[JBoss JIRA] (WFLY-9600) [GSS](7.2.0) Apostrophe in an attribute with multiple EL parts breaks function lookup
by Brad Maxwell (JIRA)
Brad Maxwell created WFLY-9600:
----------------------------------
Summary: [GSS](7.2.0) Apostrophe in an attribute with multiple EL parts breaks function lookup
Key: WFLY-9600
URL: https://issues.jboss.org/browse/WFLY-9600
Project: WildFly
Issue Type: Bug
Components: EE, Web (Undertow)
Affects Versions: 10.0.0.Final
Reporter: Brad Maxwell
Assignee: Tomaz Cerar
Priority: Critical
Attachments: jastow-bug.war.zip, jastow.diff
Certain EL pieces result in unexplained org.apache.jasper.JasperException "contains invalid expression(s)" (the exception _does not_ explain what is invalid). After lots of tries, I have narrowed it down: 1) there must be several EL pieces in one string; 2) there must be an apostrophe in between.
This looks very similar to bug WFLY-4455. It breaks several pages in our application, blocking upgrade to WildFly 10.
Example is attached.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 7 months
[JBoss JIRA] (WFCORE-887) "Deprecate" using an expression in model refs to interfaces
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-887?page=com.atlassian.jira.plugin... ]
Brian Stansberry edited comment on WFCORE-887 at 12/6/17 2:09 PM:
------------------------------------------------------------------
Analysis of the current (master) WildFly management API using the hal/model-graph[1] tool shows the following attributes that are credential references but also support expressions:
{code}
╒══════════════════════════════════════════════════════════════════════╤═════════════════════════════╕
│"r.address" │"a.name" │
╞══════════════════════════════════════════════════════════════════════╪═════════════════════════════╡
│"/host=master/core-service=management/management-interface=http-interf│"interface" │
│ace" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/core-service=management/management-interface=native-inte│"interface" │
│rface" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*" │"default-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/local-destination-outbound-socket│"socket-binding-ref" │
│-binding=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/local-destination-outbound-socket│"source-interface" │
│-binding=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/remote-destination-outbound-socke│"source-interface" │
│t-binding=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/socket-binding=*" │"interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=mail/mail-session=*/custom=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=remoting/local-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=remoting/remote-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=singleton/singleton-policy=*/election-policy=ran│"socket-binding-preferences" │
│dom" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=singleton/singleton-policy=*/election-policy=sim│"socket-binding-preferences" │
│ple" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=filter/mod-cluster=*" │"advertise-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=filter/mod-cluster=*" │"management-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=filter/mod-cluster=*" │"worker" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=handler/reverse-proxy=*/h│"outbound-socket-binding" │
│ost=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*" │"default-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"socket-binding-ref" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/remote-destination-outbound-socket-binding=*"│"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/socket-binding=*" │"interface" │
└──────────────────────────────────────────────────────────────────────┴─────────────────────────────┘
{code}
This was a test against the model reported by an HC using host-master.xml and the standard domain.xml modified to add the rts, xts and picketlink extensions.
The Cypher query used was:
{code}
MATCH (r:Resource)-->(a:Attribute)-[:REFERENCES_CAPABILITY]->(c:Capability)
WHERE c IS NOT NULL AND
a.`expressions-allowed` = true
RETURN r.address, a.name
{code}
Following is a check of standalone using standalone-full-ha.xml.
{code}
╒══════════════════════════════════════════════════════════════════════╤═════════════════════════════╕
│"r.address" │"a.name" │
╞══════════════════════════════════════════════════════════════════════╪═════════════════════════════╡
│"/socket-binding-group=*" │"default-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"socket-binding-ref" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/remote-destination-outbound-socket-binding=*"│"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/socket-binding=*" │"interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=mail/mail-session=*/custom=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=remoting/local-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=remoting/remote-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=singleton/singleton-policy=*/election-policy=random" │"socket-binding-preferences" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=singleton/singleton-policy=*/election-policy=simple" │"socket-binding-preferences" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=filter/mod-cluster=*" │"advertise-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=filter/mod-cluster=*" │"management-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=filter/mod-cluster=*" │"worker" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=handler/reverse-proxy=*/host=*" │"outbound-socket-binding" │
└──────────────────────────────────────────────────────────────────────┴─────────────────────────────┘
{code}
[1] https://github.com/hal/model-graph Sweet! Thank you [~harald.pehl]!
[2] https://neo4j.com/docs/cypher-refcard/current/
was (Author: brian.stansberry):
Analysis of the current (master) WildFly management API using the hal/model-graph[1] tool shows the following attributes that are credential references but also support expressions:
{code}
╒══════════════════════════════════════════════════════════════════════╤═════════════════════════════╕
│"r.address" │"a.name" │
╞══════════════════════════════════════════════════════════════════════╪═════════════════════════════╡
│"/host=master/core-service=management/management-interface=http-interf│"interface" │
│ace" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/core-service=management/management-interface=native-inte│"interface" │
│rface" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*" │"default-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/local-destination-outbound-socket│"socket-binding-ref" │
│-binding=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/local-destination-outbound-socket│"source-interface" │
│-binding=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/remote-destination-outbound-socke│"source-interface" │
│t-binding=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/socket-binding=*" │"interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=mail/mail-session=*/custom=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=remoting/local-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=remoting/remote-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=singleton/singleton-policy=*/election-policy=ran│"socket-binding-preferences" │
│dom" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=singleton/singleton-policy=*/election-policy=sim│"socket-binding-preferences" │
│ple" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=filter/mod-cluster=*" │"advertise-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=filter/mod-cluster=*" │"management-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=filter/mod-cluster=*" │"worker" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=handler/reverse-proxy=*/h│"outbound-socket-binding" │
│ost=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*" │"default-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"socket-binding-ref" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/remote-destination-outbound-socket-binding=*"│"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/socket-binding=*" │"interface" │
└──────────────────────────────────────────────────────────────────────┴─────────────────────────────┘
{code}
This was a test against the model reported by an HC using host-master.xml and the standard domain.xml modified to add the rts, xts and picketlink extensions.
The Cypher query used was:
{code}
MATCH (r:Resource)-->(a:Attribute)-[:REFERENCES_CAPABILITY]->(c:Capability)
WHERE c IS NOT NULL AND
a.`expressions-allowed` = true
RETURN r.address, a.name
{code}
Following is a check of standalone using standalone-full-ha.xml.
{code}
╒══════════════════════════════════════════════════════════════════════╤═════════════════════════════╕
│"r.address" │"a.name" │
╞══════════════════════════════════════════════════════════════════════╪═════════════════════════════╡
│"/socket-binding-group=*" │"default-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"socket-binding-ref" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/remote-destination-outbound-socket-binding=*"│"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/socket-binding=*" │"interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=mail/mail-session=*/custom=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=remoting/local-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=remoting/remote-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=singleton/singleton-policy=*/election-policy=random" │"socket-binding-preferences" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=singleton/singleton-policy=*/election-policy=simple" │"socket-binding-preferences" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=filter/mod-cluster=*" │"advertise-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=filter/mod-cluster=*" │"management-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=filter/mod-cluster=*" │"worker" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=handler/reverse-proxy=*/host=*" │"outbound-socket-binding" │
└──────────────────────────────────────────────────────────────────────┴─────────────────────────────┘
{code}
[1] https://github.com/hal/model-graph Sweet!
[2] https://neo4j.com/docs/cypher-refcard/current/
> "Deprecate" using an expression in model refs to interfaces
> -----------------------------------------------------------
>
> Key: WFCORE-887
> URL: https://issues.jboss.org/browse/WFCORE-887
> Project: WildFly Core
> Issue Type: Task
> Components: Domain Management
> Reporter: Brian Stansberry
> Fix For: 4.0.0.Alpha5
>
>
> SocketBindingGroupResourceDefinition and OutboundSocketBindingResourceDefinition both have attributes that represent model refs to interface resources, but which also allow expressions.
> Model references should not allow expressions. These were "grandfathered in" when the large scale expression support roll out happened for AS 7.2 / EAP 6.1.
> There's no metadata facility to record that expression support is deprecated, but the add handler for these should log a WARN if they encounter an expression. Hopefully in EAP 8 we can then remove expression support.
> We use INFO messages for other management API deprecation messages, but these I believe deserve a WARN. The issue here isn't just that we may change something in the future (seen as not justifying a WARN) but also that the capability/requirement bookkeeping for the attribute cannot be properly done if an expression is used, meaning the model integrity behavior meant to be in place cannot be used.
> We should look for other cases like this too, although those changes should be separate JIRAs.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 7 months
[JBoss JIRA] (WFCORE-887) "Deprecate" using an expression in model refs to interfaces
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-887?page=com.atlassian.jira.plugin... ]
Brian Stansberry updated WFCORE-887:
------------------------------------
Description:
SocketBindingGroupResourceDefinition and OutboundSocketBindingResourceDefinition both have attributes that represent model refs to interface resources, but which also allow expressions.
Model references should not allow expressions. These were "grandfathered in" when the large scale expression support roll out happened for AS 7.2 / EAP 6.1.
There's no metadata facility to record that expression support is deprecated, but the add handler for these should log a WARN if they encounter an expression. Hopefully in EAP 8 we can then remove expression support.
We use INFO messages for other management API deprecation messages, but these I believe deserve a WARN. The issue here isn't just that we may change something in the future (seen as not justifying a WARN) but also that the capability/requirement bookkeeping for the attribute cannot be properly done if an expression is used, meaning the model integrity behavior meant to be in place cannot be used.
We should look for other cases like this too, although those changes should be separate JIRAs.
was:
SocketBindingGroupResourceDefinition and OutboundSocketBindingResourceDefinition both have attributes that represent model refs to interface resources, but which also allow expressions.
Model references should not allow expressions. These were "grandfathered in" when the large scale expression support roll out happened for AS 7.2 / EAP 6.1.
There's no metadata facility to record that expression support is deprecated, but the add handler for these should log a WARN if they encounter an expression. Hopefully in EAP 8 we can then remove expression support.
We should look for other cases like this too, although those changes should be separate JIRAs.
> "Deprecate" using an expression in model refs to interfaces
> -----------------------------------------------------------
>
> Key: WFCORE-887
> URL: https://issues.jboss.org/browse/WFCORE-887
> Project: WildFly Core
> Issue Type: Task
> Components: Domain Management
> Reporter: Brian Stansberry
> Fix For: 4.0.0.Alpha5
>
>
> SocketBindingGroupResourceDefinition and OutboundSocketBindingResourceDefinition both have attributes that represent model refs to interface resources, but which also allow expressions.
> Model references should not allow expressions. These were "grandfathered in" when the large scale expression support roll out happened for AS 7.2 / EAP 6.1.
> There's no metadata facility to record that expression support is deprecated, but the add handler for these should log a WARN if they encounter an expression. Hopefully in EAP 8 we can then remove expression support.
> We use INFO messages for other management API deprecation messages, but these I believe deserve a WARN. The issue here isn't just that we may change something in the future (seen as not justifying a WARN) but also that the capability/requirement bookkeeping for the attribute cannot be properly done if an expression is used, meaning the model integrity behavior meant to be in place cannot be used.
> We should look for other cases like this too, although those changes should be separate JIRAs.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 7 months
[JBoss JIRA] (WFCORE-887) "Deprecate" using an expression in model refs to interfaces
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-887?page=com.atlassian.jira.plugin... ]
Brian Stansberry commented on WFCORE-887:
-----------------------------------------
Analysis of the current (master) WildFly management API using the hal/model-graph[1] tool shows the following attributes that are credential references but also support expressions:
{code}
╒══════════════════════════════════════════════════════════════════════╤═════════════════════════════╕
│"r.address" │"a.name" │
╞══════════════════════════════════════════════════════════════════════╪═════════════════════════════╡
│"/host=master/core-service=management/management-interface=http-interf│"interface" │
│ace" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/core-service=management/management-interface=native-inte│"interface" │
│rface" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*" │"default-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/local-destination-outbound-socket│"socket-binding-ref" │
│-binding=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/local-destination-outbound-socket│"source-interface" │
│-binding=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/remote-destination-outbound-socke│"source-interface" │
│t-binding=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/host=master/socket-binding-group=*/socket-binding=*" │"interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=mail/mail-session=*/custom=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=remoting/local-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=remoting/remote-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=singleton/singleton-policy=*/election-policy=ran│"socket-binding-preferences" │
│dom" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=singleton/singleton-policy=*/election-policy=sim│"socket-binding-preferences" │
│ple" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=filter/mod-cluster=*" │"advertise-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=filter/mod-cluster=*" │"management-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=filter/mod-cluster=*" │"worker" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/profile=*/subsystem=undertow/configuration=handler/reverse-proxy=*/h│"outbound-socket-binding" │
│ost=*" │ │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*" │"default-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"socket-binding-ref" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/remote-destination-outbound-socket-binding=*"│"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/socket-binding=*" │"interface" │
└──────────────────────────────────────────────────────────────────────┴─────────────────────────────┘
{code}
This was a test against the model reported by an HC using host-master.xml and the standard domain.xml modified to add the rts, xts and picketlink extensions.
The Cypher query used was:
{code}
MATCH (r:Resource)-->(a:Attribute)-[:REFERENCES_CAPABILITY]->(c:Capability)
WHERE c IS NOT NULL AND
a.`expressions-allowed` = true
RETURN r.address, a.name
{code}
Following is a check of standalone using standalone-full-ha.xml.
{code}
╒══════════════════════════════════════════════════════════════════════╤═════════════════════════════╕
│"r.address" │"a.name" │
╞══════════════════════════════════════════════════════════════════════╪═════════════════════════════╡
│"/socket-binding-group=*" │"default-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"socket-binding-ref" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/local-destination-outbound-socket-binding=*" │"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/remote-destination-outbound-socket-binding=*"│"source-interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/socket-binding-group=*/socket-binding=*" │"interface" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=mail/mail-session=*/custom=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=remoting/local-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=remoting/remote-outbound-connection=*" │"outbound-socket-binding-ref"│
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=singleton/singleton-policy=*/election-policy=random" │"socket-binding-preferences" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=singleton/singleton-policy=*/election-policy=simple" │"socket-binding-preferences" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=filter/mod-cluster=*" │"advertise-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=filter/mod-cluster=*" │"management-socket-binding" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=filter/mod-cluster=*" │"worker" │
├──────────────────────────────────────────────────────────────────────┼─────────────────────────────┤
│"/subsystem=undertow/configuration=handler/reverse-proxy=*/host=*" │"outbound-socket-binding" │
└──────────────────────────────────────────────────────────────────────┴─────────────────────────────┘
{code}
[1] https://github.com/hal/model-graph Sweet!
[2] https://neo4j.com/docs/cypher-refcard/current/
> "Deprecate" using an expression in model refs to interfaces
> -----------------------------------------------------------
>
> Key: WFCORE-887
> URL: https://issues.jboss.org/browse/WFCORE-887
> Project: WildFly Core
> Issue Type: Task
> Components: Domain Management
> Reporter: Brian Stansberry
> Fix For: 4.0.0.Alpha5
>
>
> SocketBindingGroupResourceDefinition and OutboundSocketBindingResourceDefinition both have attributes that represent model refs to interface resources, but which also allow expressions.
> Model references should not allow expressions. These were "grandfathered in" when the large scale expression support roll out happened for AS 7.2 / EAP 6.1.
> There's no metadata facility to record that expression support is deprecated, but the add handler for these should log a WARN if they encounter an expression. Hopefully in EAP 8 we can then remove expression support.
> We should look for other cases like this too, although those changes should be separate JIRAs.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 7 months
[JBoss JIRA] (ELY-1455) DB query seen for each request using FORM mechanism.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1455?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated ELY-1455:
----------------------------------
Attachment: (was: elytron-bug-src.zip)
> DB query seen for each request using FORM mechanism.
> -----------------------------------------------------
>
> Key: ELY-1455
> URL: https://issues.jboss.org/browse/ELY-1455
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Mechanisms
> Affects Versions: 1.2.0.Beta10
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Fix For: 1.2.0.Beta11
>
> Attachments: elytron-bug.zip, server.log, standalone-full-ha.xml
>
>
> User is complaining, that DB is accessed on each request.
> Jdbc-realm + FORM authentication
> {noformat}
> <jdbc-realm name="myappRealm">
> <principal-query sql="SELECT r.role, u.password FROM user u join user_role_auth r on r.email = u.email where u.email=?" data-source="myds">
> <attribute-mapping>
> <attribute to="Roles" index="1"/>
> </attribute-mapping>
> <simple-digest-mapper password-index="2"/>
> </principal-query>
> </jdbc-realm>
> {noformat}
> {noformat}
> 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com]
> 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,051 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,052 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing principal alberto(a)myapp.com.
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing against the following attributes: [roles] => [Administrator]
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorization succeed
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:07,017 TRACE [org.wildfly.security] (default task-125) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com]
> 2017-11-30 09:31:07,018 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,019 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,021 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Authorizing principal alberto(a)myapp.com.
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorizing against the following attributes: [roles] => [Administrator]
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorization succeed
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 7 months
[JBoss JIRA] (ELY-1455) DB query seen for each request using FORM mechanism.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1455?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated ELY-1455:
----------------------------------
Attachment: (was: wmt-elytron.war)
> DB query seen for each request using FORM mechanism.
> -----------------------------------------------------
>
> Key: ELY-1455
> URL: https://issues.jboss.org/browse/ELY-1455
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Mechanisms
> Affects Versions: 1.2.0.Beta10
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Fix For: 1.2.0.Beta11
>
> Attachments: elytron-bug.zip, server.log, standalone-full-ha.xml
>
>
> User is complaining, that DB is accessed on each request.
> Jdbc-realm + FORM authentication
> {noformat}
> <jdbc-realm name="myappRealm">
> <principal-query sql="SELECT r.role, u.password FROM user u join user_role_auth r on r.email = u.email where u.email=?" data-source="myds">
> <attribute-mapping>
> <attribute to="Roles" index="1"/>
> </attribute-mapping>
> <simple-digest-mapper password-index="2"/>
> </principal-query>
> </jdbc-realm>
> {noformat}
> {noformat}
> 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com]
> 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,051 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,052 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing principal alberto(a)myapp.com.
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing against the following attributes: [roles] => [Administrator]
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorization succeed
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:07,017 TRACE [org.wildfly.security] (default task-125) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com]
> 2017-11-30 09:31:07,018 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,019 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,021 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Authorizing principal alberto(a)myapp.com.
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorizing against the following attributes: [roles] => [Administrator]
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorization succeed
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 7 months
[JBoss JIRA] (ELY-1455) DB query seen for each request using FORM mechanism.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1455?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse commented on ELY-1455:
---------------------------------------
Debugging this I can see we do actually have two bugs that are contributing to the issue you are experiencing.
# Where the JDBC realm loads an identity it should be caching the results of the queries for the duration of that HTTP request, so after the principalQuery has been executed it should retain this, This is not happening so it is executing the query twice within a single authentication attempt.
# Although the web application is configured to use FORM authentication it appears to be mapped to /account/login rather than j_security_check so instead of using the FORM authentication mechanism it is using the programmatic authentication API on HttpServletRequest - this method has a bug in that it is caching the username and restoring it rather than the resulting SecurityIdentity.
I am going to work on both of these issues now as they are genuine issues that do require a fix but I think in light of this there are a couple of options: -
# Update the login page to submit to j_security_check this will mean the SecurityIdentity caching of the FORM authentication mechanism will kick in properly.
# Insert an in-memory cache in front of the JDBC security realm, this will cache the first interaction with the realm so for subsequent requests the realm and the database will not be hit.
The following CLI commands enable the cache: -
{noformat}
[standalone@localhost:9990 /] batch
[standalone@localhost:9990 / #] ./subsystem=elytron/caching-realm=jdbc-cache:add(realm=wmtRealm)
[standalone@localhost:9990 / #] ./subsystem=elytron/security-domain=wmtSD:write-attribute(name=default-realm, value=jdbc-cache)
[standalone@localhost:9990 / #] ./subsystem=elytron/security-domain=wmtSD:write-attribute(name=realms, value=[{realm=jdbc-cache, role-decoder=groups-to-roles}])
[standalone@localhost:9990 / #] run-batch
{noformat}
This explains the back and forth we had early on discussing this where the logs did not quite make sense, I understand now that the FormAuthenticationMechanism was serving up the login page but now I can see it was not being used for the subsequent authentication which is where the messages I was expecting to see in the log were going missing.
> DB query seen for each request using FORM mechanism.
> -----------------------------------------------------
>
> Key: ELY-1455
> URL: https://issues.jboss.org/browse/ELY-1455
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Mechanisms
> Affects Versions: 1.2.0.Beta10
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Fix For: 1.2.0.Beta11
>
> Attachments: elytron-bug-src.zip, elytron-bug.zip, server.log, standalone-full-ha.xml, wmt-elytron.war
>
>
> User is complaining, that DB is accessed on each request.
> Jdbc-realm + FORM authentication
> {noformat}
> <jdbc-realm name="myappRealm">
> <principal-query sql="SELECT r.role, u.password FROM user u join user_role_auth r on r.email = u.email where u.email=?" data-source="myds">
> <attribute-mapping>
> <attribute to="Roles" index="1"/>
> </attribute-mapping>
> <simple-digest-mapper password-index="2"/>
> </principal-query>
> </jdbc-realm>
> {noformat}
> {noformat}
> 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com]
> 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,051 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,052 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing principal alberto(a)myapp.com.
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing against the following attributes: [roles] => [Administrator]
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorization succeed
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:07,017 TRACE [org.wildfly.security] (default task-125) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com]
> 2017-11-30 09:31:07,018 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,019 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,021 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Authorizing principal alberto(a)myapp.com.
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorizing against the following attributes: [roles] => [Administrator]
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorization succeed
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 7 months
[JBoss JIRA] (ELY-1455) DB query seen for each request using FORM mechanism.
by Alberto Gori (JIRA)
[ https://issues.jboss.org/browse/ELY-1455?page=com.atlassian.jira.plugin.s... ]
Alberto Gori commented on ELY-1455:
-----------------------------------
I have uploaded everything again. zip file contains sources and aside the pom you can also find profile and keystore used for single sign on (so it's still enabled).
As for the table, you don't need the second table anymore if you use latest profile. USER is what you need.
*Could you please delete wmt-elytron.war and elytron-bug-src.zip? They contain sensitive information and password...my mistake! :/ *
> DB query seen for each request using FORM mechanism.
> -----------------------------------------------------
>
> Key: ELY-1455
> URL: https://issues.jboss.org/browse/ELY-1455
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Mechanisms
> Affects Versions: 1.2.0.Beta10
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Fix For: 1.2.0.Beta11
>
> Attachments: elytron-bug-src.zip, elytron-bug.zip, server.log, standalone-full-ha.xml, wmt-elytron.war
>
>
> User is complaining, that DB is accessed on each request.
> Jdbc-realm + FORM authentication
> {noformat}
> <jdbc-realm name="myappRealm">
> <principal-query sql="SELECT r.role, u.password FROM user u join user_role_auth r on r.email = u.email where u.email=?" data-source="myds">
> <attribute-mapping>
> <attribute to="Roles" index="1"/>
> </attribute-mapping>
> <simple-digest-mapper password-index="2"/>
> </principal-query>
> </jdbc-realm>
> {noformat}
> {noformat}
> 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com]
> 2017-11-30 09:31:04,049 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,051 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,052 TRACE [org.wildfly.security] (default task-124) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing principal alberto(a)myapp.com.
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorizing against the following attributes: [roles] => [Administrator]
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Authorization succeed
> 2017-11-30 09:31:04,053 TRACE [org.wildfly.security] (default task-124) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:07,017 TRACE [org.wildfly.security] (default task-125) Principal assigning: [alberto(a)myapp.com], pre-realm rewritten: [alberto(a)myapp.com], realm name: [wmtRealm], post-realm rewritten: [alberto(a)myapp.com], realm rewritten: [alberto(a)myapp.com]
> 2017-11-30 09:31:07,018 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,019 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select role, 'Roles' from user_role_auth where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,021 TRACE [org.wildfly.security] (default task-125) Executing principalQuery select password from user where email = ? with value alberto(a)myapp.com
> 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> 2017-11-30 09:31:07,022 TRACE [org.wildfly.security] (default task-125) Authorizing principal alberto(a)myapp.com.
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorizing against the following attributes: [roles] => [Administrator]
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Permission mapping: identity [alberto(a)myapp.com] with roles [Administrator] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Authorization succeed
> 2017-11-30 09:31:07,023 TRACE [org.wildfly.security] (default task-125) Role mapping: principal [alberto(a)myapp.com] -> decoded roles [Administrator] -> realm mapped roles [Administrator] -> domain mapped roles [Administrator]
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 7 months