September 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-627) Elytron introduces SSL/TLS protocol constraints

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-627?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse moved WFLY-7076 to ELY-627: -------------------------------------------- Project: WildFly Elytron (was: WildFly) Key: ELY-627 (was: WFLY-7076) Component/s: SSL (was: Security) Affects Version/s: 1.1.0.Beta8 (was: 11.0.0.Alpha1) > Elytron introduces SSL/TLS protocol constraints > ----------------------------------------------- > > Key: ELY-627 > URL: https://issues.jboss.org/browse/ELY-627 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.1.0.Beta8 > Reporter: Martin Choma > Assignee: Jan Kalina > > {noformat} > "protocols" => { > "type" => LIST, > "description" => "The enabled protocols.", > "expressions-allowed" => true, > "nillable" => false, > "allowed" => [ > "SSLv2", > "SSLv3", > "TLSv1", > "TLSv1_1", > "TLSv1_2", > "TLSv1_3" > ], > "value-type" => STRING, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "resource-services" > }, > {noformat} > Why elytron on this place is going to validate user input and map standard java values [1] into proprietary values? > Whereas on other similar places (KeyManager algorithm, TrustManager algorithm, Keystore types) it leaves up to user to set proper value. > IMO, with such mapping another place, where bugs can raise was introduced. EAP will be here always one step back compared to java. > Note, IBM java already today defines little bit different protocols set [2] > I wonder, where is that mapping "TLSv1_2 -> TLSv1.2" acually performed? I couldn't find that place. > [1] https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardN... > [2] http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.secu... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-627) Elytron introduces SSL/TLS protocol constraints

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-627?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-627: --------------------------------- Priority: Critical (was: Major) > Elytron introduces SSL/TLS protocol constraints > ----------------------------------------------- > > Key: ELY-627 > URL: https://issues.jboss.org/browse/ELY-627 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.1.0.Beta8 > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Critical > > {noformat} > "protocols" => { > "type" => LIST, > "description" => "The enabled protocols.", > "expressions-allowed" => true, > "nillable" => false, > "allowed" => [ > "SSLv2", > "SSLv3", > "TLSv1", > "TLSv1_1", > "TLSv1_2", > "TLSv1_3" > ], > "value-type" => STRING, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "resource-services" > }, > {noformat} > Why elytron on this place is going to validate user input and map standard java values [1] into proprietary values? > Whereas on other similar places (KeyManager algorithm, TrustManager algorithm, Keystore types) it leaves up to user to set proper value. > IMO, with such mapping another place, where bugs can raise was introduced. EAP will be here always one step back compared to java. > Note, IBM java already today defines little bit different protocols set [2] > I wonder, where is that mapping "TLSv1_2 -> TLSv1.2" acually performed? I couldn't find that place. > [1] https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardN... > [2] http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.secu... -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1787) Try to add resource with OBJECT type attribute cause IllegalArgumentException

by Alexey Loubyansky (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1787?page=com.atlassian.jira.plugi... ] Alexey Loubyansky reassigned WFCORE-1787: ----------------------------------------- Assignee: Jean-Francois Denise (was: Alexey Loubyansky) Jeff, could you please have a look? Thanks. > Try to add resource with OBJECT type attribute cause IllegalArgumentException > ----------------------------------------------------------------------------- > > Key: WFCORE-1787 > URL: https://issues.jboss.org/browse/WFCORE-1787 > Project: WildFly Core > Issue Type: Bug > Components: CLI > Reporter: Hynek Švábek > Assignee: Jean-Francois Denise > Priority: Blocker > > Try to add resource with OBJECT type attribute cause IllegalArgumentException. > *Actual result:* > CLI operation failed with IllegalArgumentException > *Expected results:* > Success CLI operation > *My investigation:* > In my opinion is problem caused by this PR to wildfly-core > https://github.com/wildfly/wildfly-core/pull/1698/files#diff-835f377f8fa5... > Look at lines 1333-1350 Util.java -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1788) Allow tests to retrieve IP address of node1

by Jan Martiska (JIRA)

Jan Martiska created WFCORE-1788: ------------------------------------ Summary: Allow tests to retrieve IP address of node1 Key: WFCORE-1788 URL: https://issues.jboss.org/browse/WFCORE-1788 Project: WildFly Core Issue Type: Enhancement Components: Test Suite Affects Versions: 3.0.0.Alpha7 Reporter: Jan Martiska Assignee: Jan Martiska Currently, the {{TestSuiteEnvironment}} only allows to obtain the address of node0. Multinode tests in the wildfly full repository which need to obtain the address of node1, do it in various non-standardized ways, it would be nice to standardize that by adding a method to obtain node1's address and refactoring the tests to use it. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-626) Adding simple-permission-mapper with some permission throws NPE

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-626?page=com.atlassian.jira.plugin.sy... ] Jan Kalina moved WFLY-7082 to ELY-626: -------------------------------------- Project: WildFly Elytron (was: WildFly) Key: ELY-626 (was: WFLY-7082) Component/s: Permissions (was: Security) Affects Version/s: (was: 11.0.0.Alpha1) > Adding simple-permission-mapper with some permission throws NPE > --------------------------------------------------------------- > > Key: ELY-626 > URL: https://issues.jboss.org/browse/ELY-626 > Project: WildFly Elytron > Issue Type: Bug > Components: Permissions > Reporter: Ondrej Lukas > Assignee: Jan Kalina > > Adding simple-permission-mapper with ChangeRoleMapperPermission or RunAsPrincipalPermission throws NPE. In case when LoginPermission is used then it works correctly. > {code} > /subsystem=elytron/simple-permission-mapper=SomeMapper:add(permission-mappings=[{roles=[All],permissions=[{class-name="org.wildfly.security.auth.permission.ChangeRoleMapperPermission"}]}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.SomeMapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.SomeMapper: Failed to start service > Caused by: java.lang.NullPointerException"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.SomeMapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > NPE occurs in server log: > {code} > ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.permission-mapper.SomeMapper: org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.SomeMapper: Failed to start service > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.NullPointerException > at org.wildfly.security.permission.ByNamePermissionCollection.doAdd(ByNamePermissionCollection.java:59) > at org.wildfly.security.permission.AbstractPermissionCollection.add(AbstractPermissionCollection.java:83) > at java.security.Permissions.add(Permissions.java:133) > at org.wildfly.extension.elytron.PermissionMapperDefinitions.createSimplePermissionMapper(PermissionMapperDefinitions.java:214) > at org.wildfly.extension.elytron.PermissionMapperDefinitions.access$000(PermissionMapperDefinitions.java:67) > at org.wildfly.extension.elytron.PermissionMapperDefinitions$2.lambda$getValueSupplier$0(PermissionMapperDefinitions.java:188) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) > ... 3 more > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7082) Adding simple-permission-mapper with some permission throws NPE

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFLY-7082?page=com.atlassian.jira.plugin.... ] Jan Kalina commented on WFLY-7082: ---------------------------------- Problem is missing null name check in permission - will be fixed in Elytron. > Adding simple-permission-mapper with some permission throws NPE > --------------------------------------------------------------- > > Key: WFLY-7082 > URL: https://issues.jboss.org/browse/WFLY-7082 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Jan Kalina > > Adding simple-permission-mapper with ChangeRoleMapperPermission or RunAsPrincipalPermission throws NPE. In case when LoginPermission is used then it works correctly. > {code} > /subsystem=elytron/simple-permission-mapper=SomeMapper:add(permission-mappings=[{roles=[All],permissions=[{class-name="org.wildfly.security.auth.permission.ChangeRoleMapperPermission"}]}]) > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.permission-mapper.SomeMapper" => "org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.SomeMapper: Failed to start service > Caused by: java.lang.NullPointerException"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.permission-mapper.SomeMapper"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > NPE occurs in server log: > {code} > ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.permission-mapper.SomeMapper: org.jboss.msc.service.StartException in service org.wildfly.security.permission-mapper.SomeMapper: Failed to start service > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.NullPointerException > at org.wildfly.security.permission.ByNamePermissionCollection.doAdd(ByNamePermissionCollection.java:59) > at org.wildfly.security.permission.AbstractPermissionCollection.add(AbstractPermissionCollection.java:83) > at java.security.Permissions.add(Permissions.java:133) > at org.wildfly.extension.elytron.PermissionMapperDefinitions.createSimplePermissionMapper(PermissionMapperDefinitions.java:214) > at org.wildfly.extension.elytron.PermissionMapperDefinitions.access$000(PermissionMapperDefinitions.java:67) > at org.wildfly.extension.elytron.PermissionMapperDefinitions$2.lambda$getValueSupplier$0(PermissionMapperDefinitions.java:188) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) > ... 3 more > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7098) Double check parallel boot and ApplicationSecurityDomain definitions are compatible

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFLY-7098?page=com.atlassian.jira.plugin.... ] Brian Stansberry commented on WFLY-7098: ---------------------------------------- Parallel boot is implemented as 2 steps in the overall set of boot operation steps, with one for Stage.MODEL and one for Stage.RUNTIME. Each step submits tasks that concurrently process ops for their stage. Each task process ops for a single subsystem. The step that submits those tasks blocks and does not complete until all the tasks it has submitted complete. So, the next step in the overall set of boot operation steps does not begin executing until the parallel tasks complete. Deployment ops execute after subsystem steps because until the subsystems have run the DUP chain is not known. > Double check parallel boot and ApplicationSecurityDomain definitions are compatible > ----------------------------------------------------------------------------------- > > Key: WFLY-7098 > URL: https://issues.jboss.org/browse/WFLY-7098 > Project: WildFly > Issue Type: Task > Components: EJB, Web (Undertow) > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 11.0.0.Alpha1 > > > Need to check there is no option for parallel boot to start deploying deployment before the full management model has been processed to the point all known ApplicationSecurityDomain definitions are known for both EJB and Undertow. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1284) KieModuleModel property configurations are not preserved during incremental compilation

by Anton Giertli (JIRA)

Anton Giertli created DROOLS-1284: ------------------------------------- Summary: KieModuleModel property configurations are not preserved during incremental compilation Key: DROOLS-1284 URL: https://issues.jboss.org/browse/DROOLS-1284 Project: Drools Issue Type: Bug Components: core engine Reporter: Anton Giertli Assignee: Mario Fusco Fix For: 6.5.0.Final, 7.0.0.Beta2 When a KieBuilder configuration is set into the kmodule.xml as in the following example, this configuration is not preserved during incremental compilation. {code} <?xml version=\"1.0\" encoding=\"UTF-8\"?> <kmodule xmlns=\"http://jboss.org/kie/6.0.0/kmodule\"> <configuration> <property key=\"drools.propertySpecific\" value=\"ALWAYS\" /> </configuration> </kmodule> {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1787) Try to add resource with OBJECT type attribute cause IllegalArgumentException

by Hynek Švábek (JIRA)

Hynek Švábek created WFCORE-1787: ------------------------------------ Summary: Try to add resource with OBJECT type attribute cause IllegalArgumentException Key: WFCORE-1787 URL: https://issues.jboss.org/browse/WFCORE-1787 Project: WildFly Core Issue Type: Bug Components: CLI Reporter: Hynek Švábek Assignee: Alexey Loubyansky Priority: Blocker Try to add resource with OBJECT type attribute cause IllegalArgumentException. *Actual result:* CLI operation failed with IllegalArgumentException *Expected results:* Success CLI operation *My investigation:* In my opinion is problem caused by this PR to wildfly-core https://github.com/wildfly/wildfly-core/pull/1698/files#diff-835f377f8fa5... Look at lines 1333-1350 Util.java -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1786) SelfContainedContainer: Allow the ConfigurationPersisterFactory to be customised

by Heiko Braun (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1786?page=com.atlassian.jira.plugi... ] Heiko Braun updated WFCORE-1786: -------------------------------- Comment: was deleted (was: It's probably best to expose the Configuration right away) > SelfContainedContainer: Allow the ConfigurationPersisterFactory to be customised > -------------------------------------------------------------------------------- > > Key: WFCORE-1786 > URL: https://issues.jboss.org/browse/WFCORE-1786 > Project: WildFly Core > Issue Type: Feature Request > Components: Server > Reporter: Heiko Braun > Assignee: Heiko Braun > Fix For: 3.0.0.Beta1 > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 9 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira September 2016