July 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-6815) JDOM cannot create default parser

by Tomaz Cerar (JIRA)

[ https://issues.jboss.org/browse/WFLY-6815?page=com.atlassian.jira.plugin.... ] Tomaz Cerar commented on WFLY-6815: ----------------------------------- where does this happen? what build of jdk9? > JDOM cannot create default parser > --------------------------------- > > Key: WFLY-6815 > URL: https://issues.jboss.org/browse/WFLY-6815 > Project: WildFly > Issue Type: Sub-task > Components: Build System > Reporter: Thomas Diesler > Assignee: Thomas Diesler > Fix For: 10.1.0.Final > > > {code} > org.jdom.JDOMException: Could not load default SAX parser: org.apache.xerces.parsers.SAXParser: SAX2 driver class org.apache.xerces.parsers.SAXParser not found: org.apache.xerces.parsers.SAXParser from [Module "org.wildfly.extras.config:main" from local module loader @a3d8174 (finder: local module finder @1ba9117e (roots: /Users/tdiesler/git/wildfly-camel/itests/standalone/smoke/target/wildfly-10.1.0.Final-SNAPSHOT/modules,/Users/tdiesler/git/wildfly-camel/itests/standalone/smoke/target/wildfly-10.1.0.Final-SNAPSHOT/modules/system/layers/fuse,/Users/tdiesler/git/wildfly-camel/itests/standalone/smoke/target/wildfly-10.1.0.Final-SNAPSHOT/modules/system/layers/base))] > at org.jdom.input.SAXBuilder.createParser(SAXBuilder.java:649) > at org.jdom.input.SAXBuilder.build(SAXBuilder.java:489) > at org.jdom.input.SAXBuilder.build(SAXBuilder.java:905) > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5739) Subject not populated with groups/roles when authenticated via JASPIC

by István Tóth (JIRA)

[ https://issues.jboss.org/browse/WFLY-5739?page=com.atlassian.jira.plugin.... ] István Tóth commented on WFLY-5739: ----------------------------------- I have just sent PR https://github.com/wildfly/wildfly/pull/9003 that fixes it (for me) Thanks for [~ggam]'s help > Subject not populated with groups/roles when authenticated via JASPIC > --------------------------------------------------------------------- > > Key: WFLY-5739 > URL: https://issues.jboss.org/browse/WFLY-5739 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.CR4 > Reporter: Arjan t > Assignee: Darran Lofthouse > Labels: jacc, jaspic > Attachments: CustomAuth.zip, picketbox.zip > > > After having authenticated via JASPIC, requesting the current {{Subject}} via JACC and then using that for permission checks fails. > For instance the following code will always set {{hasAccess}} to false given that "/protected/*" requires a role and the authenticated user is in that role: > {code:java} > Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); > > boolean hasAccess = Policy.getPolicy().implies( > new ProtectionDomain( > new CodeSource(null, (Certificate[]) null), > null, null, > subject.getPrincipals().toArray(new Principal[subject.getPrincipals().size()]) > ), > new WebResourcePermission("/protected/Servlet", "GET")) > ; > {code} > As it appears, the problem originates from the fact that {{subject.getPrincipals()}} does not contain the roles. > This can be traced back to {{org.jboss.security.auth.callback.JASPICallbackHandler.handleCallBack}}, where it becomes clear that the roles are only put into the "util", but not in the "authenticatedSubject": > {code:java} > String[] rolesArray = groupPrincipalCallback.getGroups(); > int sizeOfRoles = rolesArray != null ? rolesArray.length : 0; > > if( sizeOfRoles > 0 ) > { > List<Role> rolesList = new ArrayList<Role>(); > for( int i = 0; i < sizeOfRoles ; i++ ) > { > Role role = new SimpleRole( rolesArray[ i ] ); > rolesList.add( role ); > } > RoleGroup roles = new SimpleRoleGroup( SecurityConstants.ROLES_IDENTIFIER, rolesList ); > // if the current security context already has roles, we merge them with the incoming roles. > RoleGroup currentRoles = currentSC.getUtil().getRoles(); > // *** ROLES ARE ONLY SET HERE *** > if (currentRoles != null) { > currentRoles.addAll(roles.getRoles()); > } > else { > currentSC.getUtil().setRoles( roles ); > } > } > // *** BELOW THIS LINE ROLES ARE NOT REFERENCED ANYMORE > // *** SUBJECT IS NOT POPULATED WITH ANY ROLE INFO > Subject subject = groupPrincipalCallback.getSubject(); > if( subject != null ) > { > // if the current security context already has an associated subject, we merge it with the incoming subject. > Subject currentSubject = currentSC.getSubjectInfo().getAuthenticatedSubject(); > if (currentSubject != null) { > subject.getPrincipals().addAll(currentSubject.getPrincipals()); > subject.getPublicCredentials().addAll(currentSubject.getPublicCredentials()); > subject.getPrivateCredentials().addAll(currentSubject.getPrivateCredentials()); > } > currentSC.getSubjectInfo().setAuthenticatedSubject(subject); > } > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2088) ArrayIndexOutOfBoundsException on ClassConfigurator.get()

by Manuel Dominguez Sarmiento (JIRA)

[ https://issues.jboss.org/browse/JGRP-2088?page=com.atlassian.jira.plugin.... ] Manuel Dominguez Sarmiento commented on JGRP-2088: -------------------------------------------------- Thanks. However note that ENCRYPT.java as shipped with jgroups-3.6.10.Final-sources.jar does not contain the @Deprecated comments (see attached file). Download the package from Sourceforge and check whether those sources are actually synced with the 3.6.10 release. > ArrayIndexOutOfBoundsException on ClassConfigurator.get() > --------------------------------------------------------- > > Key: JGRP-2088 > URL: https://issues.jboss.org/browse/JGRP-2088 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.10 > Reporter: Manuel Dominguez Sarmiento > Assignee: Bela Ban > Fix For: 3.6.11, 4.0 > > Attachments: ENCRYPT.java, jgroups.xml > > > See the following stack trace: > [ERROR] 2016-07-09 14:26:05 [UDP-multicast receiver,shared=jgroups-shared-transport] - JGRP000030: null: failed handling incoming message: java.lang.ArrayIndexOutOfBoundsException: -1 > java.lang.ArrayIndexOutOfBoundsException: -1 > at org.jgroups.conf.ClassConfigurator.get(ClassConfigurator.java:161) > at org.jgroups.Message.readHeader(Message.java:936) > at org.jgroups.Message.readFrom(Message.java:811) > at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1712) > at org.jgroups.protocols.TP.receive(TP.java:1654) > at org.jgroups.protocols.UDP$PacketReceiver.run(UDP.java:701) > at java.lang.Thread.run(Thread.java:745) > Stepping through the code with the debugger shows that the following line is failing at ClassConfigurator.get() with magic = -1 thus the java.lang.ArrayIndexOutOfBoundsException > return magic < 1024 ? magicMap[magic] : (Class)magicMapUser.get(Short.valueOf(magic)); > See attached jgroups.xml for configuration. This showed up when upgrading to 3.6.10 from 3.6.8 which worked fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2088) ArrayIndexOutOfBoundsException on ClassConfigurator.get()

by Manuel Dominguez Sarmiento (JIRA)

[ https://issues.jboss.org/browse/JGRP-2088?page=com.atlassian.jira.plugin.... ] Manuel Dominguez Sarmiento updated JGRP-2088: --------------------------------------------- Attachment: ENCRYPT.java > ArrayIndexOutOfBoundsException on ClassConfigurator.get() > --------------------------------------------------------- > > Key: JGRP-2088 > URL: https://issues.jboss.org/browse/JGRP-2088 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.10 > Reporter: Manuel Dominguez Sarmiento > Assignee: Bela Ban > Fix For: 3.6.11, 4.0 > > Attachments: ENCRYPT.java, jgroups.xml > > > See the following stack trace: > [ERROR] 2016-07-09 14:26:05 [UDP-multicast receiver,shared=jgroups-shared-transport] - JGRP000030: null: failed handling incoming message: java.lang.ArrayIndexOutOfBoundsException: -1 > java.lang.ArrayIndexOutOfBoundsException: -1 > at org.jgroups.conf.ClassConfigurator.get(ClassConfigurator.java:161) > at org.jgroups.Message.readHeader(Message.java:936) > at org.jgroups.Message.readFrom(Message.java:811) > at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1712) > at org.jgroups.protocols.TP.receive(TP.java:1654) > at org.jgroups.protocols.UDP$PacketReceiver.run(UDP.java:701) > at java.lang.Thread.run(Thread.java:745) > Stepping through the code with the debugger shows that the following line is failing at ClassConfigurator.get() with magic = -1 thus the java.lang.ArrayIndexOutOfBoundsException > return magic < 1024 ? magicMap[magic] : (Class)magicMapUser.get(Short.valueOf(magic)); > See attached jgroups.xml for configuration. This showed up when upgrading to 3.6.10 from 3.6.8 which worked fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2088) ArrayIndexOutOfBoundsException on ClassConfigurator.get()

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-2088?page=com.atlassian.jira.plugin.... ] Bela Ban commented on JGRP-2088: -------------------------------- Oops, I forgot to generate the manual, check now [1]. The docs had already been changed. {{ENCRYPT}} _is_ deprecated, see [2]. [1] http://www.jgroups.org/manual/index.html#Security [2] https://github.com/belaban/JGroups/blob/3.6/src/org/jgroups/protocols/ENC... > ArrayIndexOutOfBoundsException on ClassConfigurator.get() > --------------------------------------------------------- > > Key: JGRP-2088 > URL: https://issues.jboss.org/browse/JGRP-2088 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.10 > Reporter: Manuel Dominguez Sarmiento > Assignee: Bela Ban > Fix For: 3.6.11, 4.0 > > Attachments: jgroups.xml > > > See the following stack trace: > [ERROR] 2016-07-09 14:26:05 [UDP-multicast receiver,shared=jgroups-shared-transport] - JGRP000030: null: failed handling incoming message: java.lang.ArrayIndexOutOfBoundsException: -1 > java.lang.ArrayIndexOutOfBoundsException: -1 > at org.jgroups.conf.ClassConfigurator.get(ClassConfigurator.java:161) > at org.jgroups.Message.readHeader(Message.java:936) > at org.jgroups.Message.readFrom(Message.java:811) > at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1712) > at org.jgroups.protocols.TP.receive(TP.java:1654) > at org.jgroups.protocols.UDP$PacketReceiver.run(UDP.java:701) > at java.lang.Thread.run(Thread.java:745) > Stepping through the code with the debugger shows that the following line is failing at ClassConfigurator.get() with magic = -1 thus the java.lang.ArrayIndexOutOfBoundsException > return magic < 1024 ? magicMap[magic] : (Class)magicMapUser.get(Short.valueOf(magic)); > See attached jgroups.xml for configuration. This showed up when upgrading to 3.6.10 from 3.6.8 which worked fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2088) ArrayIndexOutOfBoundsException on ClassConfigurator.get()

by Manuel Dominguez Sarmiento (JIRA)

[ https://issues.jboss.org/browse/JGRP-2088?page=com.atlassian.jira.plugin.... ] Manuel Dominguez Sarmiento commented on JGRP-2088: -------------------------------------------------- OK but the source is not marked with @Deprecated as far as I can see. Also http://www.jgroups.org/manual/index.html makes no mention of either SYM_ENCRYPT nor ASYM_ENCRYPT, and no mention of ENCRYPT being deprecated either. Reading both CMS-2021 and CMS-2055 it was not obvious that the protocol names had changed. I'm not complaining, just making a point that this change should probably be better documented. > ArrayIndexOutOfBoundsException on ClassConfigurator.get() > --------------------------------------------------------- > > Key: JGRP-2088 > URL: https://issues.jboss.org/browse/JGRP-2088 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.10 > Reporter: Manuel Dominguez Sarmiento > Assignee: Bela Ban > Fix For: 3.6.11, 4.0 > > Attachments: jgroups.xml > > > See the following stack trace: > [ERROR] 2016-07-09 14:26:05 [UDP-multicast receiver,shared=jgroups-shared-transport] - JGRP000030: null: failed handling incoming message: java.lang.ArrayIndexOutOfBoundsException: -1 > java.lang.ArrayIndexOutOfBoundsException: -1 > at org.jgroups.conf.ClassConfigurator.get(ClassConfigurator.java:161) > at org.jgroups.Message.readHeader(Message.java:936) > at org.jgroups.Message.readFrom(Message.java:811) > at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1712) > at org.jgroups.protocols.TP.receive(TP.java:1654) > at org.jgroups.protocols.UDP$PacketReceiver.run(UDP.java:701) > at java.lang.Thread.run(Thread.java:745) > Stepping through the code with the debugger shows that the following line is failing at ClassConfigurator.get() with magic = -1 thus the java.lang.ArrayIndexOutOfBoundsException > return magic < 1024 ? magicMap[magic] : (Class)magicMapUser.get(Short.valueOf(magic)); > See attached jgroups.xml for configuration. This showed up when upgrading to 3.6.10 from 3.6.8 which worked fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2088) ArrayIndexOutOfBoundsException on ClassConfigurator.get()

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-2088?page=com.atlassian.jira.plugin.... ] Bela Ban commented on JGRP-2088: -------------------------------- ENCRYPT has already been deprecated > ArrayIndexOutOfBoundsException on ClassConfigurator.get() > --------------------------------------------------------- > > Key: JGRP-2088 > URL: https://issues.jboss.org/browse/JGRP-2088 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.10 > Reporter: Manuel Dominguez Sarmiento > Assignee: Bela Ban > Fix For: 3.6.11, 4.0 > > Attachments: jgroups.xml > > > See the following stack trace: > [ERROR] 2016-07-09 14:26:05 [UDP-multicast receiver,shared=jgroups-shared-transport] - JGRP000030: null: failed handling incoming message: java.lang.ArrayIndexOutOfBoundsException: -1 > java.lang.ArrayIndexOutOfBoundsException: -1 > at org.jgroups.conf.ClassConfigurator.get(ClassConfigurator.java:161) > at org.jgroups.Message.readHeader(Message.java:936) > at org.jgroups.Message.readFrom(Message.java:811) > at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1712) > at org.jgroups.protocols.TP.receive(TP.java:1654) > at org.jgroups.protocols.UDP$PacketReceiver.run(UDP.java:701) > at java.lang.Thread.run(Thread.java:745) > Stepping through the code with the debugger shows that the following line is failing at ClassConfigurator.get() with magic = -1 thus the java.lang.ArrayIndexOutOfBoundsException > return magic < 1024 ? magicMap[magic] : (Class)magicMapUser.get(Short.valueOf(magic)); > See attached jgroups.xml for configuration. This showed up when upgrading to 3.6.10 from 3.6.8 which worked fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2088) ArrayIndexOutOfBoundsException on ClassConfigurator.get()

by Manuel Dominguez Sarmiento (JIRA)

[ https://issues.jboss.org/browse/JGRP-2088?page=com.atlassian.jira.plugin.... ] Manuel Dominguez Sarmiento commented on JGRP-2088: -------------------------------------------------- Thanks Bela, it now works by removing ENCRYPT and replacing with SYM_ENCRYPT below NAKACK2. This should probably be documented more clearly for other upgrading from previous versions. ENCRYPT should either be removed or deprecated, or at least log some kind of warning. > ArrayIndexOutOfBoundsException on ClassConfigurator.get() > --------------------------------------------------------- > > Key: JGRP-2088 > URL: https://issues.jboss.org/browse/JGRP-2088 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.10 > Reporter: Manuel Dominguez Sarmiento > Assignee: Bela Ban > Fix For: 3.6.11, 4.0 > > Attachments: jgroups.xml > > > See the following stack trace: > [ERROR] 2016-07-09 14:26:05 [UDP-multicast receiver,shared=jgroups-shared-transport] - JGRP000030: null: failed handling incoming message: java.lang.ArrayIndexOutOfBoundsException: -1 > java.lang.ArrayIndexOutOfBoundsException: -1 > at org.jgroups.conf.ClassConfigurator.get(ClassConfigurator.java:161) > at org.jgroups.Message.readHeader(Message.java:936) > at org.jgroups.Message.readFrom(Message.java:811) > at org.jgroups.protocols.TP.handleSingleMessage(TP.java:1712) > at org.jgroups.protocols.TP.receive(TP.java:1654) > at org.jgroups.protocols.UDP$PacketReceiver.run(UDP.java:701) > at java.lang.Thread.run(Thread.java:745) > Stepping through the code with the debugger shows that the following line is failing at ClassConfigurator.get() with magic = -1 thus the java.lang.ArrayIndexOutOfBoundsException > return magic < 1024 ? magicMap[magic] : (Class)magicMapUser.get(Short.valueOf(magic)); > See attached jgroups.xml for configuration. This showed up when upgrading to 3.6.10 from 3.6.8 which worked fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2086) FD_SOCK is keep trying to create a new socket to the killed server

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-2086?page=com.atlassian.jira.plugin.... ] Bela Ban commented on JGRP-2086: -------------------------------- Isn't FD_HOST kicking in here? I cannot reproduce this scenario... can you? > FD_SOCK is keep trying to create a new socket to the killed server > ------------------------------------------------------------------ > > Key: JGRP-2086 > URL: https://issues.jboss.org/browse/JGRP-2086 > Project: JGroups > Issue Type: Bug > Affects Versions: 3.6.3 > Environment: JDG 6.6.0 (jgroups-3.6.3.Final-redhat-4.jar) > Reporter: Osamu Nagano > Assignee: Bela Ban > Fix For: 3.6.11, 4.0 > > > In most cases FD_SOCK can detect a killed server immediately. But for unknown reason, FD_SOCK is keep trying to create a new socket to the killed server. As a consequence, installing a new cluster view is delayed until FD_ALL is triggered. > m04_n007_server.log is showing the behaviour. There is 28 nodes (4 machines (m03, ..., m06) and 7 nodes (n001, ..., n007) on each) and all nodes on m03 are killed at the same time on 15:07:34,543. FD_SOCK is keep trying to connect to a killed node saying "socket address for m03_n001/clustered could not be fetched, retrying". > {noformat} > [n007] 15:07:39,543 TRACE [org.jgroups.protocols.FD_SOCK] (Timer-8,shared=udp) m04_n007/clustered: broadcasting SUSPECT message (suspected_mbrs=[m03_n005/clustered, m03_n007/clustered]) > [n007] 15:07:39,544 TRACE [org.jgroups.protocols.FD_SOCK] (INT-20,shared=udp) m04_n007/clustered: received SUSPECT message from m04_n007/clustered: suspects=[m03_n005/clustered, m03_n007/clustered] > [n007] 15:07:39,546 TRACE [org.jgroups.protocols.FD_SOCK] (FD_SOCK pinger,m04_n007/clustered) m04_n007/clustered: socket address for m03_n001/clustered could not be fetched, retrying > [n007] 15:07:40,546 DEBUG [org.jgroups.protocols.FD_SOCK] (FD_SOCK pinger,m04_n007/clustered) m04_n007/clustered: ping_dest is m03_n001/clustered, pingable_mbrs=[m03_n001/clustered, m03_n002/clustered, m03_n003/clustered, m03_n004/clustered, m03_n006/clustered, m06_n001/clustered, m06_n002/clustered, m06_n003/clustered, m06_n004/clustered, m06_n005/clustered, m06_n006/clustered, m06_n007/clustered, m05_n001/clustered, m05_n002/clustered, m05_n003/clustered, m05_n004/clustered, m05_n005/clustered, m05_n006/clustered, m05_n007/clustered, m04_n001/clustered, m04_n002/clustered, m04_n003/clustered, m04_n004/clustered, m04_n005/clustered, m04_n006/clustered, m04_n007/clustered] > [n007] 15:07:41,546 TRACE [org.jgroups.protocols.FD_SOCK] (FD_SOCK pinger,m04_n007/clustered) m04_n007/clustered: socket address for m03_n001/clustered could not be fetched, retrying > [n007] 15:07:42,546 DEBUG [org.jgroups.protocols.FD_SOCK] (FD_SOCK pinger,m04_n007/clustered) m04_n007/clustered: ping_dest is m03_n001/clustered, pingable_mbrs=[m03_n001/clustered, m03_n002/clustered, m03_n003/clustered, m03_n004/clustered, m03_n006/clustered, m06_n001/clustered, m06_n002/clustered, m06_n003/clustered, m06_n004/clustered, m06_n005/clustered, m06_n006/clustered, m06_n007/clustered, m05_n001/clustered, m05_n002/clustered, m05_n003/clustered, m05_n004/clustered, m05_n005/clustered, m05_n006/clustered, m05_n007/clustered, m04_n001/clustered, m04_n002/clustered, m04_n003/clustered, m04_n004/clustered, m04_n005/clustered, m04_n006/clustered, m04_n007/clustered] > [n007] 15:07:43,547 TRACE [org.jgroups.protocols.FD_SOCK] (FD_SOCK pinger,m04_n007/clustered) m04_n007/clustered: socket address for m03_n001/clustered could not be fetched, retrying > ... > [n007] 15:10:53,700 DEBUG [org.jgroups.protocols.FD_ALL] (Timer-26,shared=udp) haven't received a heartbeat from m03_n005/clustered for 200059 ms, adding it to suspect list > {noformat} > From the TRACE log, you can find an address cache of FD_SOCK has only 23 members. > {noformat} > [n007] 14:40:50,471 TRACE [org.jgroups.protocols.FD_SOCK] (FD_SOCK pinger,m04_n007/clustered) m04_n007/clustered: got cache from m03_n005/clustered: cache is { > m04_n006/clustered=172.20.66.34:9945, > m05_n005/clustered=172.20.66.35:9938, > m06_n004/clustered=172.20.66.36:9931, > m03_n007/clustered=172.20.66.33:9952, > m05_n001/clustered=172.20.66.35:9910, > m06_n005/clustered=172.20.66.36:9938, > m05_n006/clustered=172.20.66.35:9945, > m03_n005/clustered=172.20.66.33:9938, > m05_n004/clustered=172.20.66.35:9931, > m04_n003/clustered=172.20.66.34:9924, > m04_n007/clustered=172.20.66.34:9952, > m05_n002/clustered=172.20.66.35:9917, > m05_n003/clustered=172.20.66.35:9924, > m04_n004/clustered=172.20.66.34:9931, > m06_n001/clustered=172.20.66.36:9910, > m06_n007/clustered=172.20.66.36:9952, > m04_n005/clustered=172.20.66.34:9938, > m04_n001/clustered=172.20.66.34:9910, > m05_n007/clustered=172.20.66.35:9952, > m06_n002/clustered=172.20.66.36:9917, > m06_n006/clustered=172.20.66.36:9945, > m04_n002/clustered=172.20.66.34:9917, > m06_n003/clustered=172.20.66.36:9924} > {noformat} > While pingable_mbrs has all 28 members which is from the current available cluster view. > {noformat} > [n007] 14:40:50,472 DEBUG [org.jgroups.protocols.FD_SOCK] (FD_SOCK pinger,m04_n007/clustered) m04_n007/clustered: ping_dest is m03_n005/clustered, pingable_mbrs=[ > m03_n005/clustered, > m03_n007/clustered, > m03_n001/clustered, > m03_n002/clustered, > m03_n003/clustered, > m03_n004/clustered, > m03_n006/clustered, > m06_n001/clustered, > m06_n002/clustered, > m06_n003/clustered, > m06_n004/clustered, > m06_n005/clustered, > m06_n006/clustered, > m06_n007/clustered, > m05_n001/clustered, > m05_n002/clustered, > m05_n003/clustered, > m05_n004/clustered, > m05_n005/clustered, > m05_n006/clustered, > m05_n007/clustered, > m04_n001/clustered, > m04_n002/clustered, > m04_n003/clustered, > m04_n004/clustered, > m04_n005/clustered, > m04_n006/clustered, > m04_n007/clustered] > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-3659) DIGEST authentication method throws javax.security.auth.callback.UnsupportedCallbackException

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-3659?page=com.atlassian.jira.plugin.... ] Darran Lofthouse commented on WFLY-3659: ---------------------------------------- This was fixed in WildFly 10 so yes it is not expected to work in WildFly 9. > DIGEST authentication method throws javax.security.auth.callback.UnsupportedCallbackException > --------------------------------------------------------------------------------------------- > > Key: WFLY-3659 > URL: https://issues.jboss.org/browse/WFLY-3659 > Project: WildFly > Issue Type: Bug > Components: Security, Web (Undertow) > Affects Versions: 8.1.0.Final, 9.0.1.Final, 10.0.0.CR1 > Reporter: Joseph Hwang > Assignee: Darran Lofthouse > Fix For: 10.0.0.CR2 > > > Password encryption in database login module with wildfly digest login config throws {{javax.security.auth.callback.UnsupportedCallbackException}}. These are sources. > {code:xml|title=web.xml|borderStyle=solid} > <security-role> > <role-name>administrator</role-name> > </security-role> > <login-config> > <auth-method>DIGEST</auth-method> > <realm-name>WildFly8DigestRealm</realm-name> > </login-config> > {code} > {code:xml|title=jboss-web.xml|borderStyle=solid} > <jboss-web> > <security-domain>java:/jaas/my_secure_domain</security-domain> > </jboss-web> > {code} > {code:xml|title=standalone.xml|borderStyle=solid} > <security-domain name="my_secure_domain" cache-type="default"> > <authentication> > <login-module code="Database" flag="required"> > <module-option name="dsJndiName" value="java:jboss/datasources/MySqlDS"/> > <module-option name="principalsQuery" value="select password from credential where uid=?"/> > <module-option name="rolesQuery" value="select urole, 'Roles' from credential where uid=?"/> > <module-option name="hashAlgorithm" value="MD5"/> > <module-option name="hashEncoding" value="RFC2617"/> > <module-option name="hashUserPassword" value="false"/> > <module-option name="hashStorePassword" value="true"/> > <module-option name="passwordIsA1Hash" value="true"/> > <module-option name="digestCallback" value="org.jboss.security.auth.callback.DigestCallbackHandler"/> > <module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/> > </login-module> > </authentication> > </security-domain> > {code} > Password is encrypted with below codes > {code:java|title=EncryptPassword.java|borderStyle=solid} > package com.aaa.encrypt; > import org.jboss.crypto.CryptoUtil; > public class EncryptPassword { > public static void main(String[] args) { > // TODO Auto-generated method stub > String userName="admin"; > String realmName="WildFly8DigestRealm"; > String password="passwd123"; > String clearTextPassword=userName+":"+realmName+":"+password; > String hashedPassword=CryptoUtil.createPasswordHash("MD5", "RFC2617", null, null, clearTextPassword); > System.out.println("clearTextPassword: "+clearTextPassword); > System.out.println("hashedPassword: "+hashedPassword); > } > } > {code} > But login failed! The log shows the folowing exceptions : > {code} > 2014-07-18 21:37:45,246 TRACE [org.jboss.security] (default task-3) PBOX000236: Begin initialize method > 2014-07-18 21:37:45,246 DEBUG [org.jboss.security] (default task-3) PBOX000281: Password hashing activated, algorithm: MD5, encoding: RFC2617, charset: null, callback: org.jboss.security.auth.callback.DigestCallbackHandler, storeCallBack: org.jboss.security.auth.callback.RFC2617Digest > 2014-07-18 21:37:45,247 TRACE [org.jboss.security] (default task-3) PBOX000262: Module options [dsJndiName: java:jboss/datasources/MySqlDS, principalsQuery: select password from credential where uid=?, rolesQuery: select urole, 'Roles' from credential where uid=?, suspendResume: true] > 2014-07-18 21:37:45,247 TRACE [org.jboss.security] (default task-3) PBOX000240: Begin login method > 2014-07-18 21:37:45,249 TRACE [org.jboss.security] (default task-3) PBOX000263: Executing query select password from credential where uid=? with username admin > 2014-07-18 21:37:45,251 TRACE [org.jboss.security] (default task-3) PBOX000284: Created DigestCallback org.jboss.security.auth.callback.RFC2617Digest > 2014-07-18 21:37:45,252 TRACE [org.jboss.security] (default task-3) PBOX000244: Begin abort method > 2014-07-18 21:37:45,252 DEBUG [org.jboss.security] (default task-3) PBOX000206: Login failure: javax.security.auth.login.LoginException: PBOX000055: Failed to invoke CallbackHandler > at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:444) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1] > at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:280) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_60] > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_60] > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_60] > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_60] > at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_60] > at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_60] > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_60] > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_60] > at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_60] > at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_60] > at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_60] > at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1] > at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1] > at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1] > at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1] > at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:111) > at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:77) > at io.undertow.security.impl.DigestAuthenticationMechanism.handleDigestHeader(DigestAuthenticationMechanism.java:265) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.security.impl.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:149) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:27) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final] > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_60] > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_60] > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_60] > Caused by: javax.security.auth.callback.UnsupportedCallbackException > at org.jboss.security.auth.callback.JBossCallbackHandler.handleCallBack(JBossCallbackHandler.java:138) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1] > at org.jboss.security.auth.callback.JBossCallbackHandler.handle(JBossCallbackHandler.java:87) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1] > at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:947) [rt.jar:1.7.0_60] > at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:944) [rt.jar:1.7.0_60] > at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_60] > at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:943) [rt.jar:1.7.0_60] > at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:434) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1] > ... 49 more > {code} > This cofiguration worked well in JBoss AS 7. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2016