:164) > at java.io.PrintStream.write(PrintStream.java:482) > at org.jboss.stdio.StdioContext$DelegatingPrintStream.write(StdioContext.java:264) > at java.io.PrintStream.write(PrintStream.java:480) > at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) > at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291) > at sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:104) > at java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:185) > at java.io.PrintStream.newLine(PrintStream.java:546) > at java.io.PrintStream.println(PrintStream.java:696) > at sun.misc.HexDumpEncoder.encodeLineSuffix(HexDumpEncoder.java:116) > at sun.misc.CharacterEncoder.encodeBuffer(CharacterEncoder.java:297) > at sun.security.ssl.CipherBox.encrypt(CipherBox.java:306) > at sun.security.ssl.OutputRecord.encrypt(OutputRecord.java:264) > at sun.security.ssl.SSLSocketImpl.writeRecordInternal(SSLSocketImpl.java:859) > at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:847) > at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) > at org.jboss.logmanager.handlers.TcpOutputStream.write(TcpOutputStream.java:182) > at org.jboss.logmanager.handlers.UninterruptibleOutputStream.write(UninterruptibleOutputStream.java:84) > at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) > at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291) > at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295) > at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141) > at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229) > at org.jboss.logmanager.ext.handlers.SocketHandler.safeFlush(SocketHandler.java:340) > at org.jboss.logmanager.ext.handlers.SocketHandler.flush(SocketHandler.java:169) > at org.jboss.logmanager.ExtHandler.doPublish(ExtHandler.java:104) > at org.jboss.logmanager.ext.handlers.SocketHandler.doPublish(SocketHandler.java:159) > at org.jboss.logmanager.ExtHandler.publish(ExtHandler.java:76) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:314) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) > at org.jboss.logmanager.Logger.logRaw(Logger.java:850) > at org.jboss.logmanager.Logger.log(Logger.java:802) > at org.jboss.logging.JBossLogManagerLogger.doLogf(JBossLogManagerLogger.java:53) > at org.jboss.logging.Logger.logf(Logger.java:2398) > at org.jboss.msc.service.ServiceLogger_$logger.greeting(ServiceLogger_$logger.java:65) > at org.jboss.msc.service.ServiceContainerImpl.<clinit>(ServiceContainerImpl.java:93) > at org.jboss.msc.service.ServiceContainer$Factory.create(ServiceContainer.java:258) > at org.jboss.as.server.BootstrapImpl$ShutdownHook.register(BootstrapImpl.java:214) > {code} > > On the Logstash side, the following error message appears in the logs: > {code} > :message=>"An error occurred. Closing connection", :exception=>#<IOError: bad record MAC> > {code} > Afterwards, WildFly hangs forever without deploying my webapp or doing anything else. Before that happens, the handshake goes through these phases: > * *** ClientHello, TLSv1.2 > * *** ServerHello, TLSv1.2 > * %% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] > * Found trusted certificate > * *** ECDH ServerKeyExchange > * *** ServerHelloDone > * *** ECDHClientKeyExchange > * SESSION KEYGEN: > * CONNECTION KEYGEN: > * *** Finished > > When disabling SSL both on WildFly and Logstash side, everything works fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7338) Logstash TCP-Input throws "Bad record MAC" when trying to connect with WildFly over SSL/TLS

by Patrick Kleindienst (JIRA)

[ https://issues.jboss.org/browse/WFLY-7338?page=com.atlassian.jira.plugin.... ] Patrick Kleindienst updated WFLY-7338: -------------------------------------- Steps to Reproduce: # Created self-signed Logstash cert with OpenSSL: openssl req -x509 -newkey rsa:4096 -keyout logstash_ssl.key -out logstash_ssl.crt -nodes -days 365 # Configured Logstash TCP input to use generated cert and key: {code} input { tcp { port => 12202 codec => "json" ssl_enable => true ssl_cert => "/path/to/logstash_ssl.crt" ssl_key => "/path/to/logstash_ssl.key" ssl_verify => false } } {code} # Imported cert into a new truststore: keytool -import -alias mycert -file mycert.cer -keystore logstashTruststore # Added jboss-logmanager-ext to modules # Configured SocketHandler in standalone.xml as follows (formatter config is omitted): <custom-handler name="LOGSTASH" class="org.jboss.logmanager.ext.handlers.SocketHandler" module="log.logmanager-ext"> <level name="DEBUG"/> <formatter> <named-formatter name="LOGSTASH-FORMATTER"/> </formatter> <properties> <property name="hostname" value="192.168.144.101"/> <property name="port" value="12202"/> <property name="protocol" value="SSL_TCP"/> </properties> </custom-handler> # Added truststore path as well as password to VM options: -Djavax.net.ssl.trustStore=/path/to/logstashTruststore -Djavax.net.ssl.trustStorePassword="mypassword" # related versions: * JDK 1.8.0_11 and 1.8.0_101 * WildFly 10.1.0 and 10.0.0 * Logstash 2.1.3 (same behavior with latest Logstash 5.0) was: # Created self-signed Logstash cert with OpenSSL: openssl req -x509 -newkey rsa:4096 -keyout logstash_ssl.key -out logstash_ssl.crt -nodes -days 365 # Configured Logstash TCP input to use generated cert and key: {code} input { tcp { port => 12202 codec => "json" ssl_enable => true ssl_cert => "/path/to/logstash_ssl.crt" ssl_key => "/path/to/logstash_ssl.key" ssl_verify => false } } {code} # Imported cert into a new truststore: keytool -import -alias mycert -file mycert.cer -keystore logstashTruststore # Added jboss-logmanager-ext to modules # Configured SocketHandler in standalone.xml as follows (formatter config is omitted): <custom-handler name="LOGSTASH" class="org.jboss.logmanager.ext.handlers.SocketHandler" module="log.logmanager-ext"> <level name="DEBUG"/> <formatter> <named-formatter name="LOGSTASH-FORMATTER"/> </formatter> <properties> <property name="hostname" value="192.168.144.101"/> <property name="port" value="12202"/> <property name="protocol" value="SSL_TCP"/> </properties> </custom-handler> # Added truststore path as well as password to VM options: -Djavax.net.ssl.trustStore=/path/to/logstashTruststore -Djavax.net.ssl.trustStorePassword="mypassword" # related versions: * JDK 1.8.0_11 and 1.8.0_101 * WildFly 10.1.0 and 10.0.0 * Logstash 2.1.3 (same behavior with latest Logstash 5.0) > Logstash TCP-Input throws "Bad record MAC" when trying to connect with WildFly over SSL/TLS > ------------------------------------------------------------------------------------------- > > Key: WFLY-7338 > URL: https://issues.jboss.org/browse/WFLY-7338 > Project: WildFly > Issue Type: Bug > Affects Versions: 10.0.0.Final, 10.1.0.Final > Reporter: Patrick Kleindienst > Assignee: Jason Greene > Labels: jboss, logging, ssl > > I use the jboss-logmanger-ext library for transfering log records to Logstash over a secure socket. For that purpose, my Logstash TCP-Input config authenticates with WildFly by means of a self-signed certificate. However, some time after SSL handshake has started, the following exception is thrown: > {code:java} > LogManager error of type FLUSH_FAILURE: Error on flush > java.net.SocketException: Socket is closed > at sun.security.ssl.SSLSocketImpl.getOutputStream(SSLSocketImpl.java:2240) > at org.jboss.logmanager.handlers.TcpOutputStream.flush(TcpOutputStream.java:210) > at org.jboss.logmanager.handlers.UninterruptibleOutputStream.flush(UninterruptibleOutputStream.java:110) > at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:297) > at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141) > at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229) > at org.jboss.logmanager.ext.handlers.SocketHandler.safeFlush(SocketHandler.java:340) > at org.jboss.logmanager.ext.handlers.SocketHandler.flush(SocketHandler.java:169) > at org.jboss.logmanager.ExtHandler.doPublish(ExtHandler.java:104) > at org.jboss.logmanager.ext.handlers.SocketHandler.doPublish(SocketHandler.java:159) > at org.jboss.logmanager.ExtHandler.publish(ExtHandler.java:76) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:314) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) > at org.jboss.logmanager.Logger.logRaw(Logger.java:850) > at org.jboss.logmanager.Logger.log(Logger.java:596) > at org.jboss.stdio.AbstractLoggingWriter.write(AbstractLoggingWriter.java:71) > at org.jboss.stdio.WriterOutputStream.finish(WriterOutputStream.java:143) > at org.jboss.stdio.WriterOutputStream.flush(WriterOutputStream.java:164) > at java.io.PrintStream.write(PrintStream.java:482) > at org.jboss.stdio.StdioContext$DelegatingPrintStream.write(StdioContext.java:264) > at java.io.PrintStream.write(PrintStream.java:480) > at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) > at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291) > at sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:104) > at java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:185) > at java.io.PrintStream.newLine(PrintStream.java:546) > at java.io.PrintStream.println(PrintStream.java:696) > at sun.misc.HexDumpEncoder.encodeLineSuffix(HexDumpEncoder.java:116) > at sun.misc.CharacterEncoder.encodeBuffer(CharacterEncoder.java:297) > at sun.security.ssl.CipherBox.encrypt(CipherBox.java:306) > at sun.security.ssl.OutputRecord.encrypt(OutputRecord.java:264) > at sun.security.ssl.SSLSocketImpl.writeRecordInternal(SSLSocketImpl.java:859) > at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:847) > at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) > at org.jboss.logmanager.handlers.TcpOutputStream.write(TcpOutputStream.java:182) > at org.jboss.logmanager.handlers.UninterruptibleOutputStream.write(UninterruptibleOutputStream.java:84) > at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) > at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291) > at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295) > at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141) > at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229) > at org.jboss.logmanager.ext.handlers.SocketHandler.safeFlush(SocketHandler.java:340) > at org.jboss.logmanager.ext.handlers.SocketHandler.flush(SocketHandler.java:169) > at org.jboss.logmanager.ExtHandler.doPublish(ExtHandler.java:104) > at org.jboss.logmanager.ext.handlers.SocketHandler.doPublish(SocketHandler.java:159) > at org.jboss.logmanager.ExtHandler.publish(ExtHandler.java:76) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:314) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) > at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) > at org.jboss.logmanager.Logger.logRaw(Logger.java:850) > at org.jboss.logmanager.Logger.log(Logger.java:802) > at org.jboss.logging.JBossLogManagerLogger.doLogf(JBossLogManagerLogger.java:53) > at org.jboss.logging.Logger.logf(Logger.java:2398) > at org.jboss.msc.service.ServiceLogger_$logger.greeting(ServiceLogger_$logger.java:65) > at org.jboss.msc.service.ServiceContainerImpl.<clinit>(ServiceContainerImpl.java:93) > at org.jboss.msc.service.ServiceContainer$Factory.create(ServiceContainer.java:258) > at org.jboss.as.server.BootstrapImpl$ShutdownHook.register(BootstrapImpl.java:214) > {code} > > On the Logstash side, the following error message appears in the logs: > {code} > :message=>"An error occurred. Closing connection", :exception=>#<IOError: bad record MAC> > {code} > Afterwards, WildFly hangs forever without deploying my webapp or doing anything else. Before that happens, the handshake goes through these phases: > * *** ClientHello, TLSv1.2 > * *** ServerHello, TLSv1.2 > * %% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] > * Found trusted certificate > * *** ECDH ServerKeyExchange > * *** ServerHelloDone > * *** ECDHClientKeyExchange > * SESSION KEYGEN: > * CONNECTION KEYGEN: > * *** Finished > > When disabling SSL both on WildFly and Logstash side, everything works fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-673) Empty result of password search in Elytron ldap-realm causes NPE

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-673?page=com.atlassian.jira.plugin.sy... ] Jan Kalina reassigned ELY-673: ------------------------------ Assignee: Ilia Vassilev (was: Jan Kalina) > Empty result of password search in Elytron ldap-realm causes NPE > ---------------------------------------------------------------- > > Key: ELY-673 > URL: https://issues.jboss.org/browse/ELY-673 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Reporter: Ondrej Lukas > Assignee: Ilia Vassilev > > In case when Elytron ldap-realm is configured to return some attribute as password (i.e. direct verification is set to false) and LDAP search does not find this attribute, then NPE occurs. > It is caused by missing null check for {{attribute}} in [1]. > Exception thrown to server log: > {code} > ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /print-roles/protected/printRoles: java.lang.NullPointerException > at org.wildfly.security.auth.realm.ldap.UserPasswordCredentialLoader$ForIdentityLoader.getCredential(UserPasswordCredentialLoader.java:130) > at org.wildfly.security.auth.realm.ldap.UserPasswordCredentialLoader$ForIdentityLoader.verifyEvidence(UserPasswordCredentialLoader.java:151) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:531) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1634) > at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:654) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:818) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:752) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:850) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:703) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) > at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authenticate(UsernamePasswordAuthenticationMechanism.java:69) > at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:151) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:106) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:90) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:74) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:82) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:207) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:810) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} > [1] https://github.com/wildfly-security/wildfly-elytron/blob/cb57f2f0ffcdb147... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-673) Empty result of password search in Elytron ldap-realm causes NPE

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-673?page=com.atlassian.jira.plugin.sy... ] Jan Kalina commented on ELY-673: -------------------------------- no problem, if you are already working on it, I will assign it to you > Empty result of password search in Elytron ldap-realm causes NPE > ---------------------------------------------------------------- > > Key: ELY-673 > URL: https://issues.jboss.org/browse/ELY-673 > Project: WildFly Elytron > Issue Type: Bug > Components: Realms > Reporter: Ondrej Lukas > Assignee: Jan Kalina > > In case when Elytron ldap-realm is configured to return some attribute as password (i.e. direct verification is set to false) and LDAP search does not find this attribute, then NPE occurs. > It is caused by missing null check for {{attribute}} in [1]. > Exception thrown to server log: > {code} > ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /print-roles/protected/printRoles: java.lang.NullPointerException > at org.wildfly.security.auth.realm.ldap.UserPasswordCredentialLoader$ForIdentityLoader.getCredential(UserPasswordCredentialLoader.java:130) > at org.wildfly.security.auth.realm.ldap.UserPasswordCredentialLoader$ForIdentityLoader.verifyEvidence(UserPasswordCredentialLoader.java:151) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:531) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1634) > at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:654) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:818) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:752) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:850) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:703) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) > at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authenticate(UsernamePasswordAuthenticationMechanism.java:69) > at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:151) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:106) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:90) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:74) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:82) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:207) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:810) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} > [1] https://github.com/wildfly-security/wildfly-elytron/blob/cb57f2f0ffcdb147... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7338) Logstash TCP-Input throws "Bad record MAC" when trying to connect with WildFly over SSL/TLS

by Patrick Kleindienst (JIRA)

Patrick Kleindienst created WFLY-7338: ----------------------------------------- Summary: Logstash TCP-Input throws "Bad record MAC" when trying to connect with WildFly over SSL/TLS Key: WFLY-7338 URL: https://issues.jboss.org/browse/WFLY-7338 Project: WildFly Issue Type: Bug Affects Versions: 10.1.0.Final, 10.0.0.Final Reporter: Patrick Kleindienst Assignee: Jason Greene I use the jboss-logmanger-ext library for transfering log records to Logstash over a secure socket. For that purpose, my Logstash TCP-Input config authenticates with WildFly by means of a self-signed certificate. However, some time after SSL handshake has started, the following exception is thrown: {code:java} LogManager error of type FLUSH_FAILURE: Error on flush java.net.SocketException: Socket is closed at sun.security.ssl.SSLSocketImpl.getOutputStream(SSLSocketImpl.java:2240) at org.jboss.logmanager.handlers.TcpOutputStream.flush(TcpOutputStream.java:210) at org.jboss.logmanager.handlers.UninterruptibleOutputStream.flush(UninterruptibleOutputStream.java:110) at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:297) at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229) at org.jboss.logmanager.ext.handlers.SocketHandler.safeFlush(SocketHandler.java:340) at org.jboss.logmanager.ext.handlers.SocketHandler.flush(SocketHandler.java:169) at org.jboss.logmanager.ExtHandler.doPublish(ExtHandler.java:104) at org.jboss.logmanager.ext.handlers.SocketHandler.doPublish(SocketHandler.java:159) at org.jboss.logmanager.ExtHandler.publish(ExtHandler.java:76) at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:314) at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) at org.jboss.logmanager.Logger.logRaw(Logger.java:850) at org.jboss.logmanager.Logger.log(Logger.java:596) at org.jboss.stdio.AbstractLoggingWriter.write(AbstractLoggingWriter.java:71) at org.jboss.stdio.WriterOutputStream.finish(WriterOutputStream.java:143) at org.jboss.stdio.WriterOutputStream.flush(WriterOutputStream.java:164) at java.io.PrintStream.write(PrintStream.java:482) at org.jboss.stdio.StdioContext$DelegatingPrintStream.write(StdioContext.java:264) at java.io.PrintStream.write(PrintStream.java:480) at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291) at sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:104) at java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:185) at java.io.PrintStream.newLine(PrintStream.java:546) at java.io.PrintStream.println(PrintStream.java:696) at sun.misc.HexDumpEncoder.encodeLineSuffix(HexDumpEncoder.java:116) at sun.misc.CharacterEncoder.encodeBuffer(CharacterEncoder.java:297) at sun.security.ssl.CipherBox.encrypt(CipherBox.java:306) at sun.security.ssl.OutputRecord.encrypt(OutputRecord.java:264) at sun.security.ssl.SSLSocketImpl.writeRecordInternal(SSLSocketImpl.java:859) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:847) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at org.jboss.logmanager.handlers.TcpOutputStream.write(TcpOutputStream.java:182) at org.jboss.logmanager.handlers.UninterruptibleOutputStream.write(UninterruptibleOutputStream.java:84) at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291) at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295) at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229) at org.jboss.logmanager.ext.handlers.SocketHandler.safeFlush(SocketHandler.java:340) at org.jboss.logmanager.ext.handlers.SocketHandler.flush(SocketHandler.java:169) at org.jboss.logmanager.ExtHandler.doPublish(ExtHandler.java:104) at org.jboss.logmanager.ext.handlers.SocketHandler.doPublish(SocketHandler.java:159) at org.jboss.logmanager.ExtHandler.publish(ExtHandler.java:76) at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:314) at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) at org.jboss.logmanager.LoggerNode.publish(LoggerNode.java:322) at org.jboss.logmanager.Logger.logRaw(Logger.java:850) at org.jboss.logmanager.Logger.log(Logger.java:802) at org.jboss.logging.JBossLogManagerLogger.doLogf(JBossLogManagerLogger.java:53) at org.jboss.logging.Logger.logf(Logger.java:2398) at org.jboss.msc.service.ServiceLogger_$logger.greeting(ServiceLogger_$logger.java:65) at org.jboss.msc.service.ServiceContainerImpl.<clinit>(ServiceContainerImpl.java:93) at org.jboss.msc.service.ServiceContainer$Factory.create(ServiceContainer.java:258) at org.jboss.as.server.BootstrapImpl$ShutdownHook.register(BootstrapImpl.java:214) {code} On the Logstash side, the following error message appears in the logs: {code} :message=>"An error occurred. Closing connection", :exception=>#<IOError: bad record MAC> {code} Afterwards, WildFly hangs forever without deploying my webapp or doing anything else. Before that happens, the handshake goes through these phases: * *** ClientHello, TLSv1.2 * *** ServerHello, TLSv1.2 * %% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] * Found trusted certificate * *** ECDH ServerKeyExchange * *** ServerHelloDone * *** ECDHClientKeyExchange * SESSION KEYGEN: * CONNECTION KEYGEN: * *** Finished When disabling SSL both on WildFly and Logstash side, everything works fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira October 2016