November 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (JGRP-2078) NPE in Ipv6 Solaris 10 test

by Richard Achmatowicz (JIRA)

[ https://issues.jboss.org/browse/JGRP-2078?page=com.atlassian.jira.plugin.... ] Richard Achmatowicz commented on JGRP-2078: ------------------------------------------- [~bsikora] Bogdan, please provide a link to the original Jenkins job (or the manual testsuite execution, if applicable). We need these in case there are other parts of the server logs that we want to look at, in addition to the stack traces that you provided. > NPE in Ipv6 Solaris 10 test > --------------------------- > > Key: JGRP-2078 > URL: https://issues.jboss.org/browse/JGRP-2078 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.8 > Reporter: Bogdan Sikora > Assignee: Bela Ban > > {noformat} > 2016-06-08 05:49:40,139 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-8) ISPN000079: Channel ejb local address is jboss-eap-7.0, physical addresses are [2620:52:0:105f:0:0:ffff:51%2:55200] > 2016-06-08 05:49:40,139 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-5) ISPN000079: Channel server local address is jboss-eap-7.0, physical addresses are [2620:52:0:105f:0:0:ffff:51%2:55200] > 2016-06-08 05:49:40,139 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-6) ISPN000079: Channel hibernate local address is jboss-eap-7.0, physical addresses are [2620:52:0:105f:0:0:ffff:51%2:55200] > 2016-06-08 05:49:40,139 INFO [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (MSC service thread 1-7) ISPN000079: Channel web local address is jboss-eap-7.0, physical addresses are [2620:52:0:105f:0:0:ffff:51%2:55200] > {noformat} > {noformat} > 2016-06-08 05:50:01,589 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 69) WFLYCLINF0002: Started clusterbench.war cache from web container > 2016-06-08 05:50:01,625 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 64) WFLYCLINF0002: Started routing cache from web container > 2016-06-08 05:50:02,894 ERROR [org.jgroups.protocols.UNICAST3] (thread-2,ee,jboss-eap-7.0) JGRP000043: jboss-eap-7.0: failed handling event: java.lang.NullPointerException > 2016-06-08 05:50:03,379 ERROR [org.jgroups.protocols.UNICAST3] (thread-2,ee,jboss-eap-7.0) JGRP000043: jboss-eap-7.0: failed handling event: java.lang.NullPointerException > 2016-06-08 05:50:03,878 ERROR [org.jgroups.protocols.UNICAST3] (thread-1,ee,jboss-eap-7.0) JGRP000043: jboss-eap-7.0: failed handling event: java.lang.NullPointerException > ... > {noformat} > https://paste.fedoraproject.org/376166/65389534/ > Config > https://paste.fedoraproject.org/376150/ -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7642) sasl-authentication-factory should be valid in combination with security-realm in native management interface in CLI

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/WFLY-7642?page=com.atlassian.jira.plugin.... ] Ondrej Lukas updated WFLY-7642: ------------------------------- Affects Version/s: 11.0.0.Alpha1 > sasl-authentication-factory should be valid in combination with security-realm in native management interface in CLI > -------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-7642 > URL: https://issues.jboss.org/browse/WFLY-7642 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > I am not able to add native management interface with both {{sasl-authentication-factory}} and {{security-realm}} attributes. According to comments in EAP7-545 Analysis document [1] setting both of them is valid configuration. However CLI consider this combination as invalid (when running server with standalone-elytron.xml): > {code} > /core-service=management/management-interface=native-interface:add(sasl-authentication-factory=application-sasl-authentication,security-realm=ApplicationRealm,socket-binding=management-http) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0105: sasl-authentication-factory is invalid in combination with security-realm", > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7642) sasl-authentication-factory should be valid in combination with security-realm in native management interface in CLI

by Ondrej Lukas (JIRA)

Ondrej Lukas created WFLY-7642: ---------------------------------- Summary: sasl-authentication-factory should be valid in combination with security-realm in native management interface in CLI Key: WFLY-7642 URL: https://issues.jboss.org/browse/WFLY-7642 Project: WildFly Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Darran Lofthouse Priority: Critical I am not able to add native management interface with both {{sasl-authentication-factory}} and {{security-realm}} attributes. According to comments in EAP7-545 Analysis document [1] setting both of them is valid configuration. However CLI consider this combination as invalid (when running server with standalone-elytron.xml): {code} /core-service=management/management-interface=native-interface:add(sasl-authentication-factory=application-sasl-authentication,security-realm=ApplicationRealm,socket-binding=management-http) { "outcome" => "failed", "failure-description" => "WFLYCTL0105: sasl-authentication-factory is invalid in combination with security-realm", "rolled-back" => true } {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7641) Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface

by Ondrej Lukas (JIRA)

Ondrej Lukas created WFLY-7641: ---------------------------------- Summary: Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface Key: WFLY-7641 URL: https://issues.jboss.org/browse/WFLY-7641 Project: WildFly Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Darran Lofthouse Priority: Critical In case when legacy security-realm for SSL is used together with Elytron authentication in HTTP management interface then server is not started. I am using following configuration for HTTP management interface (see Steps to Reproduce for more details): {code} <http-interface http-authentication-factory="management-http-authentication" security-realm="ManagementRealmHTTPS"> <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/> <socket-binding http="management-http" https="management-https"/> </http-interface> {code} Server is not started and following errors occur in log: {code} ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.management.http.extensible: org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:330) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided. at org.jboss.as.domain.http.server.ManagementHttpServer.getSSLContext(ManagementHttpServer.java:225) at org.jboss.as.domain.http.server.ManagementHttpServer.create(ManagementHttpServer.java:254) at org.jboss.as.domain.http.server.ManagementHttpServer.access$2400(ManagementHttpServer.java:107) at org.jboss.as.domain.http.server.ManagementHttpServer$Builder.build(ManagementHttpServer.java:589) at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:292) ... 5 more {code} and {code} ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("core-service" => "management"), ("management-interface" => "http-interface") ]) - failure description: { "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined } ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("core-service" => "management"), ("management-interface" => "http-interface") ]) - failure description: { "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined } {code} According to comments in EAP7-545 Analysis document [1], when security-realm and http-authentication-factory are specified but no ssl-context is used then it should lead to use legacy security-realm for SSL configuration and http-authentication-factory for authentication. [1] https://docs.google.com/document/d/1LsS-CGUJSDwGcFUva0g-BF9ZIq0jwx__1e_oJ... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7641) Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/WFLY-7641?page=com.atlassian.jira.plugin.... ] Ondrej Lukas updated WFLY-7641: ------------------------------- Affects Version/s: 11.0.0.Alpha1 > Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface > --------------------------------------------------------------------------------------------------- > > Key: WFLY-7641 > URL: https://issues.jboss.org/browse/WFLY-7641 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > In case when legacy security-realm for SSL is used together with Elytron authentication in HTTP management interface then server is not started. > I am using following configuration for HTTP management interface (see Steps to Reproduce for more details): > {code} > <http-interface http-authentication-factory="management-http-authentication" security-realm="ManagementRealmHTTPS"> > <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/> > <socket-binding http="management-http" https="management-https"/> > </http-interface> > {code} > Server is not started and following errors occur in log: > {code} > ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.management.http.extensible: org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:330) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided. > at org.jboss.as.domain.http.server.ManagementHttpServer.getSSLContext(ManagementHttpServer.java:225) > at org.jboss.as.domain.http.server.ManagementHttpServer.create(ManagementHttpServer.java:254) > at org.jboss.as.domain.http.server.ManagementHttpServer.access$2400(ManagementHttpServer.java:107) > at org.jboss.as.domain.http.server.ManagementHttpServer$Builder.build(ManagementHttpServer.java:589) > at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:292) > ... 5 more > {code} > and > {code} > ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "http-interface") > ]) - failure description: { > "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > } > ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "http-interface") > ]) - failure description: { > "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > } > {code} > According to comments in EAP7-545 Analysis document [1], when security-realm and http-authentication-factory are specified but no ssl-context is used then it should lead to use legacy security-realm for SSL configuration and http-authentication-factory for authentication. > [1] https://docs.google.com/document/d/1LsS-CGUJSDwGcFUva0g-BF9ZIq0jwx__1e_oJ... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7638) It is not possible to set secure-socket-binding without security-realm in HTTP management interface

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7638?page=com.atlassian.jira.plugin.... ] Darran Lofthouse commented on WFLY-7638: ---------------------------------------- There is already a duplicate WFCORE issue for this one an a PR in the queue. Any issues relating to the management interfaces live under WFCORE. > It is not possible to set secure-socket-binding without security-realm in HTTP management interface > --------------------------------------------------------------------------------------------------- > > Key: WFLY-7638 > URL: https://issues.jboss.org/browse/WFLY-7638 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > I am not able to add {{secure-socket-binding}} attribute for management-interface=http-interface resource which does not include {{security-realm}} attribute. This means that "Elytron-only" authentication and SSL configuration for HTTP interface is not possible. > Trying this issue for management-interface=native-interface is blocked by JBEAP-7424. > As workaround, if security-realm is also added then authentication with Elytron works correctly (added security-realm is not used because Elytron-related attributes in HTTP management interface have higher priority). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7637) It is not possible to set Elytron for native management interface

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7637?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7637: ----------------------------------- Affects Version/s: (was: 11.0.0.Alpha1) > It is not possible to set Elytron for native management interface > ----------------------------------------------------------------- > > Key: WFLY-7637 > URL: https://issues.jboss.org/browse/WFLY-7637 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 11.0.0.Alpha1 > > > I am not able to correctly configure native management interface to use Elytron. > I am adding some binding for native interface: > {code} > /socket-binding-group=standard-sockets/socket-binding=native:add(port=9999) > {code} > And then adding native management interface which uses Elytron sasl-authentication-factory ({{application-sasl-authentication}} is predefined in standalone-elytron.xml): > {code} > /core-service=management/management-interface=native-interface:add(sasl-authentication-factory=application-sasl-authentication,socket-binding=native) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.sasl-authentication-factory"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.server.management is missing [org.wildfly.security.sasl-authentication-factory]"] > }, > "rolled-back" => true > } > {code} > Following exception occurs in server log: > {code} > ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "native-interface") > ]) - failure description: { > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.sasl-authentication-factory"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.server.management is missing [org.wildfly.security.sasl-authentication-factory]"] > } > INFO [org.jboss.as.controller] (management-handler-thread - 2) WFLYCTL0183: Service status report > WFLYCTL0184: New missing/unsatisfied dependencies: > service org.wildfly.security.sasl-authentication-factory (missing) dependents: [service jboss.remoting.server.management] > {code} > The same exception is thrown when I am trying to set SSL through Elytron {{ssl-context}} attribute in management native-interface. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7637) It is not possible to set Elytron for native management interface

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7637?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7637: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > It is not possible to set Elytron for native management interface > ----------------------------------------------------------------- > > Key: WFLY-7637 > URL: https://issues.jboss.org/browse/WFLY-7637 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 11.0.0.Alpha1 > > > I am not able to correctly configure native management interface to use Elytron. > I am adding some binding for native interface: > {code} > /socket-binding-group=standard-sockets/socket-binding=native:add(port=9999) > {code} > And then adding native management interface which uses Elytron sasl-authentication-factory ({{application-sasl-authentication}} is predefined in standalone-elytron.xml): > {code} > /core-service=management/management-interface=native-interface:add(sasl-authentication-factory=application-sasl-authentication,socket-binding=native) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.sasl-authentication-factory"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.server.management is missing [org.wildfly.security.sasl-authentication-factory]"] > }, > "rolled-back" => true > } > {code} > Following exception occurs in server log: > {code} > ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "native-interface") > ]) - failure description: { > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.sasl-authentication-factory"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.server.management is missing [org.wildfly.security.sasl-authentication-factory]"] > } > INFO [org.jboss.as.controller] (management-handler-thread - 2) WFLYCTL0183: Service status report > WFLYCTL0184: New missing/unsatisfied dependencies: > service org.wildfly.security.sasl-authentication-factory (missing) dependents: [service jboss.remoting.server.management] > {code} > The same exception is thrown when I am trying to set SSL through Elytron {{ssl-context}} attribute in management native-interface. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7640) User identity is always set to anonymous for legacy security-realm authentication when identity is configured in management

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/WFLY-7640?page=com.atlassian.jira.plugin.... ] Ondrej Lukas updated WFLY-7640: ------------------------------- Priority: Critical (was: Major) Affects Version/s: 11.0.0.Alpha1 > User identity is always set to anonymous for legacy security-realm authentication when identity is configured in management > --------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-7640 > URL: https://issues.jboss.org/browse/WFLY-7640 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > In case when both {{identity}} and legacy {{security-realm}} are configured in {{management}} then usage of legacy solution for management authentication always results to user identity anonymous. In case when only legacy authentication is used for authentication, then it should not be affected by management identity. > This issue strongly affects scenario when one of management interfaces will use Elytron and another will use legacy solution. Identity will be always set to anonymous for legacy solution. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7640) User identity is always set to anonymous for legacy security-realm authentication when identity is configured in management

by Ondrej Lukas (JIRA)

Ondrej Lukas created WFLY-7640: ---------------------------------- Summary: User identity is always set to anonymous for legacy security-realm authentication when identity is configured in management Key: WFLY-7640 URL: https://issues.jboss.org/browse/WFLY-7640 Project: WildFly Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Darran Lofthouse In case when both {{identity}} and legacy {{security-realm}} are configured in {{management}} then usage of legacy solution for management authentication always results to user identity anonymous. In case when only legacy authentication is used for authentication, then it should not be affected by management identity. This issue strongly affects scenario when one of management interfaces will use Elytron and another will use legacy solution. Identity will be always set to anonymous for legacy solution. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 5 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira November 2016