[JBoss JIRA] (WFLY-7735) JDBC-based cache stores require a DataSource attribute for runtime
by Paul Ferraro (JIRA)
Paul Ferraro created WFLY-7735:
----------------------------------
Summary: JDBC-based cache stores require a DataSource attribute for runtime
Key: WFLY-7735
URL: https://issues.jboss.org/browse/WFLY-7735
Project: WildFly
Issue Type: Bug
Components: Clustering
Affects Versions: 10.1.0.Final
Reporter: Paul Ferraro
Assignee: Paul Ferraro
Fix For: 11.0.0.Alpha1
Currently, there are 2 attributes for defining the DataSource of a JDBC-based cache store:
1. "data-store", which references a named DataSource capability
2. "datasource", the legacy attribute which specifies the jndi name of a DataSource
Both attributes are currently nullable. Consequently, the model does not require either to be specified, which would cause the runtime to fail.
The data-source attribute should be required, with "datasource" set as an alternative.
No transformer is necessary since "datasource" was a required attribute in older versions of the model.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (WFCORE-2085) Domain server 'kill' and 'destroy' operations need to ensure the server is dead
by Brian Stansberry (JIRA)
Brian Stansberry created WFCORE-2085:
----------------------------------------
Summary: Domain server 'kill' and 'destroy' operations need to ensure the server is dead
Key: WFCORE-2085
URL: https://issues.jboss.org/browse/WFCORE-2085
Project: WildFly Core
Issue Type: Bug
Components: Domain Management
Reporter: Brian Stansberry
Assignee: Brian Stansberry
The 'kill' and 'destroy' operations end up triggering invocation of the ManagedProcess kill() and destroy() methods. But those methods don't ensure the server process ends up dead. Their primary code path is to call 'stop()' and return. But if there is a problem doing the normal stop (which is fairly likely given the user invoked 'kill' or 'destroy' then the server process is left hanging around as a zombie.
A second invocation of kill or destroy will end up doing the real kill/destroy by realizing the stop() hasn't worked, but that is unintuitive and inconvenient.
Worse, with the EAP 6 web console at least, the console reports the process as being down, which is highly misleading, and it means the console doesn't provide the UI elements to allow the user to try again. The user is forced to use the CLI to do the second kill/destroy.
I think these methods should try the stop() but then after 5-10 seconds if the process isn't down, go on and invoke the hard kill/destroy logic. Assume that the user chose kill/destroy over stop for a reason and that a normal stop not succeeding quickly means stronger action is needed. The only downside to this is some server that could stop normally but happens to take a bit too long is hard killed, but that to me is a real edge case.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (WFLY-7733) JDBC-based cache stores require a DataSource attribute for runtime
by Paul Ferraro (JIRA)
Paul Ferraro created WFLY-7733:
----------------------------------
Summary: JDBC-based cache stores require a DataSource attribute for runtime
Key: WFLY-7733
URL: https://issues.jboss.org/browse/WFLY-7733
Project: WildFly
Issue Type: Bug
Components: Clustering
Affects Versions: 10.1.0.Final
Reporter: Paul Ferraro
Assignee: Paul Ferraro
Fix For: 11.0.0.Alpha1
Currently, there are 2 attributes for defining the DataSource of a JDBC-based cache store:
1. "data-store", which references a named DataSource capability
2. "datasource", the legacy attribute which specifies the jndi name of a DataSource
Both attributes are currently nullable. Consequently, the model does not require either to be specified, which would cause the runtime to fail.
The data-source attribute should be required, with "datasource" set as an alternative.
No transformer is necessary since "datasource" was a required attribute in older versions of the model.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (ELY-814) Comprehensive credential store tests
by David Lloyd (JIRA)
David Lloyd created ELY-814:
-------------------------------
Summary: Comprehensive credential store tests
Key: ELY-814
URL: https://issues.jboss.org/browse/ELY-814
Project: WildFly Elytron
Issue Type: Task
Components: Credential Store
Reporter: David Lloyd
We need comprehensive credential store tests, which include (but are not limited to):
* All credential store implementations:
** {{org.wildfly.security.credential.store.impl.KeyStoreCredentialStore}} (called {{K}} below)
** {{org.wildfly.security.credential.store.impl.MapCredentialStore}} (called {{M}} below)
** {{org.wildfly.security.credential.store.impl.VaultCredentialStore}} (called {{V}} below)
* Operation tests:
** Store and retrieve credentials of the following type:
*** Passwords (all variant algorithms of the following password types):
**** Clear ({{K}}, {{V}}, {{M}})
**** Digest ({{K}}, {{M}})
**** BCrypt ({{K}}, {{M}})
**** BSD UNIX DES ({{K}}, {{M}})
**** Masked passwords ({{K}}, {{M}})
**** SCRAM ({{K}}, {{M}})
**** Sun UNIX ({{K}}, {{M}})
**** UNIX DES ({{K}}, {{M}})
**** UNIX MD5 Crypt ({{K}}, {{M}})
**** UNIX SHA Crypt ({{K}}, {{M}})
*** Bearer tokens ({{K}}, {{M}})
*** GSS Credentials (GSSCredentialCredential) (just {{M}})
*** Key Pairs of the following algorithms:
**** RSA ({{K}}, {{M}})
**** DSA ({{K}}, {{M}})
**** EC ({{K}}, {{M}})
*** Public Keys of the following algorithms:
**** RSA ({{K}}, {{M}})
**** DSA ({{K}}, {{M}})
**** EC ({{K}}, {{M}})
*** X509 Certificate Chains (X509CertificateChainPrivateCredential) with keys of the following algorithms:
**** RSA ({{K}}, {{M}})
**** DSA ({{K}}, {{M}})
*** Secret Keys of the following types:
**** AES ({{K}}, {{M}})
**** DES ({{K}}, {{M}})
**** DESede ({{K}}, {{M}})
** Flush to disk (ELY-813) ({{K}}, {{V}})
** Remove credentials ({{K}}, {{V}}, {{M}})
** Test credential matching (the same matching logic is used by retrieve, remove, and store (replace)) ({{K}}, {{V}}, {{M}})
*** By credential type only ({{V}} will only support PasswordCredential)
*** By credential type and algorithm name ({{V}} will only support ClearPassword.ALGORITHM_CLEAR)
*** By credential type, algorithm name, and parameters ({{V}} does not support parameters)
** Iterate credentials by alias ({{K}}, {{V}}, {{M}})
** Apply a protection parameter to whole credential stores ({{K}}, {{V}})
*** Verify enforcement and failure if incorrect or missing
** Apply a protection parameter to individual credential store entries ({{K}}, {{V}}, {{M}})
*** Verify enforcement and failure if incorrect or missing
** Open existing credential store file and recover data ({{K}}, {{V}})
** Open and create new credential store file ({{K}}, {{V}})
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (ELY-813) CredentialStore operations can be slow
by David Lloyd (JIRA)
[ https://issues.jboss.org/browse/ELY-813?page=com.atlassian.jira.plugin.sy... ]
David Lloyd reassigned ELY-813:
-------------------------------
Assignee: David Lloyd
> CredentialStore operations can be slow
> --------------------------------------
>
> Key: ELY-813
> URL: https://issues.jboss.org/browse/ELY-813
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Credential Store
> Reporter: David Lloyd
> Assignee: David Lloyd
>
> Credential store operations can be slow, as they generally flush the updated store to disk after every operation making multiple changes undergo many pointless flushes. We can solve this a number of different possible ways:
> * Make CredentialStore use the same access pattern as KeyStore, where the user is responsible for flushing changes when they are complete, putting the user in charge of storage details (user is responsible for concurrency control)
> * Make CredentialStore implement a {{flush()}} method (and {{hasUnflushedChanges()}} method) which performs the persistence step separately at a time of the user's choosing (user is responsible for concurrency control) (memory-backed stores always return {{false}} for {{hasUnflushedChanges()}}) (this is my preferred approach)
> * Implement a transaction API in CredentialStore to allow concurrent non-conflicting updates with lock protection, isolation, atomicity, and consistency properties (credential store manages concurrency control via lock/transaction objects)
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (WFCORE-1921) Problem with capability-reference to resource whose name is number with ZERO(s) prefix.
by Tomaz Cerar (JIRA)
[ https://issues.jboss.org/browse/WFCORE-1921?page=com.atlassian.jira.plugi... ]
Tomaz Cerar closed WFCORE-1921.
-------------------------------
Resolution: Rejected
> Problem with capability-reference to resource whose name is number with ZERO(s) prefix.
> ---------------------------------------------------------------------------------------
>
> Key: WFCORE-1921
> URL: https://issues.jboss.org/browse/WFCORE-1921
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI, Domain Management
> Reporter: Hynek Švábek
> Assignee: Tomaz Cerar
>
> Problem with resources which name contains only NUMBERS.
> Particularly the number which beginning with ZERO(s).
> *Scenario*
> * I have resources which name contains only numbers with ZERO(s) prefix
> * I want set capability-reference to it
> * e.g. /subsystem=elytron/aggregate-role-mapper001=aggregateRoleMapper:add(role-mappers=[001,111])
> *Actual result*
> {code}
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0369: Required capabilities are not available:
> org.wildfly.security.role-mapper.1; There are no known registration points which can provide this capability.",
> "rolled-back" => true
> }
> {code}
> *Expected result*
> {code}
> Success
> {code}
> *NOTE*
> In my opinion is this global problem.
> I tried it with another subsystem and problem is there too.
> {code}
> /subsystem=datasources/data-source=001:add(connection-url="url", jndi-name="java:jboss/datasources/001", driver-name=h2)
> /subsystem=infinispan/cache-container=server/local-cache=default/store=string-jdbc:add(data-source=001)
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (WFCORE-1921) Problem with capability-reference to resource whose name is number with ZERO(s) prefix.
by Tomaz Cerar (JIRA)
[ https://issues.jboss.org/browse/WFCORE-1921?page=com.atlassian.jira.plugi... ]
Tomaz Cerar commented on WFCORE-1921:
-------------------------------------
Question is if this really is a bug or more of inconvenience caused by type less data model
if you just quote parameters it works just fine
{noformat}
/subsystem=elytron/aggregate-role-mapper=aggregateRoleMapper001:add(role-mappers=["001","111"])
{noformat}
> Problem with capability-reference to resource whose name is number with ZERO(s) prefix.
> ---------------------------------------------------------------------------------------
>
> Key: WFCORE-1921
> URL: https://issues.jboss.org/browse/WFCORE-1921
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI, Domain Management
> Reporter: Hynek Švábek
> Assignee: Tomaz Cerar
>
> Problem with resources which name contains only NUMBERS.
> Particularly the number which beginning with ZERO(s).
> *Scenario*
> * I have resources which name contains only numbers with ZERO(s) prefix
> * I want set capability-reference to it
> * e.g. /subsystem=elytron/aggregate-role-mapper001=aggregateRoleMapper:add(role-mappers=[001,111])
> *Actual result*
> {code}
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0369: Required capabilities are not available:
> org.wildfly.security.role-mapper.1; There are no known registration points which can provide this capability.",
> "rolled-back" => true
> }
> {code}
> *Expected result*
> {code}
> Success
> {code}
> *NOTE*
> In my opinion is this global problem.
> I tried it with another subsystem and problem is there too.
> {code}
> /subsystem=datasources/data-source=001:add(connection-url="url", jndi-name="java:jboss/datasources/001", driver-name=h2)
> /subsystem=infinispan/cache-container=server/local-cache=default/store=string-jdbc:add(data-source=001)
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months
[JBoss JIRA] (WFCORE-1921) Problem with capability-reference to resource whose name is number with ZERO(s) prefix.
by Tomaz Cerar (JIRA)
[ https://issues.jboss.org/browse/WFCORE-1921?page=com.atlassian.jira.plugi... ]
Tomaz Cerar updated WFCORE-1921:
--------------------------------
Workaround Description:
you need to quote numbers
so
{noformat}
/subsystem=elytron/aggregate-role-mapper=aggregateRoleMapper001:add(role-mappers=["001","111"])
{noformat}
> Problem with capability-reference to resource whose name is number with ZERO(s) prefix.
> ---------------------------------------------------------------------------------------
>
> Key: WFCORE-1921
> URL: https://issues.jboss.org/browse/WFCORE-1921
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI, Domain Management
> Reporter: Hynek Švábek
> Assignee: Tomaz Cerar
>
> Problem with resources which name contains only NUMBERS.
> Particularly the number which beginning with ZERO(s).
> *Scenario*
> * I have resources which name contains only numbers with ZERO(s) prefix
> * I want set capability-reference to it
> * e.g. /subsystem=elytron/aggregate-role-mapper001=aggregateRoleMapper:add(role-mappers=[001,111])
> *Actual result*
> {code}
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0369: Required capabilities are not available:
> org.wildfly.security.role-mapper.1; There are no known registration points which can provide this capability.",
> "rolled-back" => true
> }
> {code}
> *Expected result*
> {code}
> Success
> {code}
> *NOTE*
> In my opinion is this global problem.
> I tried it with another subsystem and problem is there too.
> {code}
> /subsystem=datasources/data-source=001:add(connection-url="url", jndi-name="java:jboss/datasources/001", driver-name=h2)
> /subsystem=infinispan/cache-container=server/local-cache=default/store=string-jdbc:add(data-source=001)
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 6 months