[JBoss JIRA] (ELY-251) More certain credential based mechanism selection.
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-251?page=com.atlassian.jira.plugin.sy... ]
Jan Kalina reassigned ELY-251:
------------------------------
Assignee: (was: Jan Kalina)
> More certain credential based mechanism selection.
> --------------------------------------------------
>
> Key: ELY-251
> URL: https://issues.jboss.org/browse/ELY-251
> Project: WildFly Elytron
> Issue Type: Task
> Components: SASL
> Reporter: Darran Lofthouse
> Fix For: 1.2.0.Beta11
>
>
> When filtering authentication mechanisms we need to really be able to offer two modes: -
> 1 - Only offer a mech if we are sure it is supported.
> Risks only offering a weaker mechanism in a mixed domain but also eliminates mechanisms that could fail for a valid user that just happens to have a different credential type.
> 2- More general support.
> i.e. offer the mechs that may be supported.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (ELY-251) More certain credential based mechanism selection.
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-251?page=com.atlassian.jira.plugin.sy... ]
Jan Kalina reassigned ELY-251:
------------------------------
Assignee: Jan Kalina
> More certain credential based mechanism selection.
> --------------------------------------------------
>
> Key: ELY-251
> URL: https://issues.jboss.org/browse/ELY-251
> Project: WildFly Elytron
> Issue Type: Task
> Components: SASL
> Reporter: Darran Lofthouse
> Assignee: Jan Kalina
> Fix For: 1.2.0.Beta11
>
>
> When filtering authentication mechanisms we need to really be able to offer two modes: -
> 1 - Only offer a mech if we are sure it is supported.
> Risks only offering a weaker mechanism in a mixed domain but also eliminates mechanisms that could fail for a valid user that just happens to have a different credential type.
> 2- More general support.
> i.e. offer the mechs that may be supported.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (DROOLS-2126) kie-docs: code examples don't compile after refactoring of deps
by Marek Novotny (JIRA)
Marek Novotny created DROOLS-2126:
-------------------------------------
Summary: kie-docs: code examples don't compile after refactoring of deps
Key: DROOLS-2126
URL: https://issues.jboss.org/browse/DROOLS-2126
Project: Drools
Issue Type: Bug
Reporter: Marek Novotny
Assignee: Marek Novotny
Priority: Critical
Build for kie-docs fails to compile due missing "jackson" classes from dependencies
{noformat}
[INFO] --- maven-compiler-plugin:3.6.0:testCompile (default-testCompile) @ kie-docs-code ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 1 source file to /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/target/test-classes
[INFO] -------------------------------------------------------------
[ERROR] COMPILATION ERROR :
[INFO] -------------------------------------------------------------
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[22,28] package org.codehaus.jackson does not exist
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[23,32] package org.codehaus.jackson.map does not exist
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[24,32] package org.codehaus.jackson.map does not exist
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[37,49] cannot find symbol
symbol: class JsonGenerationException
location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[37,74] cannot find symbol
symbol: class JsonMappingException
location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[64,56] cannot find symbol
symbol: class JsonGenerationException
location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[64,81] cannot find symbol
symbol: class JsonMappingException
location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[92,58] cannot find symbol
symbol: class JsonGenerationException
location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[92,83] cannot find symbol
symbol: class JsonMappingException
location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[INFO] 9 errors
[INFO] -------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] KIE :: Documentation ............................... SUCCESS [ 1.616 s]
[INFO] KIE :: Documentation :: Example Code ............... FAILURE [ 1.368 s]
[INFO] KIE :: Documentation Guides ........................ SKIPPED
[INFO] KIE :: Documentation :: Drools ..................... SKIPPED
[INFO] KIE :: Documentation :: jBPM ....................... SKIPPED
[INFO] KIE :: Documentation :: OptaPlanner Workbench and Execution Server SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.777 s
[INFO] Finished at: 2017-11-13T14:45:00+01:00
[INFO] Final Memory: 77M/990M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.6.0:testCompile (default-testCompile) on project kie-docs-code: Compilation failure: Compilation failure:
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[22,28] package org.codehaus.jackson does not exist
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[23,32] package org.codehaus.jackson.map does not exist
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[24,32] package org.codehaus.jackson.map does not exist
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[37,49] cannot find symbol
[ERROR] symbol: class JsonGenerationException
[ERROR] location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[37,74] cannot find symbol
[ERROR] symbol: class JsonMappingException
[ERROR] location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[64,56] cannot find symbol
[ERROR] symbol: class JsonGenerationException
[ERROR] location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[64,81] cannot find symbol
[ERROR] symbol: class JsonMappingException
[ERROR] location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[92,58] cannot find symbol
[ERROR] symbol: class JsonGenerationException
[ERROR] location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[ERROR] /home/mnovotny/projects/git/KIEGROUP/kie-docs/code/src/test/java/org/guvnor/rest/backend/documentation/GuvnorSerializationExamplesTest.java:[92,83] cannot find symbol
[ERROR] symbol: class JsonMappingException
[ERROR] location: class org.guvnor.rest.backend.documentation.GuvnorSerializationExamplesTest
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :kie-docs-code
{noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFCORE-3416) User redirected with HTTP 301 instead of 302 in admin-only mode
by Tomas Hofman (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3416?page=com.atlassian.jira.plugi... ]
Tomas Hofman moved JBEAP-13771 to WFCORE-3416:
----------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-3416 (was: JBEAP-13771)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Server
(was: Web Console)
Affects Version/s: 4.0.0.Alpha2
(was: 7.0.5.GA)
> User redirected with HTTP 301 instead of 302 in admin-only mode
> ---------------------------------------------------------------
>
> Key: WFCORE-3416
> URL: https://issues.jboss.org/browse/WFCORE-3416
> Project: WildFly Core
> Issue Type: Bug
> Components: Server
> Affects Versions: 4.0.0.Alpha2
> Environment: JBoss EAP 7.1.0.Alpha and 7.0.5
> OS : RHEL 7
> Reporter: Tomas Hofman
> Assignee: Tomas Hofman
>
> The issue isn't that the console isn't working in admin-only mode. It's that a permanent redirect is issued for a temporary condition. The redirect from the console root URL should use a 302, not a 301, since the appropriate target depends on whether the server was started in admin-only mode.
> The root URL of the admin console ( / ) does a permanent redirect (301) to the final target. Normally it's a redirect to /console/index.html. But if the server is started in admin-only mode then /console/index.html doesn't return a sensible error (Chrome reports that the connection to the server was lost). If a browser has cached the permanent redirect, it won't be clear why the console isn't working.
> On the other hand if the server is started in domain-only mode and the browser caches the permanent redirect to /consoleerror/noConsoleForAdminModeError.html, then the browser will continue to load /consoleerror/noConsoleForAdminModeError.html even after the server is started without --admin-only.
> A 301 redirect is inappropriate since "admin-only" isn't a permanent state.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFCORE-3416) User redirected with HTTP 301 instead of 302 in admin-only mode
by Tomas Hofman (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3416?page=com.atlassian.jira.plugi... ]
Tomas Hofman updated WFCORE-3416:
---------------------------------
Labels: (was: fixed_in_halnext)
> User redirected with HTTP 301 instead of 302 in admin-only mode
> ---------------------------------------------------------------
>
> Key: WFCORE-3416
> URL: https://issues.jboss.org/browse/WFCORE-3416
> Project: WildFly Core
> Issue Type: Bug
> Components: Server
> Affects Versions: 4.0.0.Alpha2
> Environment: JBoss EAP 7.1.0.Alpha and 7.0.5
> OS : RHEL 7
> Reporter: Tomas Hofman
> Assignee: Tomas Hofman
>
> The issue isn't that the console isn't working in admin-only mode. It's that a permanent redirect is issued for a temporary condition. The redirect from the console root URL should use a 302, not a 301, since the appropriate target depends on whether the server was started in admin-only mode.
> The root URL of the admin console ( / ) does a permanent redirect (301) to the final target. Normally it's a redirect to /console/index.html. But if the server is started in admin-only mode then /console/index.html doesn't return a sensible error (Chrome reports that the connection to the server was lost). If a browser has cached the permanent redirect, it won't be clear why the console isn't working.
> On the other hand if the server is started in domain-only mode and the browser caches the permanent redirect to /consoleerror/noConsoleForAdminModeError.html, then the browser will continue to load /consoleerror/noConsoleForAdminModeError.html even after the server is started without --admin-only.
> A 301 redirect is inappropriate since "admin-only" isn't a permanent state.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFLY-9550) SPNEGOLoginModuleTestCase intermittently fails with security manager
by Ondrej Lukas (JIRA)
[ https://issues.jboss.org/browse/WFLY-9550?page=com.atlassian.jira.plugin.... ]
Ondrej Lukas updated WFLY-9550:
-------------------------------
Affects Version/s: 11.0.0.Final
> SPNEGOLoginModuleTestCase intermittently fails with security manager
> --------------------------------------------------------------------
>
> Key: WFLY-9550
> URL: https://issues.jboss.org/browse/WFLY-9550
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite
> Affects Versions: 11.0.0.Final
> Reporter: Ondrej Lukas
> Assignee: Ondrej Lukas
>
> *SPNEGOLoginModuleTestCase#testIdentityPropagation*
> ./integration-tests.sh -fae -Dmaven.test.failure.ignore=true -DfailIfNoTests=false -Dsecurity.manager -Dts.compat -Dts.noSmoke -Dtest=org.jboss.as.test.integration.security.loginmodules.negotiation.SPNEGOLoginModuleTestCase#testIdentityPropagation
> intermittently fails with:
> {code}
> ERROR [io.undertow.request] (default task-118) UT005023: Exception handling request to /kerberos-login-module/PropagateIdentityServlet: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.net.SocketPermission" "eap-perf-hpux-02.mw.lab.eng.bos.redhat.com" "resolve")" in code source "(vfs:/content/kerberos-login-module.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.kerberos-login-module.war" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at java.lang.SecurityManager.checkConnect(SecurityManager.java:1080)
> at org.wildfly.security.manager.WildFlySecurityManager.checkConnect(WildFlySecurityManager.java:380)
> at java.net.InetAddress.getAllByName0(InetAddress.java:1268)
> at java.net.InetAddress.getAllByName(InetAddress.java:1192)
> at java.net.InetAddress.getAllByName(InetAddress.java:1126)
> at java.net.InetAddress.getByName(InetAddress.java:1076)
> at java.net.InetSocketAddress.<init>(InetSocketAddress.java:220)
> at org.jboss.as.test.integration.security.loginmodules.negotiation.GSSTestClient.getName(GSSTestClient.java:82)
> at org.jboss.as.test.integration.security.loginmodules.negotiation.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:84)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
> at java.security.AccessController.doPrivileged(Native Method)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:748)
> {code}
> It happens in cases when GSSTestClient uses hostname but SocketPermission is granted for IP address.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFLY-9550) SPNEGOLoginModuleTestCase intermittently fails with security manager
by Ondrej Lukas (JIRA)
Ondrej Lukas created WFLY-9550:
----------------------------------
Summary: SPNEGOLoginModuleTestCase intermittently fails with security manager
Key: WFLY-9550
URL: https://issues.jboss.org/browse/WFLY-9550
Project: WildFly
Issue Type: Bug
Components: Test Suite
Reporter: Ondrej Lukas
*SPNEGOLoginModuleTestCase#testIdentityPropagation*
./integration-tests.sh -fae -Dmaven.test.failure.ignore=true -DfailIfNoTests=false -Dsecurity.manager -Dts.compat -Dts.noSmoke -Dtest=org.jboss.as.test.integration.security.loginmodules.negotiation.SPNEGOLoginModuleTestCase#testIdentityPropagation
intermittently fails with:
{code}
ERROR [io.undertow.request] (default task-118) UT005023: Exception handling request to /kerberos-login-module/PropagateIdentityServlet: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.net.SocketPermission" "eap-perf-hpux-02.mw.lab.eng.bos.redhat.com" "resolve")" in code source "(vfs:/content/kerberos-login-module.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.kerberos-login-module.war" from Service Module Loader")
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
at java.lang.SecurityManager.checkConnect(SecurityManager.java:1080)
at org.wildfly.security.manager.WildFlySecurityManager.checkConnect(WildFlySecurityManager.java:380)
at java.net.InetAddress.getAllByName0(InetAddress.java:1268)
at java.net.InetAddress.getAllByName(InetAddress.java:1192)
at java.net.InetAddress.getAllByName(InetAddress.java:1126)
at java.net.InetAddress.getByName(InetAddress.java:1076)
at java.net.InetSocketAddress.<init>(InetSocketAddress.java:220)
at org.jboss.as.test.integration.security.loginmodules.negotiation.GSSTestClient.getName(GSSTestClient.java:82)
at org.jboss.as.test.integration.security.loginmodules.negotiation.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:84)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
{code}
It happens in cases when GSSTestClient uses hostname but SocketPermission is granted for IP address.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFLY-9550) SPNEGOLoginModuleTestCase intermittently fails with security manager
by Ondrej Lukas (JIRA)
[ https://issues.jboss.org/browse/WFLY-9550?page=com.atlassian.jira.plugin.... ]
Ondrej Lukas reassigned WFLY-9550:
----------------------------------
Assignee: Ondrej Lukas
> SPNEGOLoginModuleTestCase intermittently fails with security manager
> --------------------------------------------------------------------
>
> Key: WFLY-9550
> URL: https://issues.jboss.org/browse/WFLY-9550
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite
> Reporter: Ondrej Lukas
> Assignee: Ondrej Lukas
>
> *SPNEGOLoginModuleTestCase#testIdentityPropagation*
> ./integration-tests.sh -fae -Dmaven.test.failure.ignore=true -DfailIfNoTests=false -Dsecurity.manager -Dts.compat -Dts.noSmoke -Dtest=org.jboss.as.test.integration.security.loginmodules.negotiation.SPNEGOLoginModuleTestCase#testIdentityPropagation
> intermittently fails with:
> {code}
> ERROR [io.undertow.request] (default task-118) UT005023: Exception handling request to /kerberos-login-module/PropagateIdentityServlet: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.net.SocketPermission" "eap-perf-hpux-02.mw.lab.eng.bos.redhat.com" "resolve")" in code source "(vfs:/content/kerberos-login-module.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.kerberos-login-module.war" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at java.lang.SecurityManager.checkConnect(SecurityManager.java:1080)
> at org.wildfly.security.manager.WildFlySecurityManager.checkConnect(WildFlySecurityManager.java:380)
> at java.net.InetAddress.getAllByName0(InetAddress.java:1268)
> at java.net.InetAddress.getAllByName(InetAddress.java:1192)
> at java.net.InetAddress.getAllByName(InetAddress.java:1126)
> at java.net.InetAddress.getByName(InetAddress.java:1076)
> at java.net.InetSocketAddress.<init>(InetSocketAddress.java:220)
> at org.jboss.as.test.integration.security.loginmodules.negotiation.GSSTestClient.getName(GSSTestClient.java:82)
> at org.jboss.as.test.integration.security.loginmodules.negotiation.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:84)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
> at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
> at java.security.AccessController.doPrivileged(Native Method)
> at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:748)
> {code}
> It happens in cases when GSSTestClient uses hostname but SocketPermission is granted for IP address.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months