[JBoss JIRA] (WFLY-9541) Storing a LinkedHashMap subclass in the session breaks replication.
by Paul Ferraro (JIRA)
[ https://issues.jboss.org/browse/WFLY-9541?page=com.atlassian.jira.plugin.... ]
Paul Ferraro commented on WFLY-9541:
------------------------------------
[~dmlloyd] FYI - the clustering Externalizers to which I referred are not used as JBM Externalizers, but rather used build an application specific object table. Because of this, a serializable replacement object isn't going to be a usable workaround for the problem as described above, since the mismatched object table entry will take precedence over the class's custom serialization logic.
> Storing a LinkedHashMap subclass in the session breaks replication.
> -------------------------------------------------------------------
>
> Key: WFLY-9541
> URL: https://issues.jboss.org/browse/WFLY-9541
> Project: WildFly
> Issue Type: Bug
> Components: Clustering
> Affects Versions: 12.0.0.Alpha1
> Environment: Tested on JDK 1.8.0_152 on OS X 10.12
> Reporter: Klaasjan Brand
> Assignee: Paul Ferraro
>
> Context: trying to get one of our applications to work with Wildfly session replication.
> After trying out a build from the Wildfly master branch to test another bug I submitted I noticed another issue which works fine in the Wildfly 11 release.
> Our application has a custom LinkedHashMap subclass (MostRecentlyUsedMap from the Wicket framework) which it stores in the session. It also keeps a reference to the subclass since that one has a few extra fields.
> When marshalling the session the MostRecentlyUsedMap is converted to a LinkedHashMap. When unmarshalling the session this causes an error since the field is of the subclass type.
> This behaviour is new in WF 12 and is related to this commit:
> https://github.com/wildfly/wildfly/commit/143527f595206c5f2bf037b47c797f0...
> (fix for the WFLY-9497 issue).
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (ELY-1440) FlexibleIdentityAssociation should runAs the known SecurityIdentity before associating itself.
by Darran Lofthouse (JIRA)
Darran Lofthouse created ELY-1440:
-------------------------------------
Summary: FlexibleIdentityAssociation should runAs the known SecurityIdentity before associating itself.
Key: ELY-1440
URL: https://issues.jboss.org/browse/ELY-1440
Project: WildFly Elytron
Issue Type: Enhancement
Components: API / SPI
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 1.2.0.Beta10
This API was introduced to cover the case where authentication happens late in a request, generally that is quite a rare event.
Even though the API may be popular it would likely happen once for a session and all future requests for that session the identity would be known in advance.
At the moment by not running as the existing identity we are loosing all automatic identity outflow opportunities as calls pass from the servlet container to the EJB container.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFLY-9064) HibernateNativeAPINaturalIdTestCase fails with security manager
by Ondrej Kotek (JIRA)
[ https://issues.jboss.org/browse/WFLY-9064?page=com.atlassian.jira.plugin.... ]
Ondrej Kotek commented on WFLY-9064:
------------------------------------
The Hibernate part is fixed in 5.2.12, and there is [open PR for 5.1|https://github.com/hibernate/hibernate-orm/pull/2033].
> HibernateNativeAPINaturalIdTestCase fails with security manager
> ---------------------------------------------------------------
>
> Key: WFLY-9064
> URL: https://issues.jboss.org/browse/WFLY-9064
> Project: WildFly
> Issue Type: Bug
> Components: JPA / Hibernate, Test Suite
> Affects Versions: 11.0.0.Beta1
> Reporter: Ondrej Kotek
> Assignee: Romain Pelisse
> Priority: Critical
> Labels: security-manager
>
> {{HibernateNativeAPINaturalIdTestCase}} fails with security manager because of missing permission {{"("java.lang.RuntimePermission" "createClassLoader")"}}:
> {noformat}
> javax.ejb.EJBException: java.lang.RuntimeException: Could not setup config
> at org.jboss.as.ejb3.tx.BMTInterceptor.handleException(BMTInterceptor.java:83)
> at org.jboss.as.ejb3.tx.StatefulBMTInterceptor.handleInvocation(StatefulBMTInterceptor.java:96)
> ...
> Caused by: java.lang.RuntimeException: Could not setup config
> at org.jboss.as.test.integration.hibernate.naturalid.SFSBHibernateSFNaturalId.setupConfig(SFSBHibernateSFNaturalId.java:69)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ...
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "createClassLoader")" in code source "(vfs:/content/hibernate4naturalid_test.ear/beans.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.hibernate4naturalid_test.ear.beans.jar" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at java.lang.SecurityManager.checkCreateClassLoader(SecurityManager.java:611)
> at org.wildfly.security.manager.WildFlySecurityManager.checkCreateClassLoader(WildFlySecurityManager.java:308)
> ...
> {noformat}
> After adding the permission, there is another missing permission {{"("java.io.FilePermission" "/home/okotek/git/wildfly/dist/target/wildfly-11.0.0.Beta1-SNAPSHOT/modules/system/layers/base/org/hibernate/main/hibernate-envers-5.1.8.Final.jar" "read")"}}. A privileged section is missing probably.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (WFLY-3313) Websocket Auth - Container is not aware of the Principal
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-3313?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse commented on WFLY-3313:
----------------------------------------
Can you please try this on WildFly 11? If this was present in WildFly 10 it is possible this still is an issue but there has been a lot of rework regarding identity associated in WildFly 11 so would be good to confirm if that is the case.
> Websocket Auth - Container is not aware of the Principal
> --------------------------------------------------------
>
> Key: WFLY-3313
> URL: https://issues.jboss.org/browse/WFLY-3313
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Security, Web (Undertow), Web Sockets
> Affects Versions: 8.1.0.CR1, 10.0.0.Final
> Reporter: Markus D
> Assignee: Stuart Douglas
> Attachments: websocket-different-principals-ejb-vs-socket.png
>
>
> The Websocket is protected by the web.xml. The session object of the callback object correctly returns the principal.
> When an EJB is called the callerPrincipal is always anonymous.
> @Resource
> private SessionContext ctx;
> Principal callerPrincipal = ctx.getCallerPrincipal();
> Running thread here:
> https://community.jboss.org/thread/240617
> Shouldn't the principal be propagated to the EJB container when a websocket callback method triggered?
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months
[JBoss JIRA] (DROOLS-1745) An error occurs when we add a new Drools runtime
by Andrej Podhradsky (JIRA)
[ https://issues.jboss.org/browse/DROOLS-1745?page=com.atlassian.jira.plugi... ]
Andrej Podhradsky commented on DROOLS-1745:
-------------------------------------------
The problem is in drools jar files. Some of them have different versions in MANIFEST.MF for
{code}
Bundle-Version
Implementation-Version
{code}
so the tooling finds two different versions.
> An error occurs when we add a new Drools runtime
> ------------------------------------------------
>
> Key: DROOLS-1745
> URL: https://issues.jboss.org/browse/DROOLS-1745
> Project: Drools
> Issue Type: Bug
> Components: eclipse plugin
> Affects Versions: 7.3.0.Final
> Environment: Devstudio 11.1.0.AM2 + Devstudio IS 11.1.0.AM1-SNAPSHOT
> Drools plugin 7.3.0.Final
> BRMS 6.4.4.GA
> Reporter: Andrej Podhradsky
> Attachments: errorLog.txt
>
>
> The following error occurs when we add a new Drools runtime
> {code}
> The Runtime at '/home/apodhrad/Projects/server-installer/brms-6.4.4.GA/target/jboss-brms-6.4-engine' may have more than one version of installed jar files for the drools product.
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 8 months