[JBoss JIRA] (WFLY-7957) Redirecting to external ports such as 443 is not working
by Bhaskara Undi (JIRA)
[ https://issues.jboss.org/browse/WFLY-7957?page=com.atlassian.jira.plugin.... ]
Bhaskara Undi commented on WFLY-7957:
-------------------------------------
Added <socket-binding name="https-ext" port="443"/> to the <socket-binding-group....getting the following error.
2017-01-25 09:37:02,239 ERROR [io.undertow.request] (default task-1) UT005001: An exception occurred processing the request: java.lang.IllegalStateException: UT010053: No confidential port is available to redirect the current request.
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.getRedirectURI(ServletConfidentialityConstraintHandler.java:80)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:49)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> Redirecting to external ports such as 443 is not working
> --------------------------------------------------------
>
> Key: WFLY-7957
> URL: https://issues.jboss.org/browse/WFLY-7957
> Project: WildFly
> Issue Type: Bug
> Components: Web Sockets
> Affects Versions: 10.1.0.Final
> Environment: Windows Server 2012 R2 Standard, 64bit
> Reporter: Bhaskara Undi
> Assignee: Stuart Douglas
>
> 2017-01-24 10:57:17,812 ERROR [io.undertow.request] (default task-1) UT005001: An exception occurred processing the request: java.lang.IllegalStateException: UT010053: No confidential port is available to redirect the current request.
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.getRedirectURI(ServletConfidentialityConstraintHandler.java:80)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:49)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60).........
> ------------------
> <server-identities>
> <ssl>
> <keystore path="edustgkeystore.jks" relative-to="jboss.server.config.dir" keystore-password="pass" alias="server"/>
> </ssl>
> </server-identities>
> -----------------------------
> <subsystem xmlns="urn:jboss:domain:undertow:3.1">
> <buffer-cache name="default"/>
> <server name="default-server">
> <ajp-listener name="listen-ajp" socket-binding="ajp"/>
> <http-listener name="default" socket-binding="http" redirect-socket="https-ext" enable-http2="true"/>
> <https-listener name="https" socket-binding="https" security-realm="SSLRealm" enable-http2="true"/>
> -------------------------------
> <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
> <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
> <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
> <socket-binding name="http" port="${jboss.http.port:8080}"/>
> <socket-binding name="https" port="${jboss.https.port:8443}"/>
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2234) Introduce srcdeps
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2234?page=com.atlassian.jira.plugi... ]
Brian Stansberry commented on WFCORE-2234:
------------------------------------------
This needs a discussion on wildfly-dev.
> Introduce srcdeps
> -----------------
>
> Key: WFCORE-2234
> URL: https://issues.jboss.org/browse/WFCORE-2234
> Project: WildFly Core
> Issue Type: Task
> Reporter: Peter Palaga
> Assignee: Peter Palaga
>
> Srcdeps is a tool to build Maven dependencies from their sources. With srcdeps, wildfly-core can depend on a specific commit of, e.g., undertow:
> {code}
> <version.io.undertow>1.4.8.Final-SRC-revision-aabbccd</version.io.undertow>
> {code}
> where {{aabbccd}} is the git commit id to build when any undertow artifact is requested during the build of wildfly-core.
> The main advantage of srcdeps is that changes in components can be integrated and tested in wildfly-core immediately after they are committed to a public component branch. There is no need to wait for the component release.
> [1] https://github.com/srcdeps/srcdeps-maven#srcdeps-maven
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2234) Introduce srcdeps
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2234?page=com.atlassian.jira.plugi... ]
Brian Stansberry commented on WFCORE-2234:
------------------------------------------
Hehe, which you already said in your PR description. :)
> Introduce srcdeps
> -----------------
>
> Key: WFCORE-2234
> URL: https://issues.jboss.org/browse/WFCORE-2234
> Project: WildFly Core
> Issue Type: Task
> Reporter: Peter Palaga
> Assignee: Peter Palaga
>
> Srcdeps is a tool to build Maven dependencies from their sources. With srcdeps, wildfly-core can depend on a specific commit of, e.g., undertow:
> {code}
> <version.io.undertow>1.4.8.Final-SRC-revision-aabbccd</version.io.undertow>
> {code}
> where {{aabbccd}} is the git commit id to build when any undertow artifact is requested during the build of wildfly-core.
> The main advantage of srcdeps is that changes in components can be integrated and tested in wildfly-core immediately after they are committed to a public component branch. There is no need to wait for the component release.
> [1] https://github.com/srcdeps/srcdeps-maven#srcdeps-maven
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFLY-7971) There stuck some required service after unsuccessful command for adding CredentialStore with wrong filled relative-to attribute.
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-7971?page=com.atlassian.jira.plugin.... ]
Brian Stansberry commented on WFLY-7971:
----------------------------------------
Is the issue here just the timing of the "Newly corrected services" report?
If so please change this to Domain Management, remove Security and move to WFCORE.
> There stuck some required service after unsuccessful command for adding CredentialStore with wrong filled relative-to attribute.
> --------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-7971
> URL: https://issues.jboss.org/browse/WFLY-7971
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
>
> There stuck some required service after unsuccessful command for adding CredentialStore with wrong filled relative-to attribute.
> *Command with wrong filled relative-to attribute*
> {code}
> /subsystem=elytron/credential-store=CredStore108:add(uri="cr-store://test/cs108.jceks?create.storage=true", credential-reference={clear-text=pass123}, relative-to=non.exist.path.resource)
> {code}
> *You can see this log.*
> Especially information about New missing/unsatisfied dependencies:is important and it wouldn't be there.
> {code}
> 16:54:18,809 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 8) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("credential-store" => "CredStore108")
> ]) - failure description: {
> "WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"non.exist.path.resource\""],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.credential-store.CredStore108 is missing [jboss.server.path.\"non.exist.path.resource\"]"]
> }
> 16:54:18,810 INFO [org.jboss.as.controller] (management-handler-thread - 8) WFLYCTL0183: Service status report
> WFLYCTL0184: New missing/unsatisfied dependencies:
> service jboss.server.path."non.exist.path.resource" (missing) dependents: [service org.wildfly.security.credential-store.CredStore108]
> {code}
> *Now we try process same command without relative-to attribute*
> {code}
> /subsystem=elytron/credential-store=CredStore108:add(uri="cr-store://test/cs108.jceks?create.storage=true", credential-reference={clear-text=pass123})
> {code}
> *Result is success but we can notice this in log:*
> {code}
> 16:55:33,093 INFO [org.jboss.as.controller] (management-handler-thread - 10) WFLYCTL0183: Service status report
> WFLYCTL0185: Newly corrected services:
> service jboss.server.path."non.exist.path.resource" (no longer required)
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFLY-7483) Credential store has configuration in "uri" attribute.
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-7483?page=com.atlassian.jira.plugin.... ]
Brian Stansberry commented on WFLY-7483:
----------------------------------------
BTW, in my first comment here I focused on the query parameters part of the URI, and we've determined those are arbitrary key/value pairs. What about the rest of the URI? Do those represent pieces of information with static definitions that should be configured in fully described attributes? From a quick glance at CredentialStoreURIParser it looks like it is parsing statically defined information (name and storage flle) from the URI.
> Credential store has configuration in "uri" attribute.
> ------------------------------------------------------
>
> Key: WFLY-7483
> URL: https://issues.jboss.org/browse/WFLY-7483
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
> Priority: Critical
>
> Credential store has configuration in "uri" attribute. All parameters are in one string. It can be confusing and there is risk of typo (e.g. delimiter typo)
> In my opinion the main intention for it is to have general solution for custom implementation.
> *Current state*
> {code}
> /subsystem=elytron/credential-store=cs001:add(uri="cr-store://test/cs/keystore.jceks?store.password=pass123;create.storage=true")
> {code}
> *Suggestion for improvement:*
> Better solution to achieve this could be use a map.
> e.g. some like that:
> {code}
> /subsystem=elytron/credential-store=credStore:add(cs-map={store.password=pass123, create.storage=true, store.file=path/to/cred/file})
> {code}
> Now credential store name is in URI too, it can be get from resource name.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFLY-7483) Credential store has configuration in "uri" attribute.
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-7483?page=com.atlassian.jira.plugin.... ]
Brian Stansberry commented on WFLY-7483:
----------------------------------------
There needs to be a design document or at least a discussion recorded somewhere that explains the rationale for using a URI. Such a thing would be a necessary input for creating documentation. So, [~pskopek], that should be linked to this issue, and that can inform the discussion here about whether that's the correct config style.
> Credential store has configuration in "uri" attribute.
> ------------------------------------------------------
>
> Key: WFLY-7483
> URL: https://issues.jboss.org/browse/WFLY-7483
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
> Priority: Critical
>
> Credential store has configuration in "uri" attribute. All parameters are in one string. It can be confusing and there is risk of typo (e.g. delimiter typo)
> In my opinion the main intention for it is to have general solution for custom implementation.
> *Current state*
> {code}
> /subsystem=elytron/credential-store=cs001:add(uri="cr-store://test/cs/keystore.jceks?store.password=pass123;create.storage=true")
> {code}
> *Suggestion for improvement:*
> Better solution to achieve this could be use a map.
> e.g. some like that:
> {code}
> /subsystem=elytron/credential-store=credStore:add(cs-map={store.password=pass123, create.storage=true, store.file=path/to/cred/file})
> {code}
> Now credential store name is in URI too, it can be get from resource name.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (DROOLS-764) Delete the dependency to commons-lang 2 in all poms in Drools and jBPM (use commons-lang 3 instead)
by Michael Biarnes Kiefer (JIRA)
[ https://issues.jboss.org/browse/DROOLS-764?page=com.atlassian.jira.plugin... ]
Michael Biarnes Kiefer commented on DROOLS-764:
-----------------------------------------------
I upgraded
guvnor-ala/guvnor-ala-spi/src/main/java/org/guvnor/ala/util/VariableInterpolation.java
Import org.apache.commons.lang.text.StrLookup to Import org.apache.commons.lang3.text.StrLookup
Import org.apache.commons.lang.text.StrSubstitutor to Import org.apache.commons.lang3.text.StrLookup
but I got this error: https://gist.github.com/mbiarnes/659fa0db8a4db1de3f1e280ef8c435e7
Lookng in Idea I saw that the classes org.apache.commons.lang.text.StrLookup and org.apache.commons.lang3.text.StrLookup are different.
So org.apache.commons.lang.text.StrSubstitutor and org.apache.commons.lang3.text.StrLookup.
> Delete the dependency to commons-lang 2 in all poms in Drools and jBPM (use commons-lang 3 instead)
> ---------------------------------------------------------------------------------------------------
>
> Key: DROOLS-764
> URL: https://issues.jboss.org/browse/DROOLS-764
> Project: Drools
> Issue Type: Task
> Reporter: Geoffrey De Smet
> Assignee: Michael Biarnes Kiefer
> Priority: Minor
>
> Make an inventory of all modules that still use commons-lang and ask their owners to replace the commons-lang 2 usage with commons-lang 3.
> See recipe below how they can quickly do that.
> Once all our modules are upgraded, see if we can remove the commons-lang 2 dependency as much as possible (including the ip-bom hopefully).
> {code}
> Currently we have commons-lang 2.6 and 3.1 in our classpath
> (which is not a problem because they use a different package namespace).
> Nevertheless, having it twice doesn't look good
> and 2.6 might miss security fixes.
> Luckily upgrading is easy (it took me 15 minutes for optaplanner):
> 1) Replace:
> <dependency>
> <groupId>commons-lang</groupId>
> <artifactId>commons-lang</artifactId>
> </dependency>
> with
> <dependency>
> <groupId>org.apache.commons</groupId>
> <artifactId>commons-lang3</artifactId>
> </dependency>
> (Both are already in the ip-bom, so no need to worry about <version>)
> 2) Replace "import org.apache.commons.lang."
> with "import org.apache.commons.lang3."
> I had about 170 occurrences.
> 3) Compile. If you have a compile error, look for that class on:
> https://commons.apache.org/proper/commons-lang/article3_0.html
> I only had 1 error. Replacing "StringEscapeUtils.escapeHtml(s)"
> with "StringEscapeUtils.ESCAPE_HTML4.translate(s)" fixed that.
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFLY-7483) Credential store has configuration in "uri" attribute.
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/WFLY-7483?page=com.atlassian.jira.plugin.... ]
Martin Choma commented on WFLY-7483:
------------------------------------
As far as I can tell, uri attribute has no external meaning. Attribute uri is introduced by subsystem. Elytron itself works with Map. Actually attribute name "uri" looks to me confusing. I don't see clear connection with credential-store topic. Renaming to "properties" would make more sense to me. With string approach I just see cons with escaping delimiters ('?', ';'). And from user experience point of view it is just another solution for generic key/value pairs.
> Credential store has configuration in "uri" attribute.
> ------------------------------------------------------
>
> Key: WFLY-7483
> URL: https://issues.jboss.org/browse/WFLY-7483
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
> Priority: Critical
>
> Credential store has configuration in "uri" attribute. All parameters are in one string. It can be confusing and there is risk of typo (e.g. delimiter typo)
> In my opinion the main intention for it is to have general solution for custom implementation.
> *Current state*
> {code}
> /subsystem=elytron/credential-store=cs001:add(uri="cr-store://test/cs/keystore.jceks?store.password=pass123;create.storage=true")
> {code}
> *Suggestion for improvement:*
> Better solution to achieve this could be use a map.
> e.g. some like that:
> {code}
> /subsystem=elytron/credential-store=credStore:add(cs-map={store.password=pass123, create.storage=true, store.file=path/to/cred/file})
> {code}
> Now credential store name is in URI too, it can be get from resource name.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months