[JBoss JIRA] (WFLY-7111) Distributable web applications cause Infinispan exceptions when Elytron is used
by Pedro Igor (JIRA)
[ https://issues.jboss.org/browse/WFLY-7111?page=com.atlassian.jira.plugin.... ]
Pedro Igor reopened WFLY-7111:
------------------------------
The PR with the necessary changes to WFLY is missing. We only have the Elytron changes, which makes impossible to you to test this issue.
Reopening.
> Distributable web applications cause Infinispan exceptions when Elytron is used
> -------------------------------------------------------------------------------
>
> Key: WFLY-7111
> URL: https://issues.jboss.org/browse/WFLY-7111
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Josef Cacek
> Assignee: Pedro Igor
> Priority: Blocker
> Fix For: No Release
>
>
> When a distributable secured web application mapped to Elytron domain is deployed to EAP and accessed. It throws intermittently {{org.infinispan.util.concurrent.TimeoutException}}
> *Expected behavior:*
> Distributable applications should be accessible without exceptions when Elytron is used.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (DROOLS-1363) revapi-maven-plugin forks exutions
by Petr Široký (JIRA)
Petr Široký created DROOLS-1363:
-----------------------------------
Summary: revapi-maven-plugin forks exutions
Key: DROOLS-1363
URL: https://issues.jboss.org/browse/DROOLS-1363
Project: Drools
Issue Type: Bug
Components: build
Reporter: Petr Široký
Assignee: Petr Široký
Revapi Maven plugin, as used in kie-api, forks the exeuctions causing almost the whole build to be executed three times. This needs to be fixed.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (WFLY-7613) Ldap security realm does not close DirContext properly
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/WFLY-7613?page=com.atlassian.jira.plugin.... ]
Martin Choma updated WFLY-7613:
-------------------------------
Priority: Blocker (was: Major)
> Ldap security realm does not close DirContext properly
> ------------------------------------------------------
>
> Key: WFLY-7613
> URL: https://issues.jboss.org/browse/WFLY-7613
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Martin Choma
> Priority: Blocker
>
> There are methods in Elytron {{LdapSecurityRealm}} class which create/get DirContext, but does not close him in finally block.
> In some circumstances could cause context resource leak.
> * LdapSecurityRealm
> ** getEvidenceVerifySupport
> ** getCredentialAcquireSupport
> ** getCredential
> ** setCredentials
> * LdapRealmIdentity
> ** setCredentials
> In same class there are examples of properly closed contexts:
> * LdapRealmIdentity
> ** getCredential
> ** getEvidenceVerifySupport
> ** verifyEvidence
> ** getIdentity
> ** create
> ** setAttributes
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (WFLY-7539) WebSocketTestCase fails with security manager - disable test
by Petr Kremensky (JIRA)
[ https://issues.jboss.org/browse/WFLY-7539?page=com.atlassian.jira.plugin.... ]
Petr Kremensky updated WFLY-7539:
---------------------------------
Summary: WebSocketTestCase fails with security manager - disable test (was: WebSocketsTestCase fails with security manager - disable test)
> WebSocketTestCase fails with security manager - disable test
> ------------------------------------------------------------
>
> Key: WFLY-7539
> URL: https://issues.jboss.org/browse/WFLY-7539
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Kabir Khan
> Assignee: Darran Lofthouse
> Fix For: 11.0.0.Alpha1
>
>
> With the core 3.0.0.Alpha12 upgrade we see failures in the WebSocketTestCase when run with the security manager enabled.
> $mvn clean install -pl testsuite/integration/web/ -Dsecurity.manager=true
> For now I am adding a
> {code}
> Assume.assumeTrue(System.getSecurityManager() == null);
> {code}
> to skip this test when running with a security manager enabled. The failure when the test is run with a security manager is
> {code}
> testWebSocket(org.jboss.as.test.integration.web.websocket.WebSocketTestCase) Time elapsed: 0.227 sec <<< ERROR!
> java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.net.SocketPermission" "localhost:0" "listen,resolve")" in code source "(vfs:/content/websocket.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.websocket.war:main" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at java.lang.SecurityManager.checkListen(SecurityManager.java:1131)
> at org.wildfly.security.manager.WildFlySecurityManager.checkListen(WildFlySecurityManager.java:392)
> at sun.nio.ch.SocketChannelImpl.bind(SocketChannelImpl.java:582)
> at sun.nio.ch.SocketAdaptor.bind(SocketAdaptor.java:135)
> at org.xnio.nio.WorkerThread.openTcpStreamConnection(WorkerThread.java:263)
> at org.xnio.XnioIoThread.openStreamConnection(XnioIoThread.java:237)
> at org.xnio.XnioWorker.openStreamConnection(XnioWorker.java:342)
> at org.xnio.http.HttpUpgrade$HttpUpgradeState.doUpgrade(HttpUpgrade.java:247)
> at org.xnio.http.HttpUpgrade$HttpUpgradeState.access$100(HttpUpgrade.java:165)
> at org.xnio.http.HttpUpgrade.performUpgrade(HttpUpgrade.java:129)
> at io.undertow.websockets.client.WebSocketClient$ConnectionBuilder.connectImpl(WebSocketClient.java:323)
> at io.undertow.websockets.client.WebSocketClient$ConnectionBuilder.connect(WebSocketClient.java:211)
> at io.undertow.websockets.jsr.ServerWebSocketContainer.connectToServerInternal(ServerWebSocketContainer.java:463)
> at io.undertow.websockets.jsr.ServerWebSocketContainer.connectToServerInternal(ServerWebSocketContainer.java:457)
> at io.undertow.websockets.jsr.ServerWebSocketContainer.connectToServer(ServerWebSocketContainer.java:211)
> at org.jboss.as.test.integration.web.websocket.WebSocketTestCase.testWebSocket(WebSocketTestCase.java:52)
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (WFLY-7615) Inbound connection rebalancing does not allow failover to backup
by Miroslav Novak (JIRA)
[ https://issues.jboss.org/browse/WFLY-7615?page=com.atlassian.jira.plugin.... ]
Miroslav Novak reopened WFLY-7615:
----------------------------------
> Inbound connection rebalancing does not allow failover to backup
> ----------------------------------------------------------------
>
> Key: WFLY-7615
> URL: https://issues.jboss.org/browse/WFLY-7615
> Project: WildFly
> Issue Type: Enhancement
> Components: JMS
> Affects Versions: 10.1.0.Final
> Reporter: Miroslav Novak
> Assignee: Justin Bertram
> Priority: Critical
>
> If MDB contains activation config property:
> @ActivationConfigProperty(propertyName = "rebalanceConnections", propertyValue = "true")
> so rebalancing of inbound connections is enabled then MDB is not able to failover from live to backup if backup is cleanly shutdowned (ctrl-c).
> Test scenario:
> - There are 3 EAP 7 servers. 1st has Artemis configured as live and 2nd has Artemis configured as backup server. So servers are in dedicated HA topology with replicated journal. Then there are queues InQueue and OutQueue deployed to live and backup.
> - Start live and backup and then send 2000 messages to InQueue to live server.
> - Start 3rd server which has configured Artemis RA to connect to live server. HA is enabled.
> - Deploy MDB on 3rd server. MDB consumes messages from InQueue and sends to OutQueue in XA transaction.
> - When MDB is processing messages cleanly shutdown live server.
> - MDB should failover to backup and process all the messages
> - Receive messages from OutQueue from backup server and check that all messages were received.
> Test fails bacause MDB is not able to failover to backup.
> Server 3 with MDB is logging:
> {code}
> 15:16:02,975 ERROR [org.apache.activemq.artemis.ra] (NodeDOWN Connection Rebalancer) AMQ154003: Unable to reconnect org.apache.activemq.artemis.ra.inflow.ActiveMQActivationSpec(ra=org.apache.activemq.artemis.ra.ActiveMQResourceAdapter@51f82f98 destination=jms/queue/InQueue destinationType=javax.jms.Queue ack=Auto-acknowledge durable=false clientID=null user=null maxSession=15): ActiveMQNotConnectedException[errorType=NOT_CONNECTED message=AMQ119007: Cannot connect to server(s). Tried with all available servers.]
> at org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:777) [artemis-core-client-1.1.0.redhat-5.jar:1.1.0.redhat-5]
> at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation.setup(ActiveMQActivation.java:315)
> at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation.reconnect(ActiveMQActivation.java:678)
> at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation$2.run(ActiveMQActivation.java:627)
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_51]
> {code}
> If rebalanceConnections=false then test passes.
> How to run the test locally:
> {code}
> git clone git://git.app.eng.bos.redhat.com/jbossqe/eap-tests-hornetq.git
> cd eap-tests-hornetq/scripts/
> git checkout refactoring_modules
> groovy -DEAP_VERSION=7.0.0.ER4 PrepareServers7.groovy
> export WORKSPACE=$PWD
> export JBOSS_HOME_1=$WORKSPACE/server1/jboss-eap
> export JBOSS_HOME_2=$WORKSPACE/server2/jboss-eap
> export JBOSS_HOME_3=$WORKSPACE/server3/jboss-eap
> export JBOSS_HOME_4=$WORKSPACE/server4/jboss-eap
> cd ../jboss-hornetq-testsuite/
> mvn clean test -Dtest=ReplicatedDedicatedFailoverTestWithMdb#testShutdown -DfailIfNoTests=false -Deap=7x | tee log
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (WFLY-7571) Elytron token-realm description <code> formatting
by Pedro Igor (JIRA)
[ https://issues.jboss.org/browse/WFLY-7571?page=com.atlassian.jira.plugin.... ]
Pedro Igor reassigned WFLY-7571:
--------------------------------
Assignee: Pedro Igor
> Elytron token-realm description <code> formatting
> -------------------------------------------------
>
> Key: WFLY-7571
> URL: https://issues.jboss.org/browse/WFLY-7571
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Martin Choma
> Assignee: Pedro Igor
> Labels: user_experience
>
> In token-realm resource in description of 5 attributes there is formatting <code></code> used e.g.
> {code}
> "issuer" => {
> "type" => LIST,
> "description" => "A list of strings representing the issuers supported by this configuration. During validation JWT tokens must have an <code>iss</code> claim that contains one of the values defined here.",
> "expressions-allowed" => true,
> "nillable" => true,
> "value-type" => STRING
> },
> {code}
> Apparently this formating is copy/paste from somewhere it make sense. But it does not make sense in model/XSD description. Note, this applies also to operation add description.
> {code}
> /subsystem=elytron/token-realm=a:read-operation-description(name=add)
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (WFLY-7615) Inbound connection rebalancing does not allow failover to backup
by Miroslav Novak (JIRA)
[ https://issues.jboss.org/browse/WFLY-7615?page=com.atlassian.jira.plugin.... ]
Miroslav Novak moved JBEAP-2773 to WFLY-7615:
---------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-7615 (was: JBEAP-2773)
Issue Type: Enhancement (was: Bug)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: JMS
(was: ActiveMQ)
Target Release: (was: 7.backlog.GA)
Affects Version/s: 10.1.0.Final
(was: 7.0.0.ER4)
> Inbound connection rebalancing does not allow failover to backup
> ----------------------------------------------------------------
>
> Key: WFLY-7615
> URL: https://issues.jboss.org/browse/WFLY-7615
> Project: WildFly
> Issue Type: Enhancement
> Components: JMS
> Affects Versions: 10.1.0.Final
> Reporter: Miroslav Novak
> Assignee: Justin Bertram
> Priority: Critical
>
> If MDB contains activation config property:
> @ActivationConfigProperty(propertyName = "rebalanceConnections", propertyValue = "true")
> so rebalancing of inbound connections is enabled then MDB is not able to failover from live to backup if backup is cleanly shutdowned (ctrl-c).
> Test scenario:
> - There are 3 EAP 7 servers. 1st has Artemis configured as live and 2nd has Artemis configured as backup server. So servers are in dedicated HA topology with replicated journal. Then there are queues InQueue and OutQueue deployed to live and backup.
> - Start live and backup and then send 2000 messages to InQueue to live server.
> - Start 3rd server which has configured Artemis RA to connect to live server. HA is enabled.
> - Deploy MDB on 3rd server. MDB consumes messages from InQueue and sends to OutQueue in XA transaction.
> - When MDB is processing messages cleanly shutdown live server.
> - MDB should failover to backup and process all the messages
> - Receive messages from OutQueue from backup server and check that all messages were received.
> Test fails bacause MDB is not able to failover to backup.
> Server 3 with MDB is logging:
> {code}
> 15:16:02,975 ERROR [org.apache.activemq.artemis.ra] (NodeDOWN Connection Rebalancer) AMQ154003: Unable to reconnect org.apache.activemq.artemis.ra.inflow.ActiveMQActivationSpec(ra=org.apache.activemq.artemis.ra.ActiveMQResourceAdapter@51f82f98 destination=jms/queue/InQueue destinationType=javax.jms.Queue ack=Auto-acknowledge durable=false clientID=null user=null maxSession=15): ActiveMQNotConnectedException[errorType=NOT_CONNECTED message=AMQ119007: Cannot connect to server(s). Tried with all available servers.]
> at org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:777) [artemis-core-client-1.1.0.redhat-5.jar:1.1.0.redhat-5]
> at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation.setup(ActiveMQActivation.java:315)
> at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation.reconnect(ActiveMQActivation.java:678)
> at org.apache.activemq.artemis.ra.inflow.ActiveMQActivation$2.run(ActiveMQActivation.java:627)
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_51]
> {code}
> If rebalanceConnections=false then test passes.
> How to run the test locally:
> {code}
> git clone git://git.app.eng.bos.redhat.com/jbossqe/eap-tests-hornetq.git
> cd eap-tests-hornetq/scripts/
> git checkout refactoring_modules
> groovy -DEAP_VERSION=7.0.0.ER4 PrepareServers7.groovy
> export WORKSPACE=$PWD
> export JBOSS_HOME_1=$WORKSPACE/server1/jboss-eap
> export JBOSS_HOME_2=$WORKSPACE/server2/jboss-eap
> export JBOSS_HOME_3=$WORKSPACE/server3/jboss-eap
> export JBOSS_HOME_4=$WORKSPACE/server4/jboss-eap
> cd ../jboss-hornetq-testsuite/
> mvn clean test -Dtest=ReplicatedDedicatedFailoverTestWithMdb#testShutdown -DfailIfNoTests=false -Deap=7x | tee log
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (WFLY-7572) Elytron expects certificate in PEM format as user input
by Pedro Igor (JIRA)
[ https://issues.jboss.org/browse/WFLY-7572?page=com.atlassian.jira.plugin.... ]
Pedro Igor reassigned WFLY-7572:
--------------------------------
Assignee: Pedro Igor
> Elytron expects certificate in PEM format as user input
> -------------------------------------------------------
>
> Key: WFLY-7572
> URL: https://issues.jboss.org/browse/WFLY-7572
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Martin Choma
> Assignee: Pedro Igor
> Labels: user_experience
>
> In {{/token-realm/public-key}} attribute there is certificate in PEM format expected, which I consider to be user un-friendly.
> I wonder couldn't that be accomplished by leveraging key-store/trust-manager capability?
> {code}
> "public-key" => {
> "type" => STRING,
> "description" => "A public key in PEM Format. During validation, if a public key is provided, signature will be verified based on the key you provided here.",
> "expressions-allowed" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months
[JBoss JIRA] (WFLY-7573) Elytron oauth2-introspection descriptions copy/pasted from jwt
by Pedro Igor (JIRA)
[ https://issues.jboss.org/browse/WFLY-7573?page=com.atlassian.jira.plugin.... ]
Pedro Igor reassigned WFLY-7573:
--------------------------------
Assignee: Pedro Igor
> Elytron oauth2-introspection descriptions copy/pasted from jwt
> --------------------------------------------------------------
>
> Key: WFLY-7573
> URL: https://issues.jboss.org/browse/WFLY-7573
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Martin Choma
> Assignee: Pedro Igor
>
> /token-realm/oauth2-introspection descriptions are apparently copied from jwt. For example:
> {code}
> "client-secret" => {
> "type" => STRING,
> "description" => "A list of strings representing the audiences supported by this configuration. During validation JWT tokens must have an <code>aud</code> claim that contains one of the values defined here.",
> "expressions-allowed" => false,
> "nillable" => false,
> "min-length" => 1L,
> "max-length" => 2147483647L
> }
> {code}
> It applies to these attributes:
> * {{client-id}}
> * {{client-secret}}
> * {{client-ssl-context}}
> * {{introspection-url}}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 8 months