[JBoss JIRA] (WFCORE-1785) Extension remove is not cleaning out provided capabilities
by Michal Petrov (JIRA)
[ https://issues.jboss.org/browse/WFCORE-1785?page=com.atlassian.jira.plugi... ]
Michal Petrov commented on WFCORE-1785:
---------------------------------------
[~brian.stansberry], for what it's worth similar error is thrown when you try to remove and add back EJB3 extension. As far as I can tell the problem is that the capabilities are registered for the extension's children (in this case [ProviderLoaderDefinition|https://github.com/wildfly-security/elytron-subs...]) which don't seem to be processed when the extension is removed.
> Extension remove is not cleaning out provided capabilities
> ----------------------------------------------------------
>
> Key: WFCORE-1785
> URL: https://issues.jboss.org/browse/WFCORE-1785
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 3.0.0.Alpha7
> Reporter: Jan Tymel
> Assignee: Tomaz Cerar
> Labels: affects_elytron
> Fix For: 3.0.0.Alpha8
>
>
> It is not possible to add Elytron extension that was previously removed. Everything works fine if the server is reloaded between steps 5 and 6, hence I assume that there is either 'reload required' state missing or Elytron extension is not removed properly.
> Actual result:
> {code}
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalStateException: WFLYCTL0363: Capability 'org.wildfly.security.providers' is already registered in context 'global'.",
> "rolled-back" => true
> }
> {code}
> {code}
> ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("add") failed - address: ([("extension" => "org.wildfly.extension.elytron")]): java.lang.IllegalStateException: WFLYCTL0363: Capability 'org.wildfly.security.providers' is already registered in context 'global'.
> at org.jboss.as.controller.CapabilityRegistry.lambda$registerPossibleCapability$0(CapabilityRegistry.java:518)
> at java.util.concurrent.ConcurrentHashMap.computeIfPresent(ConcurrentHashMap.java:1769)
> at org.jboss.as.controller.CapabilityRegistry.registerPossibleCapability(CapabilityRegistry.java:512)
> at org.jboss.as.controller.registry.ConcreteResourceRegistration.registerCapability(ConcreteResourceRegistration.java:669)
> at org.jboss.as.controller.SimpleResourceDefinition.registerCapabilities(SimpleResourceDefinition.java:368)
> at org.jboss.as.controller.registry.NodeSubregistry.registerChild(NodeSubregistry.java:108)
> at org.jboss.as.controller.registry.ConcreteResourceRegistration.registerSubModel(ConcreteResourceRegistration.java:226)
> at org.wildfly.extension.elytron.ElytronDefinition.registerChildren(ElytronDefinition.java:83)
> at org.jboss.as.controller.registry.NodeSubregistry.registerChild(NodeSubregistry.java:107)
> at org.jboss.as.controller.registry.ConcreteResourceRegistration.registerSubModel(ConcreteResourceRegistration.java:226)
> at org.jboss.as.controller.extension.ExtensionRegistry$SubsystemRegistrationImpl.registerSubsystemModel(ExtensionRegistry.java:694)
> at org.wildfly.extension.elytron.ElytronExtension.initialize(ElytronExtension.java:99)
> at org.jboss.as.controller.extension.ExtensionAddHandler.initializeExtension(ExtensionAddHandler.java:131)
> at org.jboss.as.controller.extension.ExtensionAddHandler.execute(ExtensionAddHandler.java:83)
> at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:951)
> at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:694)
> at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:389)
> at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363)
> at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410)
> at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149)
> at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153)
> at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70)
> at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> at org.jboss.threads.JBossThread.run(JBossThread.java:320)
> {code}
> Expected result:
> It is possible to add Elytron subsystem after its removal.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 9 months
[JBoss JIRA] (WFLY-7097) The constant-role-mapper is not able to handle role name with space in it
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-7097?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse reassigned WFLY-7097:
--------------------------------------
Assignee: Darran Lofthouse (was: Ilia Vassilev)
> The constant-role-mapper is not able to handle role name with space in it
> -------------------------------------------------------------------------
>
> Key: WFLY-7097
> URL: https://issues.jboss.org/browse/WFLY-7097
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Josef Cacek
> Assignee: Darran Lofthouse
> Priority: Critical
>
> Adding a role with a space in the name results in 2 roles (for parts of the name) added. The problem is visible after server reload. E.g. adding role "JBoss Admin" results in 2 roles assigned "JBoss" and "Admin"
> *Expected behavior*
> Spaces in role name must be supported and correctly handled. E.g. After adding "JBoss Admin" and server reload "JBoss Admin" is assigned.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 9 months
[JBoss JIRA] (WFLY-7097) The constant-role-mapper is not able to handle role name with space in it
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-7097?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse reassigned WFLY-7097:
--------------------------------------
Assignee: Jan Kalina (was: Darran Lofthouse)
> The constant-role-mapper is not able to handle role name with space in it
> -------------------------------------------------------------------------
>
> Key: WFLY-7097
> URL: https://issues.jboss.org/browse/WFLY-7097
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Josef Cacek
> Assignee: Jan Kalina
> Priority: Critical
>
> Adding a role with a space in the name results in 2 roles (for parts of the name) added. The problem is visible after server reload. E.g. adding role "JBoss Admin" results in 2 roles assigned "JBoss" and "Admin"
> *Expected behavior*
> Spaces in role name must be supported and correctly handled. E.g. After adding "JBoss Admin" and server reload "JBoss Admin" is assigned.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 9 months
[JBoss JIRA] (WFLY-7097) The constant-role-mapper is not able to handle role name with space in it
by Ilia Vassilev (JIRA)
[ https://issues.jboss.org/browse/WFLY-7097?page=com.atlassian.jira.plugin.... ]
Ilia Vassilev reassigned WFLY-7097:
-----------------------------------
Assignee: Ilia Vassilev (was: Darran Lofthouse)
> The constant-role-mapper is not able to handle role name with space in it
> -------------------------------------------------------------------------
>
> Key: WFLY-7097
> URL: https://issues.jboss.org/browse/WFLY-7097
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Josef Cacek
> Assignee: Ilia Vassilev
> Priority: Critical
>
> Adding a role with a space in the name results in 2 roles (for parts of the name) added. The problem is visible after server reload. E.g. adding role "JBoss Admin" results in 2 roles assigned "JBoss" and "Admin"
> *Expected behavior*
> Spaces in role name must be supported and correctly handled. E.g. After adding "JBoss Admin" and server reload "JBoss Admin" is assigned.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 9 months
[JBoss JIRA] (WFCORE-1790) Invalid value-type for some operation arguments
by Jean-Francois Denise (JIRA)
Jean-Francois Denise created WFCORE-1790:
--------------------------------------------
Summary: Invalid value-type for some operation arguments
Key: WFCORE-1790
URL: https://issues.jboss.org/browse/WFCORE-1790
Project: WildFly Core
Issue Type: Bug
Components: Security, Server
Reporter: Jean-Francois Denise
Assignee: Darran Lofthouse
vault:add and authentication=<x>:add have arguments of type OBJECT with a value-type of STRING. The arguments passed to the operations are complex-type, so the value-type should be containing the complex type description.
Examples:
/core-service=vault:add(vault-options={KEYSTORE_PASSWORD=>MASK-20OB41ZkH8YzlPTICpKg5.,KEYSTORE_ALIAS=>jboss,SALT=>12345678,ITERATION_COUNT=>50,ENC_FILE_DIR=>/path/to/enc/file})
/subsystem=security/security-domain=test/authentication=classic:add(login-modules=[{code=UsersRoles,flag=required,module-options={usersProperties=$\{jboss.server.config.dir\}/users.properties,rolesProperties=$\{jboss.server.config.dir\}/roles.properties}}]
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 9 months
[JBoss JIRA] (WFCORE-1789) PreparedResponseTestCase from wf-core-eap fails intermittently
by ehsavoie Hugonnet (JIRA)
[ https://issues.jboss.org/browse/WFCORE-1789?page=com.atlassian.jira.plugi... ]
ehsavoie Hugonnet moved JBEAP-5996 to WFCORE-1789:
--------------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-1789 (was: JBEAP-5996)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Test Suite
(was: Test Suite)
Affects Version/s: 3.0.0.Alpha7
(was: 7.1.0.DR2)
> PreparedResponseTestCase from wf-core-eap fails intermittently
> --------------------------------------------------------------
>
> Key: WFCORE-1789
> URL: https://issues.jboss.org/browse/WFCORE-1789
> Project: WildFly Core
> Issue Type: Bug
> Components: Test Suite
> Affects Versions: 3.0.0.Alpha7
> Reporter: ehsavoie Hugonnet
> Assignee: ehsavoie Hugonnet
>
> *Description of problem:*
> PreparedResponseTestCase from wf-core-eap fails intermittently with two different stack-trace
> *How reproducible:*
> 2%
> *Actual results: (1. issue)*
> Stack Trace:
> {noformat}
> java.lang.AssertionError: null
> at org.junit.Assert.fail(Assert.java:86)
> at org.junit.Assert.assertTrue(Assert.java:41)
> at org.junit.Assert.assertTrue(Assert.java:52)
> at org.wildfly.core.test.standalone.mgmt.PreparedResponseTestCase.reloadServer(PreparedResponseTestCase.java:113)
> {noformat}
> Standard Output:
> {noformat}
> &#27;[0m01:34:22,658 INFO [org.jboss.as.server.deployment] (MSC service thread 1-4) WFLYSRV0028: Stopped deployment slow-stop.jar (runtime-name: slow-stop.jar) in 3025ms
> &#27;[0m&#27;[0m01:34:22,701 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0050: WildFly Core 3.0.0.Alpha4-redhat-1 "Kenny" stopped in 3071ms
> &#27;[0m&#27;[0m01:34:22,710 INFO [org.jboss.as] (MSC service thread 1-5) WFLYSRV0049: WildFly Core 3.0.0.Alpha4-redhat-1 "Kenny" starting
> &#27;[0m&#27;[0m01:34:23,243 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)
> &#27;[0m&#27;[0m01:34:23,331 INFO [org.jboss.as.patching] (MSC service thread 1-4) WFLYPAT0050: WildFly cumulative patch ID is: base, one-off patches include: none
> &#27;[0m&#27;[33m01:34:23,361 WARN [org.jboss.as.domain.management.security] (MSC service thread 1-3) WFLYDM0111: Keystore /mnt/hudson_workspace/workspace/eap-7x-as-testsuite-test-core-rhel/19de6045/testsuite/manualmode/target/wildfly-core/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
> &#27;[0m&#27;[33m01:34:23,355 WARN [org.jboss.as.domain.http.api.undertow] (MSC service thread 1-1) WFLYDMHTTP0003: Unable to load console module for slot main, disabling console
> &#27;[0m&#27;[0m01:34:23,367 INFO [org.jboss.as.server.deployment] (MSC service thread 1-7) WFLYSRV0027: Starting deployment of "slow-stop.jar" (runtime-name: "slow-stop.jar")
> &#27;[0m&#27;[33m01:34:23,449 WARN [org.jboss.as.dependency.private] (MSC service thread 1-1) WFLYSRV0018: Deployment "deployment.slow-stop.jar" is using a private module ("org.jboss.as.controller:main") which may be changed or removed in future versions without notice.
> &#27;[0m&#27;[33m01:34:23,450 WARN [org.jboss.as.dependency.private] (MSC service thread 1-1) WFLYSRV0018: Deployment "deployment.slow-stop.jar" is using a private module ("org.jboss.as.server:main") which may be changed or removed in future versions without notice.
> &#27;[0m&#27;[33m01:34:23,452 WARN [org.jboss.as.dependency.private] (MSC service thread 1-1) WFLYSRV0018: Deployment "deployment.slow-stop.jar" is using a private module ("org.wildfly.extension.request-controller:main") which may be changed or removed in future versions without notice.
> &#27;[0m&#27;[33m01:34:23,453 WARN [org.jboss.as.dependency.private] (MSC service thread 1-1) WFLYSRV0018: Deployment "deployment.slow-stop.jar" is using a private module ("org.jboss.as.network:main") which may be changed or removed in future versions without notice.
> &#27;[0m&#27;[0m01:34:23,479 INFO [org.wildfly.test.shutdown.SlowStopService] (MSC service thread 1-7) Started with a stop duration of 3000 ms
> &#27;[0m&#27;[0m01:34:23,528 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0010: Deployed "slow-stop.jar" (runtime-name : "slow-stop.jar")
> &#27;[0m
> {noformat}
> *Actual results: (2. issue)*
> Stack Trace:
> {noformat}
> java.lang.RuntimeException: java.io.IOException: java.util.concurrent.CancellationException: Operation was cancelled
> at org.jboss.threads.AsyncFutureTask.operationCancelled(AsyncFutureTask.java:70)
> at org.jboss.threads.AsyncFutureTask.get(AsyncFutureTask.java:267)
> at org.jboss.as.controller.client.impl.AbstractDelegatingAsyncFuture.get(AbstractDelegatingAsyncFuture.java:57)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
> at org.wildfly.core.testrunner.ManagementClient.executeForResult(ManagementClient.java:234)
> at org.wildfly.core.test.standalone.mgmt.PreparedResponseTestCase.reloadServer(PreparedResponseTestCase.java:102)
> {noformat}
> Standard Output:
> {noformat}
> 11:03:28,015 WARN [org.jboss.as.protocol.connection] (Remoting "management-client" task-5) WFLYPRT0018: No such request (1) associated with channel Channel ID a37ddd63 (outbound) of Remoting connection 68823cff to /10.16.180.146:9990 of endpoint "management-client" <6645cf9f>
> {noformat}
> *Expected results:*
> No errors
> *Additional info:*
> Links to jenkins results:
> * https://jenkins.mw.lab.eng.bos.redhat.com/hudson/view/EAP7/view/EAP7-AS-T...
> * https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/eap-7x-as-testsuite-...
> * https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/eap-7x-as-testsuite-...
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 9 months
[JBoss JIRA] (ELY-627) Elytron introduces SSL/TLS protocol constraints
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-627?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse commented on ELY-627:
--------------------------------------
Needs to be discussed but first of all need to consider if following a similar pattern to CipherSuiteSelector is the way to go.
> Elytron introduces SSL/TLS protocol constraints
> -----------------------------------------------
>
> Key: ELY-627
> URL: https://issues.jboss.org/browse/ELY-627
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SSL
> Affects Versions: 1.1.0.Beta8
> Reporter: Martin Choma
> Assignee: Jan Kalina
> Priority: Critical
>
> {noformat}
> "protocols" => {
> "type" => LIST,
> "description" => "The enabled protocols.",
> "expressions-allowed" => true,
> "nillable" => false,
> "allowed" => [
> "SSLv2",
> "SSLv3",
> "TLSv1",
> "TLSv1_1",
> "TLSv1_2",
> "TLSv1_3"
> ],
> "value-type" => STRING,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "resource-services"
> },
> {noformat}
> Why elytron on this place is going to validate user input and map standard java values [1] into proprietary values?
> Whereas on other similar places (KeyManager algorithm, TrustManager algorithm, Keystore types) it leaves up to user to set proper value.
> IMO, with such mapping another place, where bugs can raise was introduced. EAP will be here always one step back compared to java.
> Note, IBM java already today defines little bit different protocols set [2]
> I wonder, where is that mapping "TLSv1_2 -> TLSv1.2" acually performed? I couldn't find that place.
> [1] https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardN...
> [2] http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.secu...
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 9 months