February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-959) Coverity static analysis: Serializable *Callback classes containes non-serializable fields

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-959?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev moved WFLY-7961 to ELY-959: ----------------------------------------- Project: WildFly Elytron (was: WildFly) Key: ELY-959 (was: WFLY-7961) Component/s: (was: Security) Affects Version/s: 1.1.0.Beta24 (was: 11.0.0.Alpha1) > Coverity static analysis: Serializable *Callback classes containes non-serializable fields > ------------------------------------------------------------------------------------------ > > Key: ELY-959 > URL: https://issues.jboss.org/browse/ELY-959 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta24 > Reporter: Martin Choma > Assignee: Ilia Vassilev > > Coverity static analysis found, there is couple of *Callback classes, which are mark as Serializable, and contains non-serializable fields. > * CredentialCallback > * CredentialUpdateCallback > * MechanismInformationCallback > * SSLCallback > * SecurityIdentityCallback > * ServerCredentialCallback > * TrustedAuthoritiesCallback > Either mark fields as transient or Serializable. > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=84905... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-958) Coverity static analysis: Dereference null return value in KeyUtil (Elytron)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-958?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev moved WFLY-7960 to ELY-958: ----------------------------------------- Project: WildFly Elytron (was: WildFly) Key: ELY-958 (was: WFLY-7960) Component/s: (was: Security) Affects Version/s: 1.1.0.Beta24 (was: 11.0.0.Alpha1) > Coverity static analysis: Dereference null return value in KeyUtil (Elytron) > ---------------------------------------------------------------------------- > > Key: ELY-958 > URL: https://issues.jboss.org/browse/ELY-958 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta24 > Reporter: Martin Choma > Assignee: Ilia Vassilev > > Coverity static analysis found possible use of null object comming from {{RawPBEKey.getSalt()}} passed into {{javax.crypto.spec.PBEParameterSpec.PBEParameterSpec}} > {code:java|title=javax.crypto.spec.PBEParameterSpec.java} > public PBEParameterSpec(byte[] salt, int iterationCount) { > this.salt = salt.clone(); > this.iterationCount = iterationCount; > } > {code} > Responsible elytron code: > {code:java|title=KeyUtils.java} > if (key instanceof PBEKey && paramSpecClass.isAssignableFrom(PBEParameterSpec.class)) { > final PBEKey pbeKey = (PBEKey) key; > // TODO: we miss the IV here > return paramSpecClass.cast(new PBEParameterSpec(pbeKey.getSalt(), pbeKey.getIterationCount())); > } > {code} > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=84906... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-957) Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-957?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev moved WFLY-7959 to ELY-957: ----------------------------------------- Project: WildFly Elytron (was: WildFly) Key: ELY-957 (was: WFLY-7959) Component/s: HTTP (was: Security) Affects Version/s: 1.1.0.Beta24 (was: 11.0.0.Alpha1) > Coverity static analysis: DefaultSingleSignOn.getIdentity() not synchronized > ---------------------------------------------------------------------------- > > Key: ELY-957 > URL: https://issues.jboss.org/browse/ELY-957 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Affects Versions: 1.1.0.Beta24 > Reporter: Martin Choma > Assignee: Ilia Vassilev > Priority: Minor > > Coverity static-analysis scan found getter is not synchronized, while setter is. > {code} > public SecurityIdentity getIdentity() { > return this.entry.getCachedIdentity().getSecurityIdentity(); > } > {code} > Current implementation is correct because in DefaultSingleSignOnEntry (currently only avalaible implementation of SingleSignOnEntry) cachedIdentity is volatile. > However other implementations can be wrongly implemented. Once getIdentity() would be marked with synchronize modifier, such problem shouldn't occure. > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=84908... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7093) Transfer of contextData back to the jboss ejb client

by Brad Maxwell (JIRA)

[ https://issues.jboss.org/browse/WFLY-7093?page=com.atlassian.jira.plugin.... ] Brad Maxwell updated WFLY-7093: ------------------------------- Attachment: MethodInvocationMessageHandler.java.diff > Transfer of contextData back to the jboss ejb client > ---------------------------------------------------- > > Key: WFLY-7093 > URL: https://issues.jboss.org/browse/WFLY-7093 > Project: WildFly > Issue Type: Bug > Components: EJB > Affects Versions: 10.1.0.Final > Reporter: Teresa Miyar > Assignee: David Lloyd > Priority: Minor > Attachments: MethodInvocationMessageHandler.java.diff, MethodInvocationResponseHandler.java.diff > > > The spec says: > The getContextData method enables a business method, lifecycle callback method, or timeout method to retrieve any interceptor/webservices context associated with its invocation. > The way this context data travels from client to server is by copying the data into a server context, this data is used inside the server ejb but not copied back to client. Client requests that this contextData is populated from client to server and vice versa. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7093) Transfer of contextData back to the jboss ejb client

by Brad Maxwell (JIRA)

[ https://issues.jboss.org/browse/WFLY-7093?page=com.atlassian.jira.plugin.... ] Brad Maxwell updated WFLY-7093: ------------------------------- Attachment: MethodInvocationResponseHandler.java.diff > Transfer of contextData back to the jboss ejb client > ---------------------------------------------------- > > Key: WFLY-7093 > URL: https://issues.jboss.org/browse/WFLY-7093 > Project: WildFly > Issue Type: Bug > Components: EJB > Affects Versions: 10.1.0.Final > Reporter: Teresa Miyar > Assignee: David Lloyd > Priority: Minor > Attachments: MethodInvocationMessageHandler.java.diff, MethodInvocationResponseHandler.java.diff > > > The spec says: > The getContextData method enables a business method, lifecycle callback method, or timeout method to retrieve any interceptor/webservices context associated with its invocation. > The way this context data travels from client to server is by copying the data into a server context, this data is used inside the server ejb but not copied back to client. Client requests that this contextData is populated from client to server and vice versa. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-956) Coverity static analysis: Synchronization on java.util.concurrent object in ElytronPolicyConfigurationFactory

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-956?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev moved WFLY-7952 to ELY-956: ----------------------------------------- Project: WildFly Elytron (was: WildFly) Key: ELY-956 (was: WFLY-7952) Component/s: (was: Security) Affects Version/s: 1.1.0.Beta24 (was: 11.0.0.Alpha1) > Coverity static analysis: Synchronization on java.util.concurrent object in ElytronPolicyConfigurationFactory > ------------------------------------------------------------------------------------------------------------- > > Key: ELY-956 > URL: https://issues.jboss.org/browse/ELY-956 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta24 > Reporter: Martin Choma > Assignee: Ilia Vassilev > Priority: Minor > > Coverity static-analysis scan found a synchronization on java.util.concurrent.ConcurrentHashMap object in: > * {{ElytronPolicyConfigurationFactory.getPolicyConfiguration}} > * {{ElytronPolicyConfigurationFactory.inService}} > If policyConfiguration synchronization is concern, it should be enough to synchronize on policyConfiguration object. > > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=84902... > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=84902... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (HAWKULARQE-30) [QE] - Upgrade CFME from Tech Preview release to CFME 4.5 release

by Hayk Hovsepyan (JIRA)

[ https://issues.jboss.org/browse/HAWKULARQE-30?page=com.atlassian.jira.plu... ] Hayk Hovsepyan commented on HAWKULARQE-30: ------------------------------------------ Upgraded C* container: provider Timelines are kept, but server Local Capacity & Utilization (metrics) is lost. > [QE] - Upgrade CFME from Tech Preview release to CFME 4.5 release > ----------------------------------------------------------------- > > Key: HAWKULARQE-30 > URL: https://issues.jboss.org/browse/HAWKULARQE-30 > Project: Hawkular QE > Issue Type: Task > Reporter: Hayk Hovsepyan > Assignee: Hayk Hovsepyan > Priority: Critical > > This task supposes to have setup Tech Preview CFME containers , including CFME, Hawkular Services, Cassandra and EAP7 containers. > The task is to upgrade all these Containers into CFME 4.5 release images. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-955) Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-955?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev moved WFLY-7965 to ELY-955: ----------------------------------------- Project: WildFly Elytron (was: WildFly) Key: ELY-955 (was: WFLY-7965) Component/s: Authentication Mechanisms (was: Security) Affects Version/s: 1.1.0.Beta24 (was: 11.0.0.Alpha1) > Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron) > ------------------------------------------------------------------------------------------------ > > Key: ELY-955 > URL: https://issues.jboss.org/browse/ELY-955 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Mechanisms > Affects Versions: 1.1.0.Beta24 > Reporter: Martin Choma > Assignee: Ilia Vassilev > > Coverity static-analysis scan found possible dereference null return value in following code > {code:java|title=ServerAuthenticationContext.java} > if (log.isTraceEnabled()) { > log.tracef("Authorizing principal %s.", authenticationPrincipal.getName()); > log.tracef("Authorizing against the following attributes: %s => %s", > authorizationIdentity.getAttributes().keySet(), authorizationIdentity.getAttributes().values()); > } > {code} > Coverity suppose null value could get here via {{AggregateSecurityRealm.Identity.getAuthorizationIdentity}} calling {{TokenSecurityRealm.TokenRealmIdentity.getAuthorizationIdentity}} > {code:java|title=TokenRealmIdentity.java} > @Override > public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException { > if (exists()) { > return new AuthorizationIdentity() { > @Override > public Attributes getAttributes() { > return claims; > } > }; > } > return null; > } > {code} > https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=85537... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2297) Upgrade Elytron Web to 1.0.0.Beta10

by Darran Lofthouse (JIRA)

Darran Lofthouse created WFCORE-2297: ---------------------------------------- Summary: Upgrade Elytron Web to 1.0.0.Beta10 Key: WFCORE-2297 URL: https://issues.jboss.org/browse/WFCORE-2297 Project: WildFly Core Issue Type: Component Upgrade Components: Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 3.0.0.Beta1 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2296) Upgrade to WildFly Elytron 1.1.0.Beta25

by Darran Lofthouse (JIRA)

Darran Lofthouse created WFCORE-2296: ---------------------------------------- Summary: Upgrade to WildFly Elytron 1.1.0.Beta25 Key: WFCORE-2296 URL: https://issues.jboss.org/browse/WFCORE-2296 Project: WildFly Core Issue Type: Component Upgrade Components: Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 3.0.0.Beta1 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017