October 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (JBEE-181) Some XACML tests fail with security manager

by Yeray Borges (JIRA)

[ https://issues.jboss.org/browse/JBEE-181?page=com.atlassian.jira.plugin.s... ] Yeray Borges updated JBEE-181: ------------------------------ Fix Version/s: (was: jboss-el-api_2.2_spec-1.0.5.Final) > Some XACML tests fail with security manager > ------------------------------------------- > > Key: JBEE-181 > URL: https://issues.jboss.org/browse/JBEE-181 > Project: JBoss JavaEE Spec APIs > Issue Type: Bug > Components: jboss-jaxb-api > Reporter: Yeray Borges > Assignee: Yeray Borges > Priority: Critical > Labels: security-manager > > Some XACML tests fail with security manager, mostly because of missing permission "("java.io.FilePermission" "/home/okotek/git/wildfly/dist/target/wildfly-11.0.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar" "read")": > {noformat} > ERROR [io.undertow.request] (default task-3) UT005023: Exception handling request to /custom-xacml-web-test/secured: java.lang.ExceptionInInitializerError > at org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule.<init>(CustomXACMLAuthorizationModule.java:68) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:423) > at java.lang.Class.newInstance(Class.java:442) > at org.jboss.security.plugins.authorization.JBossAuthorizationContext.instantiateModule(JBossAuthorizationContext.java:329) > at org.jboss.security.plugins.authorization.JBossAuthorizationContext.initializeModules(JBossAuthorizationContext.java:205) > at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:141) > at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438) > at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115) > at org.jboss.security.plugins.javaee.WebAuthorizationHelper.checkResourcePermission(WebAuthorizationHelper.java:119) > at org.wildfly.extension.undertow.security.JbossAuthorizationManager.canAccessResource(JbossAuthorizationManager.java:160) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:55) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110) > at java.security.AccessController.doPrivileged(Native Method) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/okotek/git/wildfly/dist/target/wildfly-11.0.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar" "read")" in code source "(vfs:/content/custom-xacml-web-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.custom-xacml-web-test.war" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350) > at java.util.zip.ZipFile.<init>(ZipFile.java:216) > at java.util.zip.ZipFile.<init>(ZipFile.java:155) > at java.util.jar.JarFile.<init>(JarFile.java:166) > at java.util.jar.JarFile.<init>(JarFile.java:103) > at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93) > at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69) > at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:84) > at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) > at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150) > at java.net.URL.openStream(URL.java:1045) > at javax.xml.bind.ContextFinder.find(ContextFinder.java:292) > at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:412) > at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:375) > at org.jboss.security.xacml.core.JBossPDP.<clinit>(JBossPDP.java:126) > ... 55 more > {noformat} > Looks like a privileged block is missing. Hence Critical. > After adding such permission, there are another permissions missing: > * {{WebXACMLAuthorizationModuleTestCase}} -- {{RuntimePermission("accessDeclaredMembers")}}, {{ReflectPermission("suppressAccessChecks")}}, {{RuntimePermission("getClassLoader")}} > * {{JBossPDPServletInitializationTestCase}} -- {{RuntimePermission("accessDeclaredMembers")}} > * {{JBossPDPInteroperabilityTestCase}} -- additional file permissions, {{RuntimePermission("accessDeclaredMembers")}}, {{RuntimePermission("getClassLoader")}}, {{ReflectPermission("suppressAccessChecks")}}, {{PropertyPermission("user.dir", "read")}} > * {{EjbXACMLAuthorizationModuleTestCase}} -- {{RuntimePermission("accessDeclaredMembers")}}, {{RuntimePermission("getClassLoader")}}, {{ReflectPermission("suppressAccessChecks")}}, {{ElytronPermission("getSecurityDomain")}} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-1427) Credential store type PKCS12 works fine when using OracleJDK and OpenJDK but doesn't work using IBM JDK.

by Ingo Weiss (JIRA)

[ https://issues.jboss.org/browse/ELY-1427?page=com.atlassian.jira.plugin.s... ] Ingo Weiss moved WFCORE-3378 to ELY-1427: ----------------------------------------- Project: WildFly Elytron (was: WildFly Core) Key: ELY-1427 (was: WFCORE-3378) Component/s: Credential Store (was: Security) > Credential store type PKCS12 works fine when using OracleJDK and OpenJDK but doesn't work using IBM JDK. > -------------------------------------------------------------------------------------------------------- > > Key: ELY-1427 > URL: https://issues.jboss.org/browse/ELY-1427 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Priority: Critical > > Credential store type PKCS12 works fine when using OracleJDK and OpenJDK. > Problem occurs when we use IBM JDK, add-alias works fine for first time, but for add-alias for second time with same alias name we expect message about duplicity rather than current error message about SecretKeyFactory not availability. > {code} > "WFLYCTL0158: Operation handler failed: java.lang.RuntimeException: WFLYELY00009: Unable to complete operation. 'ELY09504: Cannot acquire a credential from the credential store->Get Key failed: 1.2.840.113549.1.7.1 SecretKeyFactory not available->1.2.840.113549.1.7.1 SecretKeyFactory not available'", > {code} > *NOTE* > I met same problem with Oracle JDK 1.8 u66, with u144 is everythink ok. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9492) Concurrent access timeout on StatefulBean when invoked via StatelessBean

by Thies Rubarth (JIRA)

Thies Rubarth created WFLY-9492: ----------------------------------- Summary: Concurrent access timeout on StatefulBean when invoked via StatelessBean Key: WFLY-9492 URL: https://issues.jboss.org/browse/WFLY-9492 Project: WildFly Issue Type: Bug Components: EJB Affects Versions: 10.1.0.Final Reporter: Thies Rubarth Attachments: sfsbLock.zip We are having issues with a stateful bean that is invoked serveral times in a request to calculate things. We have a StatelessBean, that is called via REST and calls another StatelessBean which calls the StatefulBean which is request scoped. When we have parallel requests it comes to ConcurrentAccessTimeoutExceptions on the StatefulBean, although we shoudn't have concurrent access since the Bean is request scoped. This is the stacktrace we get: Caused by: javax.ejb.ConcurrentAccessTimeoutException: WFLYEJB0228: EJB 3.1 FR 4.3.14.1 concurrent access timeout on StatefulBean - could not obtain lock within 5000 MILLISECONDS at org.jboss.as.ejb3.component.stateful.StatefulSessionSynchronizationInterceptor.processInvocation(StatefulSessionSynchronizationInterceptor.java:94) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:64) at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.stateful.StatefulComponentInstanceInterceptor.processInvocation(StatefulComponentInstanceInterceptor.java:59) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInCallerTx(CMTTxInterceptor.java:254) ... 213 more -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3387) MBeanServer - not returning ManagedBean jboss.as:deployment=* during deployment

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3387?page=com.atlassian.jira.plugi... ] Brian Stansberry moved WFLY-9491 to WFCORE-3387: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-3387 (was: WFLY-9491) Component/s: JMX (was: EE) Affects Version/s: 3.0.8.Final (was: 10.1.0.Final) > MBeanServer - not returning ManagedBean jboss.as:deployment=* during deployment > ------------------------------------------------------------------------------- > > Key: WFCORE-3387 > URL: https://issues.jboss.org/browse/WFCORE-3387 > Project: WildFly Core > Issue Type: Bug > Components: JMX > Affects Versions: 3.0.8.Final > Reporter: Nuno Godinho de Matos > Priority: Minor > > In wildfly, there is a class of managed beans that are particularly useful to have available during application deployment. > In partocular beans with Object name (e.g. jboss.as:deployment=someapp-war.war) > This type of beans can for example sned a JMX Notification that the corresponding application has been deployed. > While trying to refactor a mechanism that fires an "ApplicationDeployed" event, a mechanism that was blinding registering a Listener on a hard coded ObjectName stopped working consistently once I generalized to hunt for the generalized beans. > The problem is the following. > 1. HARD CODED APPROACH: > If when an application is deploying, during the @Startup logic of an EJB I blindly do something like: > {panel} > MBeanServer mBeanServer = createMBeanServer(); > ObjectName targetObject = new ObjectName(objectName); > mBeanServer.addNotificationListener(targetObject, listener, filter, handback); > {panel} > I can successfully register my Listener, without any problem. > This will work 100% of the time, and after the deployment goes through I can send my notification to the application that the deployment is done. > I just need to blindly register the listener on: > jboss.as:deployment=someapp-war.war > 2. PROBLEM - GENERALIZED APPORACH - QUERY MBEANS > The Problem now is that once I try to generalize the mechanism, instead of directly doing something like jumping at the "registration", first I need to run a JMX query to hunt of beans: > jboss.as:deployment=* > Now I have the problem that I am coming out empty handed, no results. > Better said, the current approach has two possible behaviors. > Behavior 1 - Mechanism works: > - Wildfly is stopped > - on eclipse I drag and drop the WAR file to the APP server. > - I start wildfly. > In this case, the jboss.as:deployment=* will give me the deployed applications. > The generic mechanism works. > Behavior 2 - Query comes with no results > - Wildfly is running > - no deployments > - I drag and drop the APP, > then I get no results. > Here is a Log snippet from the application when running on apporach 2. > What you is multiple fluent wait queries. > You have N tries loop where the query * and hard-coded object name is run. In both scenarios I get no results. > But i still managed to register a listener If I want and I know the war name. > {panel} > ####2017-10-27 11:44:10,171 ThreadId:512 INFO [logger: .impl.jmx.AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,246 ThreadId:512 WARN [logger: .impl.jmx.AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,253 ThreadId:512 INFO [logger: .impl.jmx.AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,328 ThreadId:512 WARN [logger: .impl.jmx.AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,332 ThreadId:512 INFO [logger: .impl.jmx.AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,406 ThreadId:512 WARN [logger: .impl.jmx.AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,409 ThreadId:512 INFO [logger: .impl.jmx.AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,490 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,494 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,569 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,574 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,649 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,653 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,726 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,729 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,802 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,804 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,884 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,893 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,967 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:10,970 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,044 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,050 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,129 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,138 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,217 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,227 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,304 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,312 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,386 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,393 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,472 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,480 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,559 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,568 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,646 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,656 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,736 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,744 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,822 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,831 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,904 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,907 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,985 ThreadId:512 WARN [AbstractJmxAppDeploymentNotificationListenerRegistration] - Query jmx query: jboss.as:deployment=* yielded no results. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,991 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Using HARD_CODED_DIRTY_QUERY: jboss.as:deployment=someapp-war.war - returned: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,991 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - JMX Query to search for app deployments yielded: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,991 ThreadId:512 ERROR [AbstractJmxAppDeploymentNotificationListenerRegistration] - No WAR deployment could be found on the managed bean server. The applicatin runtimes that could be found were: [] <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,992 ThreadId:512 ERROR [AbstractJmxAppDeploymentNotificationListenerRegistration] - Going to add notification listerner using HARD CODED deployment JMX object name <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,992 ThreadId:512 INFO [AbstractJmxAppDeploymentNotificationListenerRegistration] - Going to register a jmx notification listener on the status of the deployed application: jboss.as:deployment=someapp-war.war <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,994 ThreadId:512 ERROR [AbstractJmxAppDeploymentNotificationListenerRegistration] - Skipping registration of NotificationLister on WAR application runtime, managed bean could not be found.This has the implication that the application ready event will not be fired after the deployment completes. <LogContext:Facade> <ServerService Thread Pool -- 339> > ####2017-10-27 11:44:11,995 ThreadId:512 INFO [WildflyJmxAppDeploymentNotificationListenerRegistration] - <- WildflyJmxAppDeploymentNotificationListenerRegistration.registerNotificationLister {2092 ms} <LogContext:Facade> <ServerService Thread Pool -- 339> > {panel} > I can try to create a sample application to reproduce this. > I would expect that before the @Startup logic is triggered on any EJB, I consistenly will have on the MBean server the deployment managemend bean for the WAR whose deployment is currently ongoing - regardless of whether I start the APP serer with the WAr already in or if I have just added the WAr file. > And in effect, since the "registration mechanims of a listener always works - if you already know the WAR file name ... then it kind means that the Managed bean is in effect in the MBean serer but somehow not visible. > Many thanks for any help on this. > I will try to give you a sample application for analysis. > Kindest regards. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3294) Update ClientCompatibilityUnitTestCase with more recent client versions

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3294?page=com.atlassian.jira.plugi... ] Kabir Khan updated WFCORE-3294: ------------------------------- Fix Version/s: 3.0.4.Final > Update ClientCompatibilityUnitTestCase with more recent client versions > ----------------------------------------------------------------------- > > Key: WFCORE-3294 > URL: https://issues.jboss.org/browse/WFCORE-3294 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Test Suite > Reporter: Brian Stansberry > Assignee: Brian Stansberry > Fix For: 3.0.4.Final > > > We've let ClientCompatibilityUnitTestCase get out of date. Add tests of core 2.1.0 and 2.2.1 clients. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3302) Intermittent protocol and controller module unit test failures since move to JBoss Remoting 5

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3302?page=com.atlassian.jira.plugi... ] Brian Stansberry reopened WFCORE-3302: -------------------------------------- That workaround didn't fully remove the intermittent failures, it just greatly decreased their likelihood. > Intermittent protocol and controller module unit test failures since move to JBoss Remoting 5 > --------------------------------------------------------------------------------------------- > > Key: WFCORE-3302 > URL: https://issues.jboss.org/browse/WFCORE-3302 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Test Suite > Reporter: Brian Stansberry > Assignee: Brian Stansberry > > This bug is about problems in WF Core management tests. I believe it exposes a flaw in how remoting handles server sockets, but AFAIK there is no impact on WF Core remoting server sockets. > Since the move to JBoss Remoting 5 we've seen intermittent failures in the protocol and controller module testsuites involving the tests that use their respective copies of the ChannelServer + RemoteChannelPairSetup test fixture. These tests all do a setup and teardown of the fixture for each test method (i.e. @Before and @After) with the failure being that a test fails creating a remoting server with a failure that indicates the server from a previous test hasn't completely shut down yet: > {code} > java.lang.RuntimeException: java.net.BindException: Address already in use: bind > at sun.nio.ch.Net.bind0(Native Method) > at sun.nio.ch.Net.bind(Net.java:433) > at sun.nio.ch.Net.bind(Net.java:425) > at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223) > at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) > at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:67) > at org.xnio.nio.NioXnioWorker.createTcpConnectionServer(NioXnioWorker.java:181) > at org.xnio.XnioWorker.createStreamConnectionServer(XnioWorker.java:282) > at org.jboss.remoting3.remote.RemoteConnectionProvider$ProviderInterface.createServer(RemoteConnectionProvider.java:372) > at org.jboss.as.controller.support.ChannelServer.create(ChannelServer.java:92) > at org.jboss.as.controller.support.RemoteChannelPairSetup.setupRemoting(RemoteChannelPairSetup.java:88) > at org.jboss.as.controller.ModelControllerClientTestCase.setupTestClient(ModelControllerClientTestCase.java:94) > at org.jboss.as.controller.ModelControllerClientTestCase.testCloseInputStreamEntry(ModelControllerClientTestCase.java:346) > {code} > These failures have been mildly annoying on ci.wildfly.org, but now that the same code is being on other test machines, e.g. brontes used for EAP testing, they are completely intolerable, affecting a high percentage of CI runs for pull requests. > I believe the issue arises from changes to these fixtures that came in as part of the Remoting 5 upgrade such that a remoting Endpoint is not being created/shutdown for each test method. This causes a problem because the AcceptingChannel<StreamConnection> created by Endpoint.getConnectionProviderInterface(...).createServer(...) *does not* synchronously close down the underlying socket as part of a call to its close() method. > The socket is not closed synchronously because the ServerSocketChannel impl of close() does not close the socket if there are any registered keys. Debugging shows the socket is not closed until this stack happens: > {code} > "XNIO-1 Accept@1562" daemon prio=5 tid=0xf nid=NA runnable > java.lang.Thread.State: RUNNABLE > at sun.nio.ch.ServerSocketChannelImpl.kill(ServerSocketChannelImpl.java:307) > - locked <0xc0d> (a java.lang.Object) > at sun.nio.ch.KQueueSelectorImpl.implDereg(KQueueSelectorImpl.java:229) > at sun.nio.ch.SelectorImpl.processDeregisterQueue(SelectorImpl.java:149) > - locked <0xc38> (a java.util.HashSet) > at sun.nio.ch.KQueueSelectorImpl.doSelect(KQueueSelectorImpl.java:107) > at sun.nio.ch.SelectorImpl.lockAndDoSelect(SelectorImpl.java:86) > - locked <0xc2b> (a sun.nio.ch.KQueueSelectorImpl) > - locked <0xc39> (a java.util.Collections$UnmodifiableSet) > - locked <0xc3a> (a sun.nio.ch.Util$2) > at sun.nio.ch.SelectorImpl.select(SelectorImpl.java:97) > at sun.nio.ch.SelectorImpl.select(SelectorImpl.java:101) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:519) > {code} > That thread is not under the control of the test fixture, which means there's a race between it closing the socket and the test moving on the next setup where it tries to open the socket. > I think the only solution for this is to bring the endpoint lifecycle back under the control of the test fixture such that the fixture knows all is shutdown. I don't see anything else the test can block on to ensure the server socket is closed. > I think this would be a bug for any use of remoting where a server may quickly be shutdown and then recreated. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3302) Intermittent protocol and controller module unit test failures since move to JBoss Remoting 5

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3302?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3302: ------------------------------------- Fix Version/s: (was: 4.0.0.Alpha1) (was: 3.0.4.Final) > Intermittent protocol and controller module unit test failures since move to JBoss Remoting 5 > --------------------------------------------------------------------------------------------- > > Key: WFCORE-3302 > URL: https://issues.jboss.org/browse/WFCORE-3302 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Test Suite > Reporter: Brian Stansberry > Assignee: Brian Stansberry > > This bug is about problems in WF Core management tests. I believe it exposes a flaw in how remoting handles server sockets, but AFAIK there is no impact on WF Core remoting server sockets. > Since the move to JBoss Remoting 5 we've seen intermittent failures in the protocol and controller module testsuites involving the tests that use their respective copies of the ChannelServer + RemoteChannelPairSetup test fixture. These tests all do a setup and teardown of the fixture for each test method (i.e. @Before and @After) with the failure being that a test fails creating a remoting server with a failure that indicates the server from a previous test hasn't completely shut down yet: > {code} > java.lang.RuntimeException: java.net.BindException: Address already in use: bind > at sun.nio.ch.Net.bind0(Native Method) > at sun.nio.ch.Net.bind(Net.java:433) > at sun.nio.ch.Net.bind(Net.java:425) > at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223) > at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) > at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:67) > at org.xnio.nio.NioXnioWorker.createTcpConnectionServer(NioXnioWorker.java:181) > at org.xnio.XnioWorker.createStreamConnectionServer(XnioWorker.java:282) > at org.jboss.remoting3.remote.RemoteConnectionProvider$ProviderInterface.createServer(RemoteConnectionProvider.java:372) > at org.jboss.as.controller.support.ChannelServer.create(ChannelServer.java:92) > at org.jboss.as.controller.support.RemoteChannelPairSetup.setupRemoting(RemoteChannelPairSetup.java:88) > at org.jboss.as.controller.ModelControllerClientTestCase.setupTestClient(ModelControllerClientTestCase.java:94) > at org.jboss.as.controller.ModelControllerClientTestCase.testCloseInputStreamEntry(ModelControllerClientTestCase.java:346) > {code} > These failures have been mildly annoying on ci.wildfly.org, but now that the same code is being on other test machines, e.g. brontes used for EAP testing, they are completely intolerable, affecting a high percentage of CI runs for pull requests. > I believe the issue arises from changes to these fixtures that came in as part of the Remoting 5 upgrade such that a remoting Endpoint is not being created/shutdown for each test method. This causes a problem because the AcceptingChannel<StreamConnection> created by Endpoint.getConnectionProviderInterface(...).createServer(...) *does not* synchronously close down the underlying socket as part of a call to its close() method. > The socket is not closed synchronously because the ServerSocketChannel impl of close() does not close the socket if there are any registered keys. Debugging shows the socket is not closed until this stack happens: > {code} > "XNIO-1 Accept@1562" daemon prio=5 tid=0xf nid=NA runnable > java.lang.Thread.State: RUNNABLE > at sun.nio.ch.ServerSocketChannelImpl.kill(ServerSocketChannelImpl.java:307) > - locked <0xc0d> (a java.lang.Object) > at sun.nio.ch.KQueueSelectorImpl.implDereg(KQueueSelectorImpl.java:229) > at sun.nio.ch.SelectorImpl.processDeregisterQueue(SelectorImpl.java:149) > - locked <0xc38> (a java.util.HashSet) > at sun.nio.ch.KQueueSelectorImpl.doSelect(KQueueSelectorImpl.java:107) > at sun.nio.ch.SelectorImpl.lockAndDoSelect(SelectorImpl.java:86) > - locked <0xc2b> (a sun.nio.ch.KQueueSelectorImpl) > - locked <0xc39> (a java.util.Collections$UnmodifiableSet) > - locked <0xc3a> (a sun.nio.ch.Util$2) > at sun.nio.ch.SelectorImpl.select(SelectorImpl.java:97) > at sun.nio.ch.SelectorImpl.select(SelectorImpl.java:101) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:519) > {code} > That thread is not under the control of the test fixture, which means there's a race between it closing the socket and the test moving on the next setup where it tries to open the socket. > I think the only solution for this is to bring the endpoint lifecycle back under the control of the test fixture such that the fixture knows all is shutdown. I don't see anything else the test can block on to ensure the server socket is closed. > I think this would be a bug for any use of remoting where a server may quickly be shutdown and then recreated. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3302) Intermittent protocol and controller module unit test failures since move to JBoss Remoting 5

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3302?page=com.atlassian.jira.plugi... ] Brian Stansberry reassigned WFCORE-3302: ---------------------------------------- Assignee: (was: Brian Stansberry) > Intermittent protocol and controller module unit test failures since move to JBoss Remoting 5 > --------------------------------------------------------------------------------------------- > > Key: WFCORE-3302 > URL: https://issues.jboss.org/browse/WFCORE-3302 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Test Suite > Reporter: Brian Stansberry > > This bug is about problems in WF Core management tests. I believe it exposes a flaw in how remoting handles server sockets, but AFAIK there is no impact on WF Core remoting server sockets. > Since the move to JBoss Remoting 5 we've seen intermittent failures in the protocol and controller module testsuites involving the tests that use their respective copies of the ChannelServer + RemoteChannelPairSetup test fixture. These tests all do a setup and teardown of the fixture for each test method (i.e. @Before and @After) with the failure being that a test fails creating a remoting server with a failure that indicates the server from a previous test hasn't completely shut down yet: > {code} > java.lang.RuntimeException: java.net.BindException: Address already in use: bind > at sun.nio.ch.Net.bind0(Native Method) > at sun.nio.ch.Net.bind(Net.java:433) > at sun.nio.ch.Net.bind(Net.java:425) > at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223) > at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) > at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:67) > at org.xnio.nio.NioXnioWorker.createTcpConnectionServer(NioXnioWorker.java:181) > at org.xnio.XnioWorker.createStreamConnectionServer(XnioWorker.java:282) > at org.jboss.remoting3.remote.RemoteConnectionProvider$ProviderInterface.createServer(RemoteConnectionProvider.java:372) > at org.jboss.as.controller.support.ChannelServer.create(ChannelServer.java:92) > at org.jboss.as.controller.support.RemoteChannelPairSetup.setupRemoting(RemoteChannelPairSetup.java:88) > at org.jboss.as.controller.ModelControllerClientTestCase.setupTestClient(ModelControllerClientTestCase.java:94) > at org.jboss.as.controller.ModelControllerClientTestCase.testCloseInputStreamEntry(ModelControllerClientTestCase.java:346) > {code} > These failures have been mildly annoying on ci.wildfly.org, but now that the same code is being on other test machines, e.g. brontes used for EAP testing, they are completely intolerable, affecting a high percentage of CI runs for pull requests. > I believe the issue arises from changes to these fixtures that came in as part of the Remoting 5 upgrade such that a remoting Endpoint is not being created/shutdown for each test method. This causes a problem because the AcceptingChannel<StreamConnection> created by Endpoint.getConnectionProviderInterface(...).createServer(...) *does not* synchronously close down the underlying socket as part of a call to its close() method. > The socket is not closed synchronously because the ServerSocketChannel impl of close() does not close the socket if there are any registered keys. Debugging shows the socket is not closed until this stack happens: > {code} > "XNIO-1 Accept@1562" daemon prio=5 tid=0xf nid=NA runnable > java.lang.Thread.State: RUNNABLE > at sun.nio.ch.ServerSocketChannelImpl.kill(ServerSocketChannelImpl.java:307) > - locked <0xc0d> (a java.lang.Object) > at sun.nio.ch.KQueueSelectorImpl.implDereg(KQueueSelectorImpl.java:229) > at sun.nio.ch.SelectorImpl.processDeregisterQueue(SelectorImpl.java:149) > - locked <0xc38> (a java.util.HashSet) > at sun.nio.ch.KQueueSelectorImpl.doSelect(KQueueSelectorImpl.java:107) > at sun.nio.ch.SelectorImpl.lockAndDoSelect(SelectorImpl.java:86) > - locked <0xc2b> (a sun.nio.ch.KQueueSelectorImpl) > - locked <0xc39> (a java.util.Collections$UnmodifiableSet) > - locked <0xc3a> (a sun.nio.ch.Util$2) > at sun.nio.ch.SelectorImpl.select(SelectorImpl.java:97) > at sun.nio.ch.SelectorImpl.select(SelectorImpl.java:101) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:519) > {code} > That thread is not under the control of the test fixture, which means there's a race between it closing the socket and the test moving on the next setup where it tries to open the socket. > I think the only solution for this is to bring the endpoint lifecycle back under the control of the test fixture such that the fixture knows all is shutdown. I don't see anything else the test can block on to ensure the server socket is closed. > I think this would be a bug for any use of remoting where a server may quickly be shutdown and then recreated. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 6 months

1
0
0 / 0

[JBoss JIRA] (JBEE-181) Some XACML tests fail with security manager

by Yeray Borges (JIRA)

[ https://issues.jboss.org/browse/JBEE-181?page=com.atlassian.jira.plugin.s... ] Yeray Borges updated JBEE-181: ------------------------------ Git Pull Request: https://github.com/jboss/jboss-jaxb-api_spec/pull/9 > Some XACML tests fail with security manager > ------------------------------------------- > > Key: JBEE-181 > URL: https://issues.jboss.org/browse/JBEE-181 > Project: JBoss JavaEE Spec APIs > Issue Type: Bug > Components: jboss-jaxb-api > Reporter: Yeray Borges > Assignee: Yeray Borges > Priority: Critical > Labels: security-manager > > Some XACML tests fail with security manager, mostly because of missing permission "("java.io.FilePermission" "/home/okotek/git/wildfly/dist/target/wildfly-11.0.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar" "read")": > {noformat} > ERROR [io.undertow.request] (default task-3) UT005023: Exception handling request to /custom-xacml-web-test/secured: java.lang.ExceptionInInitializerError > at org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule.<init>(CustomXACMLAuthorizationModule.java:68) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:423) > at java.lang.Class.newInstance(Class.java:442) > at org.jboss.security.plugins.authorization.JBossAuthorizationContext.instantiateModule(JBossAuthorizationContext.java:329) > at org.jboss.security.plugins.authorization.JBossAuthorizationContext.initializeModules(JBossAuthorizationContext.java:205) > at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:141) > at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438) > at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115) > at org.jboss.security.plugins.javaee.WebAuthorizationHelper.checkResourcePermission(WebAuthorizationHelper.java:119) > at org.wildfly.extension.undertow.security.JbossAuthorizationManager.canAccessResource(JbossAuthorizationManager.java:160) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:55) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110) > at java.security.AccessController.doPrivileged(Native Method) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/okotek/git/wildfly/dist/target/wildfly-11.0.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar" "read")" in code source "(vfs:/content/custom-xacml-web-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.custom-xacml-web-test.war" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350) > at java.util.zip.ZipFile.<init>(ZipFile.java:216) > at java.util.zip.ZipFile.<init>(ZipFile.java:155) > at java.util.jar.JarFile.<init>(JarFile.java:166) > at java.util.jar.JarFile.<init>(JarFile.java:103) > at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93) > at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69) > at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:84) > at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) > at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150) > at java.net.URL.openStream(URL.java:1045) > at javax.xml.bind.ContextFinder.find(ContextFinder.java:292) > at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:412) > at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:375) > at org.jboss.security.xacml.core.JBossPDP.<clinit>(JBossPDP.java:126) > ... 55 more > {noformat} > Looks like a privileged block is missing. Hence Critical. > After adding such permission, there are another permissions missing: > * {{WebXACMLAuthorizationModuleTestCase}} -- {{RuntimePermission("accessDeclaredMembers")}}, {{ReflectPermission("suppressAccessChecks")}}, {{RuntimePermission("getClassLoader")}} > * {{JBossPDPServletInitializationTestCase}} -- {{RuntimePermission("accessDeclaredMembers")}} > * {{JBossPDPInteroperabilityTestCase}} -- additional file permissions, {{RuntimePermission("accessDeclaredMembers")}}, {{RuntimePermission("getClassLoader")}}, {{ReflectPermission("suppressAccessChecks")}}, {{PropertyPermission("user.dir", "read")}} > * {{EjbXACMLAuthorizationModuleTestCase}} -- {{RuntimePermission("accessDeclaredMembers")}}, {{RuntimePermission("getClassLoader")}}, {{ReflectPermission("suppressAccessChecks")}}, {{ElytronPermission("getSecurityDomain")}} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 6 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-982) Some XACML tests fail with security manager

by Yeray Borges (JIRA)

[ https://issues.jboss.org/browse/SECURITY-982?page=com.atlassian.jira.plug... ] Yeray Borges updated SECURITY-982: ---------------------------------- Git Pull Request: https://github.com/picketbox/security-xacml/pull/9 > Some XACML tests fail with security manager > ------------------------------------------- > > Key: SECURITY-982 > URL: https://issues.jboss.org/browse/SECURITY-982 > Project: PicketBox > Issue Type: Bug > Components: JBossXACML > Reporter: Yeray Borges > Assignee: Yeray Borges > Priority: Critical > Labels: security-manager > > Some XACML tests fail with security manager, mostly because of missing permission "("java.io.FilePermission" "/home/okotek/git/wildfly/dist/target/wildfly-11.0.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar" "read")": > {noformat} > ERROR [io.undertow.request] (default task-3) UT005023: Exception handling request to /custom-xacml-web-test/secured: java.lang.ExceptionInInitializerError > at org.jboss.as.test.integration.security.xacml.CustomXACMLAuthorizationModule.<init>(CustomXACMLAuthorizationModule.java:68) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:423) > at java.lang.Class.newInstance(Class.java:442) > at org.jboss.security.plugins.authorization.JBossAuthorizationContext.instantiateModule(JBossAuthorizationContext.java:329) > at org.jboss.security.plugins.authorization.JBossAuthorizationContext.initializeModules(JBossAuthorizationContext.java:205) > at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:141) > at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438) > at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115) > at org.jboss.security.plugins.javaee.WebAuthorizationHelper.checkResourcePermission(WebAuthorizationHelper.java:119) > at org.wildfly.extension.undertow.security.JbossAuthorizationManager.canAccessResource(JbossAuthorizationManager.java:160) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:55) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110) > at java.security.AccessController.doPrivileged(Native Method) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/okotek/git/wildfly/dist/target/wildfly-11.0.0.Final-SNAPSHOT/modules/system/layers/base/com/sun/xml/bind/main/jaxb-runtime-2.2.11.jbossorg-1.jar" "read")" in code source "(vfs:/content/custom-xacml-web-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.custom-xacml-web-test.war" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350) > at java.util.zip.ZipFile.<init>(ZipFile.java:216) > at java.util.zip.ZipFile.<init>(ZipFile.java:155) > at java.util.jar.JarFile.<init>(JarFile.java:166) > at java.util.jar.JarFile.<init>(JarFile.java:103) > at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93) > at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69) > at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:84) > at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122) > at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150) > at java.net.URL.openStream(URL.java:1045) > at javax.xml.bind.ContextFinder.find(ContextFinder.java:292) > at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:412) > at javax.xml.bind.JAXBContext.newInstance(JAXBContext.java:375) > at org.jboss.security.xacml.core.JBossPDP.<clinit>(JBossPDP.java:126) > ... 55 more > {noformat} > Looks like a privileged block is missing. Hence Critical. > After adding such permission, there are another permissions missing: > * {{WebXACMLAuthorizationModuleTestCase}} -- {{RuntimePermission("accessDeclaredMembers")}}, {{ReflectPermission("suppressAccessChecks")}}, {{RuntimePermission("getClassLoader")}} > * {{JBossPDPServletInitializationTestCase}} -- {{RuntimePermission("accessDeclaredMembers")}} > * {{JBossPDPInteroperabilityTestCase}} -- additional file permissions, {{RuntimePermission("accessDeclaredMembers")}}, {{RuntimePermission("getClassLoader")}}, {{ReflectPermission("suppressAccessChecks")}}, {{PropertyPermission("user.dir", "read")}} > * {{EjbXACMLAuthorizationModuleTestCase}} -- {{RuntimePermission("accessDeclaredMembers")}}, {{RuntimePermission("getClassLoader")}}, {{ReflectPermission("suppressAccessChecks")}}, {{ElytronPermission("getSecurityDomain")}} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 6 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira October 2017