September 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-7105) Incorrect redirection after authentization when using elytron

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7105?page=com.atlassian.jira.plugin.... ] Darran Lofthouse commented on WFLY-7105: ---------------------------------------- This issue is being triggered by how Undertow is setting the requestPath within the HttpServerExchange. In my own testing my application is deployed at http://loclahost:8080/HelloWorld, from here I click on a link to /HelloWorld/secured-page as I have a welcome page so within ServletInitialHandler this block of code is executed: - {code:java} } else if (info.getType() == ServletPathMatch.Type.REWRITE) { //this can only happen if the path ends with a / //otherwise there would be a redirect instead exchange.setRelativePath(info.getRewriteLocation()); exchange.setRequestPath(exchange.getRequestPath() + info.getRewriteLocation()); } {code} The original request path was '/HelloWorld/secured-page/' so by concatenating it with the output from info.getRewriteLocation() we end up with '/HelloWorld/secured-page//secured-page/index.html' - maybe this should be using the resolved path instead of the request path? > Incorrect redirection after authentization when using elytron > ------------------------------------------------------------- > > Key: WFLY-7105 > URL: https://issues.jboss.org/browse/WFLY-7105 > Project: WildFly > Issue Type: Bug > Components: Security, Web (Undertow) > Reporter: Radim Hatlapatka > Assignee: Stuart Douglas > Priority: Critical > Attachments: defined-security-domain.war, roles.properties, standalone-elytron-web-tests.xml, users.properties > > > Having web application which uses defined security domain, which is set up using elytron results in incorrect redirection. It is redirecting after authentication done at {{http://localhost:8080/defined-security-domain/user/}} to {{http://localhost:8080/defined-security-domain/user//user/index.jsp}} instead of to {{http://localhost:8080/defined-security-domain/user/index.jsp}}. > Note, when using only old security domain setup without elytron, it works just fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7105) Incorrect redirection after authentization when using elytron

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7105?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-7105: -------------------------------------- Assignee: Stuart Douglas (was: Darran Lofthouse) > Incorrect redirection after authentization when using elytron > ------------------------------------------------------------- > > Key: WFLY-7105 > URL: https://issues.jboss.org/browse/WFLY-7105 > Project: WildFly > Issue Type: Bug > Components: Security, Web (Undertow) > Reporter: Radim Hatlapatka > Assignee: Stuart Douglas > Priority: Critical > Attachments: defined-security-domain.war, roles.properties, standalone-elytron-web-tests.xml, users.properties > > > Having web application which uses defined security domain, which is set up using elytron results in incorrect redirection. It is redirecting after authentication done at {{http://localhost:8080/defined-security-domain/user/}} to {{http://localhost:8080/defined-security-domain/user//user/index.jsp}} instead of to {{http://localhost:8080/defined-security-domain/user/index.jsp}}. > Note, when using only old security domain setup without elytron, it works just fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7105) Incorrect redirection after authentization when using elytron

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7105?page=com.atlassian.jira.plugin.... ] Darran Lofthouse commented on WFLY-7105: ---------------------------------------- A quick look at the test war suggests this bug is triggered as a welcome-page is used. > Incorrect redirection after authentization when using elytron > ------------------------------------------------------------- > > Key: WFLY-7105 > URL: https://issues.jboss.org/browse/WFLY-7105 > Project: WildFly > Issue Type: Bug > Components: Security, Web (Undertow) > Reporter: Radim Hatlapatka > Assignee: Darran Lofthouse > Priority: Critical > Attachments: defined-security-domain.war, roles.properties, standalone-elytron-web-tests.xml, users.properties > > > Having web application which uses defined security domain, which is set up using elytron results in incorrect redirection. It is redirecting after authentication done at {{http://localhost:8080/defined-security-domain/user/}} to {{http://localhost:8080/defined-security-domain/user//user/index.jsp}} instead of to {{http://localhost:8080/defined-security-domain/user/index.jsp}}. > Note, when using only old security domain setup without elytron, it works just fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7105) Incorrect redirection after authentization when using elytron

by Radim Hatlapatka (JIRA)

[ https://issues.jboss.org/browse/WFLY-7105?page=com.atlassian.jira.plugin.... ] Radim Hatlapatka updated WFLY-7105: ----------------------------------- Description: Having web application which uses defined security domain, which is set up using elytron results in incorrect redirection. It is redirecting after authentication done at {{http://localhost:8080/defined-security-domain/user/}} to {{http://localhost:8080/defined-security-domain/user//user/index.jsp}} instead of to {{http://localhost:8080/defined-security-domain/user/index.jsp}}. Note, when using only old security domain setup without elytron, it works just fine. was: Having web application which uses defined security domain, which is set up using elytron results in incorrect redirection. It is redirecting after authentization done at {{http://localhost:8080/defined-security-domain/user/}} to {{http://localhost:8080/defined-security-domain/user//user/index.jsp}} instead of to {{http://localhost:8080/defined-security-domain/user/index.jsp}}. Note, when using only old security domain setup without elytron, it works just fine. > Incorrect redirection after authentization when using elytron > ------------------------------------------------------------- > > Key: WFLY-7105 > URL: https://issues.jboss.org/browse/WFLY-7105 > Project: WildFly > Issue Type: Bug > Components: Security, Web (Undertow) > Reporter: Radim Hatlapatka > Assignee: Darran Lofthouse > Priority: Critical > Attachments: defined-security-domain.war, roles.properties, standalone-elytron-web-tests.xml, users.properties > > > Having web application which uses defined security domain, which is set up using elytron results in incorrect redirection. It is redirecting after authentication done at {{http://localhost:8080/defined-security-domain/user/}} to {{http://localhost:8080/defined-security-domain/user//user/index.jsp}} instead of to {{http://localhost:8080/defined-security-domain/user/index.jsp}}. > Note, when using only old security domain setup without elytron, it works just fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7105) Incorrect redirection after authentization when using elytron

by Radim Hatlapatka (JIRA)

[ https://issues.jboss.org/browse/WFLY-7105?page=com.atlassian.jira.plugin.... ] Radim Hatlapatka reassigned WFLY-7105: -------------------------------------- Assignee: Darran Lofthouse (was: Stuart Douglas) > Incorrect redirection after authentization when using elytron > ------------------------------------------------------------- > > Key: WFLY-7105 > URL: https://issues.jboss.org/browse/WFLY-7105 > Project: WildFly > Issue Type: Bug > Components: Security, Web (Undertow) > Reporter: Radim Hatlapatka > Assignee: Darran Lofthouse > Priority: Critical > Attachments: defined-security-domain.war, roles.properties, standalone-elytron-web-tests.xml, users.properties > > > Having web application which uses defined security domain, which is set up using elytron results in incorrect redirection. It is redirecting after authentization done at {{http://localhost:8080/defined-security-domain/user/}} to {{http://localhost:8080/defined-security-domain/user//user/index.jsp}} instead of to {{http://localhost:8080/defined-security-domain/user/index.jsp}}. > Note, when using only old security domain setup without elytron, it works just fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7105) Incorrect redirection after authentization when using elytron

by Radim Hatlapatka (JIRA)

[ https://issues.jboss.org/browse/WFLY-7105?page=com.atlassian.jira.plugin.... ] Radim Hatlapatka updated WFLY-7105: ----------------------------------- Attachment: defined-security-domain.war users.properties standalone-elytron-web-tests.xml roles.properties > Incorrect redirection after authentization when using elytron > ------------------------------------------------------------- > > Key: WFLY-7105 > URL: https://issues.jboss.org/browse/WFLY-7105 > Project: WildFly > Issue Type: Bug > Components: Security, Web (Undertow) > Reporter: Radim Hatlapatka > Assignee: Stuart Douglas > Priority: Critical > Attachments: defined-security-domain.war, roles.properties, standalone-elytron-web-tests.xml, users.properties > > > Having web application which uses defined security domain, which is set up using elytron results in incorrect redirection. It is redirecting after authentization done at {{http://localhost:8080/defined-security-domain/user/}} to {{http://localhost:8080/defined-security-domain/user//user/index.jsp}} instead of to {{http://localhost:8080/defined-security-domain/user/index.jsp}}. > Note, when using only old security domain setup without elytron, it works just fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7105) Incorrect redirection after authentization when using elytron

by Radim Hatlapatka (JIRA)

Radim Hatlapatka created WFLY-7105: -------------------------------------- Summary: Incorrect redirection after authentization when using elytron Key: WFLY-7105 URL: https://issues.jboss.org/browse/WFLY-7105 Project: WildFly Issue Type: Bug Components: Web (Undertow), Security Reporter: Radim Hatlapatka Assignee: Stuart Douglas Priority: Critical Having web application which uses defined security domain, which is set up using elytron results in incorrect redirection. It is redirecting after authentization done at {{http://localhost:8080/defined-security-domain/user/}} to {{http://localhost:8080/defined-security-domain/user//user/index.jsp}} instead of to {{http://localhost:8080/defined-security-domain/user/index.jsp}}. Note, when using only old security domain setup without elytron, it works just fine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1794) AttachmentHandler, handle invalid options and batch steps handling.

by Jean-Francois Denise (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1794?page=com.atlassian.jira.plugi... ] Jean-Francois Denise updated WFCORE-1794: ----------------------------------------- Git Pull Request: https://github.com/wildfly/wildfly-core/pull/1798 > AttachmentHandler, handle invalid options and batch steps handling. > ------------------------------------------------------------------- > > Key: WFCORE-1794 > URL: https://issues.jboss.org/browse/WFCORE-1794 > Project: WildFly Core > Issue Type: Bug > Components: CLI > Reporter: Jean-Francois Denise > Assignee: Jean-Francois Denise > > The step number is not incremented. This makes the attachment command to behave strangely. As described in EAP7-602. > The file and overwrite options should be rejected for display. As described in EAP7-602 too. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7103) In elytron security domain add operation the realms attribute is not marked as required even though it is not nillable and has no default value with no default value

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFLY-7103?page=com.atlassian.jira.plugin.... ] Jan Kalina commented on WFLY-7103: ---------------------------------- As we already require filled default-realm, which must be one of realms, realms should be required too. > In elytron security domain add operation the realms attribute is not marked as required even though it is not nillable and has no default value with no default value > --------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-7103 > URL: https://issues.jboss.org/browse/WFLY-7103 > Project: WildFly > Issue Type: Bug > Components: Domain Management, Security > Reporter: Radim Hatlapatka > Assignee: Jan Kalina > > When reading description of the {{add}} operation for elytron security domain => {{/subsystem=elytron/security-domain=test-domain:read-operation-description(name=add)}}, the realms attribute has set required to false. Still it needs to be defined as part of {{add}} operation as it is not nillable. > If it is really mandatory, it should be marked as required. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2092) MERGE3: merge never happens

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-2092?page=com.atlassian.jira.plugin.... ] Bela Ban commented on JGRP-2092: -------------------------------- OK, after thinking long about this, below are the steps that can lead to a situation where there is no coordinator. The only case I found is caused by merging itself; regular leaves, joins or crashes cannot lead to such a scenario. The cluster nodes are \{A,B,C,D\}. Now there's a split between \{A\} and \{B,C,D\}. The views are now: {noformat} A: A B: BCD C: BCD D: BCD {noformat} The partition heals and a merge starts with merge participants A and B and merge leader B. A and B agree on the new MergeView \{D,C,B,A\} (this is possibly as lexical UUID sorting is used by default) and A and B multicast that view in both of their respective partitions. Let's say that D dropped the new view because its thread pool was full. Before B can retransmit the view, B crashes as well. The views are now: {noformat} A: DCBA B: - // crashed C: DCBA D: BCD // old view {noformat} Now B is suspected and removed from all views: {noformat} A: DCA C: DCA D: CD // old view {noformat} Because B crashed, D will never get the correct view \{D,C,A\} in which it would be a coordinator and thus start a successful merge. Therefore these steps lead to a scenario where a merge will never happen! Note that if a new member (e.g. E) joined as _singleton_ (view: \{E\}), then a successful merge would ensue as E would be the merge leader. Although the above steps are an edge case the probability of which happening is very small, it this does happen, there's no way MERGE3 and GMS it their current state can resolve this, as a merge will never even start. > MERGE3: merge never happens > --------------------------- > > Key: JGRP-2092 > URL: https://issues.jboss.org/browse/JGRP-2092 > Project: JGroups > Issue Type: Bug > Reporter: Bela Ban > Assignee: Bela Ban > Fix For: 3.6.11, 4.0 > > Attachments: jgroups.txt > > > (Reported by Neal Dillman) > In the case below, a merge doesn't seem to happen. Write a unit test to reprodue this. > {noformat} > Host A view: B, X, Y, Z, A (where B should be coordinator) > Host B view: C, Q, R, S, B (where C should be coordinator) > Host C view: A, M, N, O, C (where A should be coordinator) > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 8 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira September 2016