September 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-7229) WFLYCLWEBUT0001 for server-side invalidated sessions

by Stuart Douglas (JIRA)

[ https://issues.jboss.org/browse/WFLY-7229?page=com.atlassian.jira.plugin.... ] Stuart Douglas reassigned WFLY-7229: ------------------------------------ Assignee: Paul Ferraro (was: Stuart Douglas) > WFLYCLWEBUT0001 for server-side invalidated sessions > ---------------------------------------------------- > > Key: WFLY-7229 > URL: https://issues.jboss.org/browse/WFLY-7229 > Project: WildFly > Issue Type: Bug > Components: Clustering, Web (Undertow) > Affects Versions: 10.1.0.Final > Environment: Happens whenever <distributable/> is used in web.xml, both in standalone and domain modes. > Reporter: Michał Nowakowski > Assignee: Paul Ferraro > Attachments: stacktrace_01.txt, stacktrace_02.txt, stacktrace_03.txt, testPortlet.tar.gz > > > Attached is a simple webapp (pardon the name) with a single servlet "/main", that does the following: > - a session is assigned (or created, if none existed before) > - its details are printed and the browser is told to refresh after 20 seconds > - before the browser refreshes, the session is invalidated server-side by separate thread. > Expected behaviour is, that WF should give the user a new session. That's indeed how it works in standalone mode and without <distributable/> in web.xml. But in domain mode, OR with <distributable/> added (and, possibly, full-ha profile chosen), I get errors: > - The first stacktrace happens when the thread invalidates the session. > - The second stacktrace happens, when the browser refreshes. The user sees "Error 500". > - Then, after a minute or so, I get the last one. It then repeats periodically. > We can't upgrade from 10.0 because of this - and we know we need an upgrade because of fixes in Infinispan. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7224) Missing validation check for simple-regex-realm-mapper and mapped-regex-realm-mapper in Elytron subsystem

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/WFLY-7224?page=com.atlassian.jira.plugin.... ] Ilia Vassilev commented on WFLY-7224: ------------------------------------- [~honza889] Sent PR [1] which is easier to review. [1] https://github.com/wildfly-security/elytron-subsystem/pull/243 > Missing validation check for simple-regex-realm-mapper and mapped-regex-realm-mapper in Elytron subsystem > --------------------------------------------------------------------------------------------------------- > > Key: WFLY-7224 > URL: https://issues.jboss.org/browse/WFLY-7224 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > > Elytron subsystem allows to add realm mapper (e.g. simple-regex-realm-mapper) with pattern which does not include a capture group. In case when this realm mapper is used in add operation for security domain through CLI then operation fails with incomprehensible log: > {code} > { > "outcome" => "failed", > "failure-description" => {"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}, > "rolled-back" => true > } > {code} > Exception in server log: > {code} > ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service org.wildfly.security.realm-mapper.SomeRealmMapper: org.jboss.msc.service.StartException in service org.wildfly.security.realm-mapper.SomeRealmMapper: Failed to start service > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.IllegalArgumentException: ELY01065: Pattern requires a capture group > at org.wildfly.security.auth.util.SimpleRegexRealmMapper.<init>(SimpleRegexRealmMapper.java:64) > at org.wildfly.security.auth.util.SimpleRegexRealmMapper.<init>(SimpleRegexRealmMapper.java:49) > at org.wildfly.extension.elytron.RealmMapperDefinitions$SimpleRegexRealmMapperAddHandler.lambda$performRuntime$0(RealmMapperDefinitions.java:157) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) > ... 3 more > {code} > The same happens for mapped-regex-realm-mapper. > Point here is that we allow to successfully add wrong realm mapper (without capture group) but we check whether it is wrong later in security domain. This check should be done during adding wrong realm mapper to avoid following incomprehensible CLI log and exception in server log. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7212) Cannot use BMT in @Schedule service

by Karl Nicholas (JIRA)

[ https://issues.jboss.org/browse/WFLY-7212?page=com.atlassian.jira.plugin.... ] Karl Nicholas edited comment on WFLY-7212 at 9/28/16 5:22 PM: -------------------------------------------------------------- Okay, that seems to have been the problem. I didn't think through the fact that I was also starting up a CMT, though in hindsight it should have been obvious, especially since I didn't make the first bean a BMT because of other @scheduled events that I wanted to be CMT. Now I can choose which way I want it to be and even use pure Java EE if that's important. Thanks once again. was (Author: karlnicholas): Okay, that seems to have been the problem. I didn't think through the fact that I was also starting up a CMT, though in hindsight it should have been obvious, especially since I didn't make the first bean a BMT because of other @scheduled events that I wanted to be CMT. Thanks once again. > Cannot use BMT in @Schedule service > ----------------------------------- > > Key: WFLY-7212 > URL: https://issues.jboss.org/browse/WFLY-7212 > Project: WildFly > Issue Type: Feature Request > Components: EE, EJB, Transactions > Affects Versions: 10.0.0.Final, 10.1.0.Final > Environment: Wildfly 10.1.0-Final. Windows 10. MySql 5.5. > Reporter: Karl Nicholas > Labels: arjuna, ejb, scheduled, scheduled_tasks, transaction > > When injecting a `@Resource private UserTransaction tx;`, a `TransactionReaper` terminates kills my `UserTransaction` after 5 minutes no matter what. Since it's a batch update, I need more than 5 minutes. > Here is a simple piece of code that doesn't work: > {code:java} > @EJB private TestFiveMinuteBatch testFiveMinuteBatch; > @Schedule(second="0", minute="8", hour="10", persistent=false) // 03:30 am (12:30 am CA ) every day > public void updateTest() { > testFiveMinuteBatch.test(); > } > @Stateless > @TransactionManagement(TransactionManagementType.BEAN) > public class TestFiveMinuteBatch { > @Resource private UserTransaction tx; > public void test() { > for ( int i=0; i < 6; ++i ) { > System.out.println("Minute: " + i); > try { > Thread.sleep(60000); > } catch (InterruptedException e) { > // TODO Auto-generated catch block > e.printStackTrace(); > } > } > } > } > {code} > After 5 minutes I get this warning: > {noformat} > 10:13:00,034 WARN [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check timeout for TX 0:ffffac1f6209:-595568e4:57e80419:e in state RUN > 10:13:00,039 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012121: TransactionReaper::doCancellations worker Thread[Transaction Reaper Worker 0,5,main] successfully canceled TX 0:ffffac1f6209:-595568e4:57e80419:e > 10:13:00,130 INFO [stdout] (EJB default - 1) Minute: 5 > {noformat} > After service terminates I get this error: > {noformat} > 10:14:00,131 WARN [com.arjuna.ats.arjuna] (EJB default - 1) ARJUNA012077: Abort called on already aborted atomic action 0:ffffac1f6209:-595568e4:57e80419:e > 10:14:00,163 ERROR [org.jboss.as.ejb3.timer] (EJB default - 1) WFLYEJB0020: Error invoking timeout for timer: [id=8a8f4546-28d0-491e-85a6-f668f58ab5dc timedObjectId=opca-ear.opca-ejb.ScheduledService auto-timer?:true persistent?:false timerService=org.jboss.as.ejb3.timerservice.TimerServiceImpl@31fe8c3e initialExpiration=null intervalDuration(in milli sec)=0 nextExpiration=Mon Sep 26 10:08:00 PDT 2016 timerState=IN_TIMEOUT info=null]: javax.ejb.EJBTransactionRolledbackException: Transaction rolled back > at org.jboss.as.ejb3.tx.CMTTxInterceptor.handleEndTransactionException(CMTTxInterceptor.java:137) > at org.jboss.as.ejb3.tx.CMTTxInterceptor.endTransaction(CMTTxInterceptor.java:117) > at org.jboss.as.ejb3.tx.TimerCMTTxInterceptor.endTransaction(TimerCMTTxInterceptor.java:67) > at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:279) > at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:327) > at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:239) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) > at org.jboss.as.ejb3.concurrency.ContainerManagedConcurrencyInterceptor.processInvocation(ContainerManagedConcurrencyInterceptor.java:110) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) > at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636) > at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) > at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) > at org.jboss.as.ejb3.timerservice.TimedObjectInvokerImpl.callTimeout(TimedObjectInvokerImpl.java:99) > at org.jboss.as.ejb3.timerservice.CalendarTimerTask.invokeBeanMethod(CalendarTimerTask.java:64) > at org.jboss.as.ejb3.timerservice.CalendarTimerTask.callTimeout(CalendarTimerTask.java:53) > at org.jboss.as.ejb3.timerservice.TimerTask.run(TimerTask.java:157) > at org.jboss.as.ejb3.timerservice.TimerServiceImpl$Task$1.run(TimerServiceImpl.java:1215) > at org.wildfly.extension.requestcontroller.RequestController$QueuedTask$1.run(RequestController.java:497) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > Caused by: javax.transaction.RollbackException: WFLYEJB0447: Transaction 'TransactionImple < ac, BasicAction: 0:ffffac1f6209:-595568e4:57e80419:e status: ActionStatus.ABORTED >' was already rolled back > at org.jboss.as.ejb3.tx.CMTTxInterceptor.endTransaction(CMTTxInterceptor.java:98) > ... 38 more > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7212) Cannot use BMT in @Schedule service

by Karl Nicholas (JIRA)

[ https://issues.jboss.org/browse/WFLY-7212?page=com.atlassian.jira.plugin.... ] Karl Nicholas commented on WFLY-7212: ------------------------------------- Okay, that seems to have been the problem. I didn't think through the fact that I was also starting up a CMT, though in hindsight it should have been obvious, especially since I didn't make the first bean a BMT because of other @scheduled events that I wanted to be CMT. Thanks once again. > Cannot use BMT in @Schedule service > ----------------------------------- > > Key: WFLY-7212 > URL: https://issues.jboss.org/browse/WFLY-7212 > Project: WildFly > Issue Type: Feature Request > Components: EE, EJB, Transactions > Affects Versions: 10.0.0.Final, 10.1.0.Final > Environment: Wildfly 10.1.0-Final. Windows 10. MySql 5.5. > Reporter: Karl Nicholas > Labels: arjuna, ejb, scheduled, scheduled_tasks, transaction > > When injecting a `@Resource private UserTransaction tx;`, a `TransactionReaper` terminates kills my `UserTransaction` after 5 minutes no matter what. Since it's a batch update, I need more than 5 minutes. > Here is a simple piece of code that doesn't work: > {code:java} > @EJB private TestFiveMinuteBatch testFiveMinuteBatch; > @Schedule(second="0", minute="8", hour="10", persistent=false) // 03:30 am (12:30 am CA ) every day > public void updateTest() { > testFiveMinuteBatch.test(); > } > @Stateless > @TransactionManagement(TransactionManagementType.BEAN) > public class TestFiveMinuteBatch { > @Resource private UserTransaction tx; > public void test() { > for ( int i=0; i < 6; ++i ) { > System.out.println("Minute: " + i); > try { > Thread.sleep(60000); > } catch (InterruptedException e) { > // TODO Auto-generated catch block > e.printStackTrace(); > } > } > } > } > {code} > After 5 minutes I get this warning: > {noformat} > 10:13:00,034 WARN [com.arjuna.ats.arjuna] (Transaction Reaper) ARJUNA012117: TransactionReaper::check timeout for TX 0:ffffac1f6209:-595568e4:57e80419:e in state RUN > 10:13:00,039 WARN [com.arjuna.ats.arjuna] (Transaction Reaper Worker 0) ARJUNA012121: TransactionReaper::doCancellations worker Thread[Transaction Reaper Worker 0,5,main] successfully canceled TX 0:ffffac1f6209:-595568e4:57e80419:e > 10:13:00,130 INFO [stdout] (EJB default - 1) Minute: 5 > {noformat} > After service terminates I get this error: > {noformat} > 10:14:00,131 WARN [com.arjuna.ats.arjuna] (EJB default - 1) ARJUNA012077: Abort called on already aborted atomic action 0:ffffac1f6209:-595568e4:57e80419:e > 10:14:00,163 ERROR [org.jboss.as.ejb3.timer] (EJB default - 1) WFLYEJB0020: Error invoking timeout for timer: [id=8a8f4546-28d0-491e-85a6-f668f58ab5dc timedObjectId=opca-ear.opca-ejb.ScheduledService auto-timer?:true persistent?:false timerService=org.jboss.as.ejb3.timerservice.TimerServiceImpl@31fe8c3e initialExpiration=null intervalDuration(in milli sec)=0 nextExpiration=Mon Sep 26 10:08:00 PDT 2016 timerState=IN_TIMEOUT info=null]: javax.ejb.EJBTransactionRolledbackException: Transaction rolled back > at org.jboss.as.ejb3.tx.CMTTxInterceptor.handleEndTransactionException(CMTTxInterceptor.java:137) > at org.jboss.as.ejb3.tx.CMTTxInterceptor.endTransaction(CMTTxInterceptor.java:117) > at org.jboss.as.ejb3.tx.TimerCMTTxInterceptor.endTransaction(TimerCMTTxInterceptor.java:67) > at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:279) > at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:327) > at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:239) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) > at org.jboss.as.ejb3.concurrency.ContainerManagedConcurrencyInterceptor.processInvocation(ContainerManagedConcurrencyInterceptor.java:110) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) > at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636) > at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) > at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) > at org.jboss.as.ejb3.timerservice.TimedObjectInvokerImpl.callTimeout(TimedObjectInvokerImpl.java:99) > at org.jboss.as.ejb3.timerservice.CalendarTimerTask.invokeBeanMethod(CalendarTimerTask.java:64) > at org.jboss.as.ejb3.timerservice.CalendarTimerTask.callTimeout(CalendarTimerTask.java:53) > at org.jboss.as.ejb3.timerservice.TimerTask.run(TimerTask.java:157) > at org.jboss.as.ejb3.timerservice.TimerServiceImpl$Task$1.run(TimerServiceImpl.java:1215) > at org.wildfly.extension.requestcontroller.RequestController$QueuedTask$1.run(RequestController.java:497) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > Caused by: javax.transaction.RollbackException: WFLYEJB0447: Transaction 'TransactionImple < ac, BasicAction: 0:ffffac1f6209:-595568e4:57e80419:e status: ActionStatus.ABORTED >' was already rolled back > at org.jboss.as.ejb3.tx.CMTTxInterceptor.endTransaction(CMTTxInterceptor.java:98) > ... 38 more > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-647) MechanismDatabase create SSL_ aliases incompletely

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-647?page=com.atlassian.jira.plugin.sy... ] Jan Kalina updated ELY-647: --------------------------- Steps to Reproduce: {code:java}CipherSuiteSelector.fromString("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA");{code} (was: # Use standalone.xml from attachment # update path to keystore (server-cert-key-rsa.jks) # update path to trust store (ca-cert.jks) ) > MechanismDatabase create SSL_ aliases incompletely > -------------------------------------------------- > > Key: ELY-647 > URL: https://issues.jboss.org/browse/ELY-647 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Blocker > > SSL MechanismDatabase should create alias for every TLS_* from SSL_*. It create them only for direct entries, not for other aliases. > MechanismDatabase.properties contains for example: > {code:java} > TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = alias:TLS_RSA_WITH_3DES_EDE_CBC_SHA > {code} > The *TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* works ok, but *SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* doesnt exist. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-647) MechanismDatabase create SSL_ aliases incompletely

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-647?page=com.atlassian.jira.plugin.sy... ] Jan Kalina updated ELY-647: --------------------------- Description: SSL MechanismDatabase should create alias for every TLS_* from SSL_*. It create them only for direct entries, not for other aliases. MechanismDatabase.properties contains for example: {code:java} TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = alias:TLS_RSA_WITH_3DES_EDE_CBC_SHA {code} The *TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* works ok, but *SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* doesnt exist. was: SSL MechanismDatabase should create alias for every TLS_* from SSL_*. It create them only for direct entries, not for other aliases. MechanismDatabase.properties contains for example: {code:java} TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = alias:TLS_RSA_WITH_3DES_EDE_CBC_SHA {code} The *TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* works ok, but *SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* doesnt. > MechanismDatabase create SSL_ aliases incompletely > -------------------------------------------------- > > Key: ELY-647 > URL: https://issues.jboss.org/browse/ELY-647 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Blocker > > SSL MechanismDatabase should create alias for every TLS_* from SSL_*. It create them only for direct entries, not for other aliases. > MechanismDatabase.properties contains for example: > {code:java} > TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = alias:TLS_RSA_WITH_3DES_EDE_CBC_SHA > {code} > The *TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* works ok, but *SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* doesnt exist. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-647) MechanismDatabase create SSL_ aliases incompletely

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-647?page=com.atlassian.jira.plugin.sy... ] Jan Kalina updated ELY-647: --------------------------- Description: SSL MechanismDatabase should create alias for every TLS_* from SSL_*. It create them only for direct entries, not for other aliases. MechanismDatabase.properties contains for example: {code:java} TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = alias:TLS_RSA_WITH_3DES_EDE_CBC_SHA {code} The *TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* works ok, but *SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* doesnt. was: SSL MechanismDatabase should create alias for every TLS_* from SSL_*. It create them only for direct entries, not for other aliases. MechanismDatabase.properties contains for example: {code:java} TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = alias:TLS_RSA_WITH_3DES_EDE_CBC_SHA {code} The TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA works ok, but SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA doesnt. > MechanismDatabase create SSL_ aliases incompletely > -------------------------------------------------- > > Key: ELY-647 > URL: https://issues.jboss.org/browse/ELY-647 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Blocker > > SSL MechanismDatabase should create alias for every TLS_* from SSL_*. It create them only for direct entries, not for other aliases. > MechanismDatabase.properties contains for example: > {code:java} > TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = alias:TLS_RSA_WITH_3DES_EDE_CBC_SHA > {code} > The *TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* works ok, but *SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA* doesnt. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-647) MechanismDatabase create SSL_ aliases incompletely

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-647?page=com.atlassian.jira.plugin.sy... ] Jan Kalina updated ELY-647: --------------------------- Description: SSL MechanismDatabase should create alias for every TLS_* from SSL_*. It create them only for direct entries, not for other aliases. MechanismDatabase.properties contains for example: {code:java} TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = alias:TLS_RSA_WITH_3DES_EDE_CBC_SHA {code} The TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA works ok, but SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA doesnt. was: There is not possibility to use alternative JSSE Cipher Suite Names for IBM JDK8 Interchange TLS prefix to SSL and vice versa is not supported. Here is list of standard JSSE Cipher Suite Names http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNa... In my opinion this file is mapping file for our purpose. It is? https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/... For IBM JDK are different JSSE Cipher Suite Names (different prefix). Most items from this list are missing in MechanismDatabase.properties mentioned above. http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.secu... For example: JSSE Cipher Suite Name *SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA* is only defined for IBM JDK. It is *TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA* for Oracle JDK. If I try start server with JSSE Cipher Suite Name *SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA* I will get this error: {code} 16:55:25,594 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.undertow.listener.https: org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.lang.Thread.run(Thread.java:785) Caused by: java.lang.IllegalArgumentException: ELY05017: Token "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA" not allowed at offset 33 of mechanism selection string "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA" at org.wildfly.security.ssl.CipherSuiteSelector.fromString(CipherSuiteSelector.java:399) at org.wildfly.extension.undertow.HttpsListenerService.startListening(HttpsListenerService.java:125) at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:138) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) ... 3 more 16:55:25,598 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "undertow"), ("server" => "default-server"), ("https-listener" => "https") ]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.undertow.listener.https" => "org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service Caused by: java.lang.IllegalArgumentException: ELY05017: Token \"SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA\" not allowed at offset 33 of mechanism selection string \"SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA\""}} {code} > MechanismDatabase create SSL_ aliases incompletely > -------------------------------------------------- > > Key: ELY-647 > URL: https://issues.jboss.org/browse/ELY-647 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Blocker > > SSL MechanismDatabase should create alias for every TLS_* from SSL_*. It create them only for direct entries, not for other aliases. > MechanismDatabase.properties contains for example: > {code:java} > TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = alias:TLS_RSA_WITH_3DES_EDE_CBC_SHA > {code} > The TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA works ok, but SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA doesnt. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-647) MechanismDatabase create SSL_ aliases incompletely

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-647?page=com.atlassian.jira.plugin.sy... ] Jan Kalina moved JBEAP-6237 to ELY-647: --------------------------------------- Project: WildFly Elytron (was: JBoss Enterprise Application Platform) Key: ELY-647 (was: JBEAP-6237) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: SSL (was: Security) Affects Version/s: (was: 7.0.0.ER6) Affects Testing: (was: Regression) > MechanismDatabase create SSL_ aliases incompletely > -------------------------------------------------- > > Key: ELY-647 > URL: https://issues.jboss.org/browse/ELY-647 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Blocker > > There is not possibility to use alternative JSSE Cipher Suite Names for IBM JDK8 > Interchange TLS prefix to SSL and vice versa is not supported. > Here is list of standard JSSE Cipher Suite Names > http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNa... > In my opinion this file is mapping file for our purpose. It is? > https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/... > For IBM JDK are different JSSE Cipher Suite Names (different prefix). > Most items from this list are missing in MechanismDatabase.properties mentioned above. > http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.secu... > For example: > JSSE Cipher Suite Name *SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA* is only defined for IBM JDK. > It is *TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA* for Oracle JDK. > If I try start server with JSSE Cipher Suite Name *SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA* I will get this error: > {code} > 16:55:25,594 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.undertow.listener.https: org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > at java.lang.Thread.run(Thread.java:785) > Caused by: java.lang.IllegalArgumentException: ELY05017: Token "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA" not allowed at offset 33 of mechanism selection string "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA" > at org.wildfly.security.ssl.CipherSuiteSelector.fromString(CipherSuiteSelector.java:399) > at org.wildfly.extension.undertow.HttpsListenerService.startListening(HttpsListenerService.java:125) > at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:138) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) > ... 3 more > 16:55:25,598 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "undertow"), > ("server" => "default-server"), > ("https-listener" => "https") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.undertow.listener.https" => "org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service > Caused by: java.lang.IllegalArgumentException: ELY05017: Token \"SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA\" not allowed at offset 33 of mechanism selection string \"SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA\""}} > {code} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5745) EJB security interceptor integration

by Farah Juma (JIRA)

[ https://issues.jboss.org/browse/WFLY-5745?page=com.atlassian.jira.plugin.... ] Farah Juma edited comment on WFLY-5745 at 9/28/16 1:42 PM: ----------------------------------------------------------- wildfly-security-incubator PRs: https://github.com/wildfly-security-incubator/wildfly/pull/6 https://github.com/wildfly-security-incubator/wildfly/pull/11 https://github.com/wildfly-security-incubator/wildfly/pull/12 https://github.com/wildfly-security-incubator/wildfly/pull/32 was (Author: fjuma): wildfly-security-incubator PRs: https://github.com/wildfly-security-incubator/wildfly/pull/6 https://github.com/wildfly-security-incubator/wildfly/pull/11 https://github.com/wildfly-security-incubator/wildfly/pull/12 > EJB security interceptor integration > ------------------------------------ > > Key: WFLY-5745 > URL: https://issues.jboss.org/browse/WFLY-5745 > Project: WildFly > Issue Type: Feature Request > Components: EJB > Reporter: Farah Juma > Assignee: Farah Juma > Labels: affects_elytron > Fix For: 11.0.0.Alpha1 > > > Add the ability to select which security interceptors get used based on the security domain configuration in the EJB subsystem. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

8 years, 3 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira September 2016