[JBoss JIRA] (SECURITY-951) AdvancedLdapLoginModule with roleAttributeID=null and empty or unset roleFilter can lead to authentication failure
by Ondrej Lukas (JIRA)
Ondrej Lukas created SECURITY-951:
-------------------------------------
Summary: AdvancedLdapLoginModule with roleAttributeID=null and empty or unset roleFilter can lead to authentication failure
Key: SECURITY-951
URL: https://issues.jboss.org/browse/SECURITY-951
Project: PicketBox
Issue Type: Bug
Reporter: Ondrej Lukas
Assignee: Stefan Guilhen
In case when AdvancedLdapLoginModule is correctly configured for authentication, but its attribute roleAttributeID is not set (i.e. is null) and roleFilter is not set (i.e. is null) or roleFilter is empty string, then authentication with correct username and password fails. It is caused by internal NPE for searching roles.
Expected behavior is that users should be authenticated but no roles should be assigned to them.
Internal NPE:
{code}
java.lang.NullPointerException
at javax.naming.directory.BasicAttributes.get(BasicAttributes.java:164)
at org.jboss.security.negotiation.AdvancedLdapLoginModule.obtainRole(AdvancedLdapLoginModule.java:820)
at org.jboss.security.negotiation.AdvancedLdapLoginModule.rolesSearch(AdvancedLdapLoginModule.java:762)
at org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:412)
at org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:981)
at org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:331)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
{code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 8 months
[JBoss JIRA] (SECURITY-951) AdvancedLdapLoginModule with roleAttributeID=null and empty or unset roleFilter can lead to authentication failure
by Ondrej Lukas (JIRA)
[ https://issues.jboss.org/browse/SECURITY-951?page=com.atlassian.jira.plug... ]
Ondrej Lukas updated SECURITY-951:
----------------------------------
Affects Version/s: Negotiation_3_0_3_Final
> AdvancedLdapLoginModule with roleAttributeID=null and empty or unset roleFilter can lead to authentication failure
> ------------------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-951
> URL: https://issues.jboss.org/browse/SECURITY-951
> Project: PicketBox
> Issue Type: Bug
> Affects Versions: Negotiation_3_0_3_Final
> Reporter: Ondrej Lukas
> Assignee: Stefan Guilhen
>
> In case when AdvancedLdapLoginModule is correctly configured for authentication, but its attribute roleAttributeID is not set (i.e. is null) and roleFilter is not set (i.e. is null) or roleFilter is empty string, then authentication with correct username and password fails. It is caused by internal NPE for searching roles.
> Expected behavior is that users should be authenticated but no roles should be assigned to them.
> Internal NPE:
> {code}
> java.lang.NullPointerException
> at javax.naming.directory.BasicAttributes.get(BasicAttributes.java:164)
> at org.jboss.security.negotiation.AdvancedLdapLoginModule.obtainRole(AdvancedLdapLoginModule.java:820)
> at org.jboss.security.negotiation.AdvancedLdapLoginModule.rolesSearch(AdvancedLdapLoginModule.java:762)
> at org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:412)
> at org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:981)
> at org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:331)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 8 months
[JBoss JIRA] (WFCORE-1724) Resource.NoSuchResourceException managementResourceNotFound for native-interface and native-remoting-interface
by Chao Wang (JIRA)
[ https://issues.jboss.org/browse/WFCORE-1724?page=com.atlassian.jira.plugi... ]
Chao Wang resolved WFCORE-1724.
-------------------------------
Resolution: Rejected
Yes, that explains it. The {{add}} operation works fine.
Sorry for disturbing. Close this one.
> Resource.NoSuchResourceException managementResourceNotFound for native-interface and native-remoting-interface
> --------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-1724
> URL: https://issues.jboss.org/browse/WFCORE-1724
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 3.0.0.Alpha5
> Reporter: Chao Wang
> Assignee: Brian Stansberry
>
> management-interface {{native-interface}} and {{native-remoting-interface}} are listed under address:
> /core-service=management/management-interface=
> http-interface native-interface native-remoting-interface
> But the read-resource operation causes Resource.NoSuchResourceException
> {noformat}
> [wangc@dhcp-128-40 DR]$ sh jboss-eap-7.1-DR3/bin/jboss-cli.sh
> You are disconnected at the moment. Type 'connect' to connect to the server or 'help' for the list of supported commands.
> [disconnected /] embed-server
> [standalone@embedded /] /core-service=management/management-interface=
> http-interface native-interface native-remoting-interface
> [standalone@embedded /] /core-service=management/management-interface=native-interface:read-resource
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0216: Management resource '[
> (\"core-service\" => \"management\"),
> (\"management-interface\" => \"native-interface\")
> ]' not found",
> "rolled-back" => true
> }
> [standalone@embedded /] /core-service=management/management-interface=native-remoting-interface:read-resource
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0216: Management resource '[
> (\"core-service\" => \"management\"),
> (\"management-interface\" => \"native-remoting-interface\")
> ]' not found",
> "rolled-back" => true
> }
> {noformat}
> It gives same error in standalone mode and ember-server mode since 7.1-DR2.
> 7.1-DR1 is fine when it's on Wildfly core 2.2.0.CR7
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 8 months
[JBoss JIRA] (WFLY-6349) JMSXGroupId has no effect on JMSProducer
by Miroslav Novak (JIRA)
[ https://issues.jboss.org/browse/WFLY-6349?page=com.atlassian.jira.plugin.... ]
Miroslav Novak commented on WFLY-6349:
--------------------------------------
I'll note that MDB should have one session to process messages serially. By default there are 16 MDB sessions processing messages in parallel (16 threads). It might happen that some MDB session finishes processing of newer message sooner than session with older message.
> JMSXGroupId has no effect on JMSProducer
> ----------------------------------------
>
> Key: WFLY-6349
> URL: https://issues.jboss.org/browse/WFLY-6349
> Project: WildFly
> Issue Type: Bug
> Components: JMS
> Affects Versions: 10.0.0.Final
> Reporter: Harald Wellmann
> Assignee: Jeff Mesnil
> Fix For: 10.2.0.Final
>
>
> h3. Scenario
> I'm setting the {{JMSXGroupID}} on a {{JMSProducer}} to achieve message delivery in the correct order. The consumer is a message-driven bean.
> {code}
> JMSProducer producer = context.createProducer();
> producer = producer.setProperty("JMSXGroupID", "sequential");
> producer = producer.setProperty("foo", "bar");
> for (int i = 0; i < 50; i++) {
> msgNumber++;
> String text = "This is message " + msgNumber;
> producer.send(queue, text);
> }
> {code}
> h3. Expected Behaviour
> The messages are received in the correct order, the properties {{JMSXGroupID}} and {{foo}} are set on the receiver side.
> h3. Actual Behaviour
> The messages are received in random order. Property {{foo}} is set, but property {{JMSXGroupID}} is null on the receiver side.
> h3. Workaround
> Create a {{TextMessage}} and set the properties on the message, not on the producer.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 8 months
[JBoss JIRA] (WFLY-6974) Add missing transformers following from Elytron
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/WFLY-6974?page=com.atlassian.jira.plugin.... ]
Radoslav Husar updated WFLY-6974:
---------------------------------
Description: After majority of Eltryon integration is done we need to write & test transformers for all subsystems that were affected by that. (was: After majority of Eltryon integration is done we need to write & test transformers for all subsystems that ware affected by that.)
> Add missing transformers following from Elytron
> -----------------------------------------------
>
> Key: WFLY-6974
> URL: https://issues.jboss.org/browse/WFLY-6974
> Project: WildFly
> Issue Type: Task
> Components: Security, Web (Undertow)
> Reporter: Tomaz Cerar
> Assignee: Tomaz Cerar
> Priority: Blocker
> Fix For: 11.0.0.CR1
>
>
> After majority of Eltryon integration is done we need to write & test transformers for all subsystems that were affected by that.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 8 months
[JBoss JIRA] (DROOLS-1252) java.lang.ClassCastException: event cannot be cast to org.drools.core.common.InternalFactHandle
by Michael Neifeld (JIRA)
[ https://issues.jboss.org/browse/DROOLS-1252?page=com.atlassian.jira.plugi... ]
Michael Neifeld commented on DROOLS-1252:
-----------------------------------------
I already saw the code that you are suggesting and I also believe that it can fix the problem that I had faced.
I have no idea how to try the suggested code without changing the drools version.
Unfortunately, I can't provide code to reproduce the case - the code already changed and the whole reproducer will require a lot of code.
> java.lang.ClassCastException: event cannot be cast to org.drools.core.common.InternalFactHandle
> -----------------------------------------------------------------------------------------------
>
> Key: DROOLS-1252
> URL: https://issues.jboss.org/browse/DROOLS-1252
> Project: Drools
> Issue Type: Bug
> Components: core engine
> Affects Versions: 6.4.0.Final
> Environment: Drools 6.4.Final
> Fusion (CEP)
> Reporter: Michael Neifeld
> Assignee: Mario Fusco
> Priority: Blocker
> Attachments: RULES_ERRORS.log, Rule_Emergency_Network_Start_No_Active_Call_Rule523993873.java
>
>
> It seems to be similar to another bug DROOLS-1185, but without any Modify.
> this is the rule:
> {code:java}
> declare EmergencyNetworkComplexEvent
> @role(event)
> @timestamp(timestamp)
> @expires(1h)
> end
> ...
> global Logger dlogger;
> .....
> rule "Emergency Network Start No Active Call Rule" //EMERGENCY
> salience 90
> // no-loop true
> when
> //conditions
> $event : EmergencyNetworkComplexEvent( transition == Transition.START)
> $predecessor : CallComplexEvent( radioID == $event.radioID )
> not ( EmergencyActiveCallComplexEvent( getTransition() == Transition.START, getCallID() == $event.callID )
> or EmergencyActiveCallComplexEvent( getTransition() == Transition.START, getRadioID() == $event.radioID ))
> then
> if (dlogger.isTraceEnabled()) dlogger.trace("Emergency Network Start No Active Call Rule: receiving {}, {}",$event, $predecessor);
> // action: create container, add the event to the container
> EmergencyActiveCallComplexEvent container = new EmergencyActiveCallComplexEvent($event);
> insert(container);
> delete($event); // ???
> if (dlogger.isTraceEnabled()) dlogger.trace("Emergency Network Start No Active Call Rule: after delete {}",$event);
> //actions: register new active call, new emergency call
> new ActiveCallSnapshot().addCall($event);
> final EmergencyEventSnapshot snapshot = new EmergencyEventSnapshot();
> snapshot.addEmergencyCall($event);
> //actions: get preceding event and add it to trail
> snapshot.add2Trail($predecessor);
> if (dlogger.isTraceEnabled()) dlogger.trace("Emergency Network Start No Active Call Rule: exiting {}",container);
> end
> {code}
> and this is the classdump of this rule:
> {code:java}
> package com.mot.ssol.cep;
> import com.mot.ssol.cep.model.ComplexEventImpl;import com.mot.nsa.monitor.client.NetworkEvent;import com.mot.ssol.cep.model.PseudoActiveCallComplexEvent;import java.util.Date;import com.mot.nsa.monitor.client.CallEvent.ChannelStatus;import com.mot.ssol.cep.model.ControlCallComplexEvent;import com.mot.nsa.monitor.client.GaugeValue;import org.apache.commons.lang3.StringUtils;import com.mot.ssol.cep.TDMAResolver;import com.mot.ssol.cep.model.CEPEvent;import com.mot.ssol.cep.*;import com.mot.ssol.cep.model.InactiveCallComplexEvent;import org.kie.api.runtime.rule.QueryResults;import com.mot.ssol.cep.EventBuilder;import com.mot.nsa.monitor.client.CallEvent;import com.mot.ssol.cep.model.EmergencyNetworkComplexEvent;import com.mot.nsa.monitor.analyzer.AnalyzedEvent;import com.mot.ssol.cep.TrapSnapshot;import com.mot.nsa.monitor.cepm.mapper.RadioAliasMapper;import com.mot.nsa.monitor.MutableTimestampAware;import com.mot.ssol.cep.model.NetworkComplexEvent;import com.mot.ssol.cep.model.CallComplexEvent;import com.mot.ssol.cep.model.ControlNetworkComplexEvent;import java.util.concurrent.BlockingQueue;import com.mot.nsa.monitor.cepm.model.CallCepmEvent;import java.util.concurrent.LinkedBlockingQueue;import com.mot.ssol.cep.model.GroupRegistrationComplexEvent;import com.mot.nsa.monitor.cepm.mapper.GroupAliasMapper;import com.mot.ssol.cep.model.BusyComplexEventDecorator;import java.util.List;import com.mot.ssol.cep.model.ComplexEvent.Type;import com.mot.ssol.cep.EmergencyEventSnapshot;import com.mot.nsa.monitor.cepm.mapper.ZoneMapper;import com.mot.ssol.cep.model.NetworkComplexEventImpl;import com.mot.ssol.cep.model.ChannelHandle;import com.mot.nsa.monitor.cepm.StatisticModule;import com.mot.nsa.monitor.client.ClientEvent;import com.mot.nsa.monitor.client.RadioEvent;import com.mot.ssol.cep.model.CallComplexEventImpl;import com.mot.ssol.cep.model.ChannelCallComplexEvent;import org.kie.api.runtime.rule.QueryResultsRow;import com.mot.nsa.monitor.MutableTransitionAware;import com.mot.ssol.cep.model.RadioHandle;import com.mot.ssol.cep.ActiveCallSnapshot;import com.mot.nsa.monitor.TransitionAware.Transition;import org.drools.core.spi.KnowledgeHelper;import com.mot.ssol.cep.model.PseudoRadioRegistrationComplexEvent;import com.mot.ssol.cep.model.EmergencyActiveCallComplexEvent;import com.mot.nsa.monitor.cepm.model.NonCallEvent;import org.slf4j.Logger;import com.mot.ssol.cep.model.EmergencyComplexEventDecorator;import org.apache.commons.lang3.time.DateUtils;import com.mot.nsa.monitor.client.NetworkEventImpl;import com.mot.ssol.cep.CallEventSnapshot;import com.mot.ssol.cep.model.PendingComplexEvent;import com.mot.ssol.cep.model.RadioRegistrationComplexEvent;import com.mot.ssol.cep.model.ComplexEvent;import com.mot.nsa.monitor.client.CallEventImpl;import com.mot.ssol.cep.model.ActiveCallComplexEvent;import com.mot.nsa.monitor.cepm.model.CallCepmEventImpl;import com.mot.ssol.cep.model.PseudoCallComplexEvent;import org.drools.core.spi.KnowledgeHelper;import static com.mot.ssol.cep.ClearAll.clearAll;import static com.mot.ssol.cep.EndZoneCall.endZoneCall;import static com.mot.ssol.cep.Busies2End.busies2End;import static com.mot.ssol.cep.EndCallEvents.endCallEvents;import static com.mot.ssol.cep.Events2busy.events2busy;import static com.mot.ssol.cep.EndCall.endCall;import static com.mot.ssol.cep.Emergency2end.emergency2end;
> public class Rule_Emergency_Network_Start_No_Active_Call_Rule523993873 {
> private static final long serialVersionUID = 510l;
> public static void defaultConsequence(KnowledgeHelper drools, com.mot.ssol.cep.model.EmergencyNetworkComplexEvent $event, org.kie.api.runtime.rule.FactHandle $event__Handle__ , com.mot.ssol.cep.model.CallComplexEvent $predecessor, org.kie.api.runtime.rule.FactHandle $predecessor__Handle__ , org.slf4j.Logger dlogger ) throws java.lang.Exception { org.kie.api.runtime.rule.RuleContext kcontext = drools;
> if (dlogger.isTraceEnabled()) dlogger.trace("Emergency Network Start No Active Call Rule: receiving {}, {}",$event, $predecessor);
> // action: create container, add the event to the container
> EmergencyActiveCallComplexEvent container = new EmergencyActiveCallComplexEvent($event);
> drools.insert(container);
> { drools.delete( $event__Handle__ ); }; // ???
> if (dlogger.isTraceEnabled()) dlogger.trace("Emergency Network Start No Active Call Rule: after delete {}",$event);
> //actions: register new active call, new emergency call
> new ActiveCallSnapshot().addCall($event);
> final EmergencyEventSnapshot snapshot = new EmergencyEventSnapshot();
> snapshot.addEmergencyCall($event);
> //actions: get preceding event and add it to trail
> snapshot.add2Trail($predecessor);
> if (dlogger.isTraceEnabled()) dlogger.trace("Emergency Network Start No Active Call Rule: exiting {}",container);
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 8 months