[JBoss JIRA] (WFLY-7175) Complex type server-ssl-context/ssl-session in Elytron subsystem
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFLY-7175?page=com.atlassian.jira.plugin.... ]
Jan Kalina commented on WFLY-7175:
----------------------------------
[~olukas] The SSLSessionDefinition does not look much complex or nested - is this bug still valid? (or can you explain more?)
> Complex type server-ssl-context/ssl-session in Elytron subsystem
> ----------------------------------------------------------------
>
> Key: WFLY-7175
> URL: https://issues.jboss.org/browse/WFLY-7175
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Ondrej Lukas
> Assignee: Jan Kalina
> Priority: Critical
>
> Elytron subsystem uses complex type in server-ssl-context resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details.
> Details: *server-ssl-context/ssl-session* - nested complex attributes (not critical in the short term - although exposing management information that provides insight into the current sessions would be a big bonus for administrators)
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (WFLY-6936) RebindTestCase fails with security manager
by Jan Tymel (JIRA)
[ https://issues.jboss.org/browse/WFLY-6936?page=com.atlassian.jira.plugin.... ]
Jan Tymel updated WFLY-6936:
----------------------------
Description:
*org.jboss.as.test.integration.naming.RebindTestCase#testRebinding*
*org.jboss.as.test.integration.naming.RebindTestCase#testRebindingLookup*
*org.jboss.as.test.integration.naming.RebindTestCase#testRebindingObjectFactory*
{{./integration-tests.sh -DtestLogToFile=false -Dts.noSmoke -Dts.basic -Dtest=org.jboss.as.test.integration.naming.RebindTestCase#testRebinding -Dsecurity.manager}}
Fails with:
{code}
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.jboss.remoting3.security.RemotingPermission" "createEndpoint")" in code source "(vfs:/content/RebindTestCase.jar <no signer certificates>)" of "null")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
at org.jboss.remoting3.Remoting.createEndpoint(Remoting.java:85)
at org.jboss.remoting3.Remoting.createEndpoint(Remoting.java:112)
at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:120)
at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:64)
at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:139)
at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:114)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
... 145 more
{code}
was:
*org.jboss.as.test.integration.naming.RebindTestCase#testRebinding*
{{./integration-tests.sh -DtestLogToFile=false -Dts.noSmoke -Dts.basic -Dtest=org.jboss.as.test.integration.naming.RebindTestCase#testRebinding -Dsecurity.manager}}
Fails with:
{code}
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.jboss.remoting3.security.RemotingPermission" "createEndpoint")" in code source "(vfs:/content/RebindTestCase.jar <no signer certificates>)" of "null")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
at org.jboss.remoting3.Remoting.createEndpoint(Remoting.java:85)
at org.jboss.remoting3.Remoting.createEndpoint(Remoting.java:112)
at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:120)
at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:64)
at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:139)
at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:114)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
... 145 more
{code}
> RebindTestCase fails with security manager
> ------------------------------------------
>
> Key: WFLY-6936
> URL: https://issues.jboss.org/browse/WFLY-6936
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite
> Reporter: Jan Tymel
> Assignee: Ingo Weiss
> Fix For: 11.0.0.Alpha1
>
>
> *org.jboss.as.test.integration.naming.RebindTestCase#testRebinding*
> *org.jboss.as.test.integration.naming.RebindTestCase#testRebindingLookup*
> *org.jboss.as.test.integration.naming.RebindTestCase#testRebindingObjectFactory*
> {{./integration-tests.sh -DtestLogToFile=false -Dts.noSmoke -Dts.basic -Dtest=org.jboss.as.test.integration.naming.RebindTestCase#testRebinding -Dsecurity.manager}}
> Fails with:
> {code}
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.jboss.remoting3.security.RemotingPermission" "createEndpoint")" in code source "(vfs:/content/RebindTestCase.jar <no signer certificates>)" of "null")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at org.jboss.remoting3.Remoting.createEndpoint(Remoting.java:85)
> at org.jboss.remoting3.Remoting.createEndpoint(Remoting.java:112)
> at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:120)
> at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:64)
> at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:139)
> at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:114)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
> ... 145 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (WFCORE-1988) /host-exclude=XX:add(management-minor-version=1) produces java.lang.IllegalArgumentException
by Panagiotis Sotiropoulos (JIRA)
[ https://issues.jboss.org/browse/WFCORE-1988?page=com.atlassian.jira.plugi... ]
Panagiotis Sotiropoulos moved JBEAP-7299 to WFCORE-1988:
--------------------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-1988 (was: JBEAP-7299)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Domain Management
(was: Domain Management)
(was: User Experience)
Affects Version/s: (was: 7.1.0.DR8)
> /host-exclude=XX:add(management-minor-version=1) produces java.lang.IllegalArgumentException
> --------------------------------------------------------------------------------------------
>
> Key: WFCORE-1988
> URL: https://issues.jboss.org/browse/WFCORE-1988
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Reporter: Panagiotis Sotiropoulos
> Assignee: Panagiotis Sotiropoulos
>
> {code:java}
> /host-exclude=XX:add(management-minor-version=2)
> {code}
> produces
> {code:java}
> {
> "outcome" => "failed",
> "failure-description" => {"domain-failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException"},
> "rolled-back" => true
> }
> {code}
> which is not sufficient
> operation description:
> {code:java}
> /host-exclude=XX:read-operation-description(name=add)
> ...
> "management-major-version" => {
> "type" => INT,
> "description" => "The major version of the kernel management API that is supported by slaves that should be affected by this configuration.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "alternatives" => ["host-release"],
> "requires" => ["management-minor-version"]
> },
> "management-micro-version" => {
> "type" => INT,
> "description" => "The micro version of the kernel management API that is supported by slaves that should be affected by this configuration. If not defined, this configuration applies to all releases of the given major/minor version, excluding any for which a different configuration with a micro version also specified is present.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "alternatives" => ["host-release"],
> "requires" => [
> "management-major-version",
> "management-minor-version"
> ]
> },
> "management-minor-version" => {
> "type" => INT,
> "description" => "The minor version of the kernel management API that is supported by slaves that should be affected by this configuration.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "alternatives" => ["host-release"]
> }
> {code}
> Proposed solution:
> make management-minor-version require management-major-version
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (WFLY-7593) JspTagTestCase fails with security manager
by Jan Tymel (JIRA)
[ https://issues.jboss.org/browse/WFLY-7593?page=com.atlassian.jira.plugin.... ]
Jan Tymel reassigned WFLY-7593:
-------------------------------
Assignee: Jan Tymel
> JspTagTestCase fails with security manager
> ------------------------------------------
>
> Key: WFLY-7593
> URL: https://issues.jboss.org/browse/WFLY-7593
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite
> Reporter: Jan Tymel
> Assignee: Jan Tymel
>
> *org.jboss.as.test.integration.jsp.JspTagTestCase#test*
> {{./integration-tests.sh -DtestLogToFile=false -Dtest=JspTagTestCase -Dsecurity.manager}}
> {code}
> ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /ed26af0c-bc91-49ea-b6c3-196d33e8de5a/index2.jsp: org.apache.jasper.JasperException: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/ed26af0c-bc91-49ea-b6c3-196d33e8de5a.war/ <no signer certificates>)" of "org.apache.jasper.servlet.JasperLoader@a7277ba2")
> at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:473)
> at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
> at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction$$Lambda$425.00000000C40C2470.call(Unknown Source)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$426.00000000C40CDD60.call(Unknown Source)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$426.00000000C40CDD60.call(Unknown Source)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$426.00000000C40CDD60.call(Unknown Source)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$426.00000000C40CDD60.call(Unknown Source)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
> at java.security.AccessController.doPrivileged(AccessController.java:650)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:207)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.lang.Thread.run(Thread.java:785)
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/ed26af0c-bc91-49ea-b6c3-196d33e8de5a.war/ <no signer certificates>)" of "org.apache.jasper.servlet.JasperLoader@a7277ba2")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at java.lang.Class.getClassLoader(Class.java:442)
> at org.jboss.as.weld.injection.InjectionTargets.createInjectionTarget(InjectionTargets.java:63)
> at org.jboss.as.weld.deployment.WeldClassIntrospector.getInjectionTarget(WeldClassIntrospector.java:90)
> at org.jboss.as.weld.deployment.WeldClassIntrospector.createInstance(WeldClassIntrospector.java:102)
> at org.jboss.as.ee.component.ComponentRegistry.createInstance(ComponentRegistry.java:85)
> at org.jboss.as.web.common.WebInjectionContainer.newInstance(WebInjectionContainer.java:77)
> at org.wildfly.extension.undertow.deployment.UndertowJSPInstanceManager.newInstance(UndertowJSPInstanceManager.java:75)
> at org.apache.jsp.index2_jsp._jspx_meth_my_005ftag_005f0(index2_jsp.java:128)
> at org.apache.jsp.index2_jsp._jspService(index2_jsp.java:99)
> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
> ... 48 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (WFLY-7593) JspTagTestCase fails with security manager
by Jan Tymel (JIRA)
Jan Tymel created WFLY-7593:
-------------------------------
Summary: JspTagTestCase fails with security manager
Key: WFLY-7593
URL: https://issues.jboss.org/browse/WFLY-7593
Project: WildFly
Issue Type: Bug
Components: Test Suite
Reporter: Jan Tymel
*org.jboss.as.test.integration.jsp.JspTagTestCase#test*
{{./integration-tests.sh -DtestLogToFile=false -Dtest=JspTagTestCase -Dsecurity.manager}}
{code}
ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /ed26af0c-bc91-49ea-b6c3-196d33e8de5a/index2.jsp: org.apache.jasper.JasperException: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/ed26af0c-bc91-49ea-b6c3-196d33e8de5a.war/ <no signer certificates>)" of "org.apache.jasper.servlet.JasperLoader@a7277ba2")
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:473)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:402)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:346)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction$$Lambda$425.00000000C40C2470.call(Unknown Source)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$426.00000000C40CDD60.call(Unknown Source)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$426.00000000C40CDD60.call(Unknown Source)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$426.00000000C40CDD60.call(Unknown Source)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1671)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$426.00000000C40CDD60.call(Unknown Source)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
at java.security.AccessController.doPrivileged(AccessController.java:650)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:207)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.lang.Thread.run(Thread.java:785)
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "getClassLoader")" in code source "(vfs:/content/ed26af0c-bc91-49ea-b6c3-196d33e8de5a.war/ <no signer certificates>)" of "org.apache.jasper.servlet.JasperLoader@a7277ba2")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
at java.lang.Class.getClassLoader(Class.java:442)
at org.jboss.as.weld.injection.InjectionTargets.createInjectionTarget(InjectionTargets.java:63)
at org.jboss.as.weld.deployment.WeldClassIntrospector.getInjectionTarget(WeldClassIntrospector.java:90)
at org.jboss.as.weld.deployment.WeldClassIntrospector.createInstance(WeldClassIntrospector.java:102)
at org.jboss.as.ee.component.ComponentRegistry.createInstance(ComponentRegistry.java:85)
at org.jboss.as.web.common.WebInjectionContainer.newInstance(WebInjectionContainer.java:77)
at org.wildfly.extension.undertow.deployment.UndertowJSPInstanceManager.newInstance(UndertowJSPInstanceManager.java:75)
at org.apache.jsp.index2_jsp._jspx_meth_my_005ftag_005f0(index2_jsp.java:128)
at org.apache.jsp.index2_jsp._jspService(index2_jsp.java:99)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:433)
... 48 more
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (ELY-755) Add ability for client-side SSL context configuration to include authentication
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-755?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse commented on ELY-755:
--------------------------------------
I don't know if it gets too complicated but maybe we don't go for my clean up pull request and instead go for something where the AuthenticationContext falls back to the AuthenticationConfiguration if the conrtext has no match.
> Add ability for client-side SSL context configuration to include authentication
> -------------------------------------------------------------------------------
>
> Key: ELY-755
> URL: https://issues.jboss.org/browse/ELY-755
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: API / SPI, Authentication Client, Passwords, SSL, X.500
> Reporter: David Lloyd
>
> One thing that was lost in the switch to separate SSL context configuration was the ability to perform client SSL authentication using certificates or other credentials configured in the authentication client configuration.
> There should be a configuration option to replace the key manager for the client SSL context with one which uses the authentication configuration to retrieve, at minimum, certificate credentials. Plus whatever is necessary to forward or set a GSSCredential for Kerberos-based mechanisms.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (ELY-745) Using attribute name instead of OID in x500-attribute-principal-decoder
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-745?page=com.atlassian.jira.plugin.sy... ]
Jan Kalina commented on ELY-745:
--------------------------------
[~dlofthouse]:
??I think when we talked previously an option was to create a properties file with all the OIDs as a database, they could then be classified and used in different situations.??
How do you mean "be classified" ? The OIDs should not be in collision even without categories.
Would you agree with following property file format?
{code:java}
2.5.4.4=sn,surname
2.5.4.3=cn,commonName
{code}
(first name would be primary - would by used for OID to name conversion, the others would be used for name to OID conversion only)
Should this property file replace current X500 class of constants?
> Using attribute name instead of OID in x500-attribute-principal-decoder
> -----------------------------------------------------------------------
>
> Key: ELY-745
> URL: https://issues.jboss.org/browse/ELY-745
> Project: WildFly Elytron
> Issue Type: Bug
> Components: X.500
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Critical
>
> Using OIDs not really convenient.
> See description of JBEAP-6100 for more details.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months