February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-8112) Elytron subsystem is unable to configure com.sun.net.ssl.internal.ssl.Provider in FIPS mode

by Martin Choma (JIRA)

Martin Choma created WFLY-8112: ---------------------------------- Summary: Elytron subsystem is unable to configure com.sun.net.ssl.internal.ssl.Provider in FIPS mode Key: WFLY-8112 URL: https://issues.jboss.org/browse/WFLY-8112 Project: WildFly Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Blocker Trying to configure server to run in FIPS mode using subsystem capabilities. I can't configure throught subsystem same as in java.security file: {code:title=java.security} security.provider.5=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-testPkcs {code} because there is no possibility in subsystem to call provider constructor with arguments (I don't mean providers configuration) Subsystem implements provider loading in 2 steps * create provider instance (call noargs constructor) * optionally load configuration But to create {{com.sun.net.ssl.internal.ssl.Provider}} in FIPS mode constructor with arguments must be called [1] [1] http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-916) Add ability to use specified Provider[] when creating KeyStore instance in KeyStoreCredentialStore

by Peter Skopek (JIRA)

[ https://issues.jboss.org/browse/ELY-916?page=com.atlassian.jira.plugin.sy... ] Peter Skopek reopened ELY-916: ------------------------------ There are missing API changes. > Add ability to use specified Provider[] when creating KeyStore instance in KeyStoreCredentialStore > -------------------------------------------------------------------------------------------------- > > Key: ELY-916 > URL: https://issues.jboss.org/browse/ELY-916 > Project: WildFly Elytron > Issue Type: Task > Components: Credential Store > Reporter: Peter Skopek > Assignee: Peter Skopek > Fix For: 1.1.0.Beta23 > > > Add ability to use specified Provider[] when creating KeyStore instance in KeyStoreCredentialStore. > This will give us opportunity to use custom KeyStore (for example for FIPS certified CredentialStore). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8111) Upgrade picketlink 2.5.5.SP4 to 2.5.5.SP5

by Lin Gao (JIRA)

Lin Gao created WFLY-8111: ----------------------------- Summary: Upgrade picketlink 2.5.5.SP4 to 2.5.5.SP5 Key: WFLY-8111 URL: https://issues.jboss.org/browse/WFLY-8111 Project: WildFly Issue Type: Component Upgrade Components: Security Reporter: Lin Gao Assignee: Kabir Khan -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8107) Coverity static analysis, Unwritten field, EntitySaslClient.clientCertUrl (Elytron)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/WFLY-8107?page=com.atlassian.jira.plugin.... ] Ilia Vassilev reassigned WFLY-8107: ----------------------------------- Assignee: Ilia Vassilev (was: Darran Lofthouse) > Coverity static analysis, Unwritten field, EntitySaslClient.clientCertUrl (Elytron) > ----------------------------------------------------------------------------------- > > Key: WFLY-8107 > URL: https://issues.jboss.org/browse/WFLY-8107 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Ilia Vassilev > > Coverity found field {{EntitySaslClient.clientCertUrl}} is never filled. So probably initially intended behavior in {{X509Certificate getClientCertificate()}} method is not covered. > {code:java} > private X509Certificate getClientCertificate() throws SaslException { > if ((clientCertChain != null) && (clientCertChain.length > 0)) { > return clientCertChain[0]; > } else if (clientCertUrl != null) { > try { > return EntityUtil.getCertificateFromUrl(clientCertUrl); > } catch (IOException e) { > throw log.mechUnableToObtainServerCertificate(getMechanismName(), clientCertUrl.toString(), e).toSaslException(); > } > } else { > throw log.mechCallbackHandlerNotProvidedServerCertificate(getMechanismName()).toSaslException(); > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8106) Coverity static analysis, Dereference null return value, CredentialStoreAliasDefinition (elytron-subsystem)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/WFLY-8106?page=com.atlassian.jira.plugin.... ] Ilia Vassilev reassigned WFLY-8106: ----------------------------------- Assignee: Ilia Vassilev (was: Darran Lofthouse) > Coverity static analysis, Dereference null return value, CredentialStoreAliasDefinition (elytron-subsystem) > ------------------------------------------------------------------------------------------------------------ > > Key: WFLY-8106 > URL: https://issues.jboss.org/browse/WFLY-8106 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Ilia Vassilev > > Coverity found 2 possible occurences of dereferencing null. Method {{propertyAliasFromOperation(final ModelNode operation)}} can return null. > And return value of {{propertyAliasFromOperation(final ModelNode operation)}} is dereferenced in {{transformOperationAddress(final ModelNode operation)}} and {{sameAlias(final OperationContext context, final ModelNode operation)}} > {code:java} > private static void transformOperationAddress(final ModelNode operation) { > Property alias = propertyAliasFromOperation(operation); > String newAlias = alias.getValue().asString().toLowerCase(Locale.ROOT); > alias.getValue().set(newAlias); > } > private static boolean sameAlias(final OperationContext context, final ModelNode operation) { > String contextAlias = context.getCurrentAddress().getLastElement().getValue(); > String operationAlias = propertyAliasFromOperation(operation).getValue().asString(); > return operationAlias.equals(contextAlias); > } > private static Property propertyAliasFromOperation(final ModelNode operation) { > ModelNode address = operation.get(ModelDescriptionConstants.OP_ADDR); > List<Property> list = address.asPropertyList(); > Property alias = null; > for (Property p: list) { > if (ElytronDescriptionConstants.ALIAS.equals(p.getName())) { > alias = p; > break; > } > } > return alias; > } > {code} > Add null check into {{transformOperationAddress(final ModelNode operation)}} and {{sameAlias(final OperationContext context, final ModelNode operation)}} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8104) Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/WFLY-8104?page=com.atlassian.jira.plugin.... ] Ilia Vassilev reassigned WFLY-8104: ----------------------------------- Assignee: Ilia Vassilev (was: Darran Lofthouse) > Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem) > -------------------------------------------------------------------------------------------- > > Key: WFLY-8104 > URL: https://issues.jboss.org/browse/WFLY-8104 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Ilia Vassilev > Priority: Critical > > Coverity found 2 possible occurences of dereferencing null. > https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=95644... > https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=95644... > {code:java} > private char[] resolvePassword() throws Exception { > ExceptionSupplier<CredentialSource, Exception> sourceSupplier = credentialSourceSupplier.getValue(); > CredentialSource cs = sourceSupplier != null ? sourceSupplier.get() : null; > if (cs != null) { > return cs.getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword(); > } else { > throw ROOT_LOGGER.keyStorePasswordCannotBeResolved(resolvedPath.getPath()); > } > } > {code} > Both {{getCredential(Class<C> credentialType)}} and {{getPassword(Class<P> type)}} have in javadoc mentioned return value can be null. > Also in org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder.SimpleDirContextFactory.obtainDirContext(org.wildfly.security.auth.realm.ldap.DirContextFactory.ReferralMode) returned value are explicitely checked on null value. > Add null check also in {{resolvePassword()}} method -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8103) Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/WFLY-8103?page=com.atlassian.jira.plugin.... ] Ilia Vassilev reassigned WFLY-8103: ----------------------------------- Assignee: Ilia Vassilev (was: Darran Lofthouse) > Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem) > -------------------------------------------------------------------------------------------- > > Key: WFLY-8103 > URL: https://issues.jboss.org/browse/WFLY-8103 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Ilia Vassilev > > Coverity found 2 occurences of possible null dereference. > https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=95644... > https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=95644... > Method {{resolvePassword()}} is dereferencing {{resolvedPath}} field > {code} > private char[] resolvePassword() throws Exception { > ExceptionSupplier<CredentialSource, Exception> sourceSupplier = credentialSourceSupplier.getValue(); > CredentialSource cs = sourceSupplier != null ? sourceSupplier.get() : null; > if (cs != null) { > return cs.getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword(); > } else { > throw ROOT_LOGGER.keyStorePasswordCannotBeResolved(resolvedPath.getPath()); > } > } > {code} > And method {{resolvePassword()}} is called 2 times from block, where resolvedPath is checked on null > {code} > try (InputStream is = resolvedPath != null ? new FileInputStream(resolvedPath) : null) { > AtomicLoadKeyStore.LoadKey loadKey = keyStore.revertibleLoad(is, resolvePassword()); > try (InputStream is = resolvedPath != null ? new FileInputStream(resolvedPath) : null) { > char[] password = resolvePassword(); > {code} > Add null check into {{resolvePassword()}} method. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1440) Insufficient synchronization in ObjectModelResolverProvider

by Maciej Swiderski (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1440?page=com.atlassian.jira.plugi... ] Maciej Swiderski reassigned DROOLS-1440: ---------------------------------------- Assignee: Maciej Swiderski (was: Edson Tirelli) > Insufficient synchronization in ObjectModelResolverProvider > ----------------------------------------------------------- > > Key: DROOLS-1440 > URL: https://issues.jboss.org/browse/DROOLS-1440 > Project: Drools > Issue Type: Bug > Components: kie server > Affects Versions: 6.4.0.Final > Environment: kie-server 6.4.0.Final-redhat-13 (BPMS 6.3.4) > Reporter: Marek Schmidt > Assignee: Maciej Swiderski > > Immediately after server startup with parallel clients, the following error appeared in the logs, suggesting insufficient synchronization in ObjectModelResolverProvider initialization: > {noformat} > 11:59:17,735 WARN [org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory] (http-10.1.3.249:8080-5) Unable to find ObjectModelResolver for mvel > 11:59:17,736 ERROR [org.kie.server.remote.rest.jbpm.ProcessResource] (http-10.1.3.249:8080-5) Unexpected error during processing null: java.lang.NullPointerException > at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getInstanceFromModel(DefaultRegisterableItemsFactory.java:213) > at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getWorkItemHandlersFromDescriptor(DefaultRegisterableItemsFactory.java:260) > at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getWorkItemHandlers(DefaultRegisterableItemsFactory.java:84) > at org.jbpm.runtime.manager.impl.KModuleRegisterableItemsFactory.getWorkItemHandlers(KModuleRegisterableItemsFactory.java:98) > at org.jbpm.runtime.manager.impl.AbstractRuntimeManager.registerItems(AbstractRuntimeManager.java:119) > at org.jbpm.runtime.manager.impl.PerProcessInstanceRuntimeManager$PerProcessInstanceInitializer.initKieSession(PerProcessInstanceRuntimeManager.java:514) > at org.jbpm.runtime.manager.impl.RuntimeEngineImpl.getKieSession(RuntimeEngineImpl.java:70) > at org.jbpm.kie.services.impl.ProcessServiceImpl.signalProcessInstance(ProcessServiceImpl.java:173) > at org.kie.server.services.jbpm.ProcessServiceBase.signalProcessInstance(ProcessServiceBase.java:153) > at org.kie.server.remote.rest.jbpm.ProcessResource.signalProcessInstance(ProcessResource.java:185) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_121] > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_121] > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_121] > at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_121] > at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168) > at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269) > at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227) > at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216) > at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:583) > at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:565) > at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:130) > at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208) > at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) > at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) > at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:832) > at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:620) > at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:553) > at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:482) > at org.openshift.kieserver.web.redirect.RedirectFilter.doFilter(RedirectFilter.java:150) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) > at org.openshift.kieserver.web.security.SecurityFilter.doFilter(SecurityFilter.java:73) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) > at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_121] > 11:59:17,736 WARN [org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory] (http-10.1.3.249:8080-1) Unable to find ObjectModelResolver for mvel > 11:59:17,738 ERROR [org.kie.server.remote.rest.jbpm.ProcessResource] (http-10.1.3.249:8080-1) Unexpected error during processing null: java.lang.NullPointerException > at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getInstanceFromModel(DefaultRegisterableItemsFactory.java:213) > at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getWorkItemHandlersFromDescriptor(DefaultRegisterableItemsFactory.java:260) > at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getWorkItemHandlers(DefaultRegisterableItemsFactory.java:84) > at org.jbpm.runtime.manager.impl.KModuleRegisterableItemsFactory.getWorkItemHandlers(KModuleRegisterableItemsFactory.java:98) > at org.jbpm.runtime.manager.impl.AbstractRuntimeManager.registerItems(AbstractRuntimeManager.java:119) > at org.jbpm.runtime.manager.impl.PerProcessInstanceRuntimeManager$PerProcessInstanceInitializer.initKieSession(PerProcessInstanceRuntimeManager.java:514) > at org.jbpm.runtime.manager.impl.RuntimeEngineImpl.getKieSession(RuntimeEngineImpl.java:70) > at org.jbpm.kie.services.impl.ProcessServiceImpl.signalProcessInstance(ProcessServiceImpl.java:173) > at org.kie.server.services.jbpm.ProcessServiceBase.signalProcessInstance(ProcessServiceBase.java:153) > at org.kie.server.remote.rest.jbpm.ProcessResource.signalProcessInstance(ProcessResource.java:185) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_121] > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_121] > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_121] > at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_121] > at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168) > at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269) > at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227) > at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216) > at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:583) > at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:565) > at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:130) > at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208) > at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) > at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) > at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:832) > at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:620) > at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:553) > at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:482) > at org.openshift.kieserver.web.redirect.RedirectFilter.doFilter(RedirectFilter.java:150) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) > at org.openshift.kieserver.web.security.SecurityFilter.doFilter(SecurityFilter.java:73) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) > at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) > at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_121] > {noformat} > see https://github.com/droolsjbpm/jbpm/blob/6.4.x/jbpm-runtime-manager/src/ma... > and https://github.com/droolsjbpm/droolsjbpm-knowledge/blob/6.4.x/kie-interna... > (seems like resolvers could be an non-null empty array still for the second thread, as it would not go into the synchronized block... ) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8108) Elytron subsystem is unable to configure SunPKCS11 provider

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-8108?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-8108: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Elytron subsystem is unable to configure SunPKCS11 provider > ----------------------------------------------------------- > > Key: WFLY-8108 > URL: https://issues.jboss.org/browse/WFLY-8108 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 11.0.0.Alpha1 > > > Trying to configure server to run in FIPS mode using subsystem capabilities. > I can't configure throught subsystem same as in java.security file: > {code:title=java.security} > security.provider.1=sun.security.pkcs11.SunPKCS11 /usr/java/jdk1.8.0_66_fips_mode/__fips_config_material/pkcs11.cfg > {code} > because if I try to pass configuration file or configuration > {code} > /subsystem=elytron/provider-loader=fips:add(class-names=[sun.security.pkcs11.SunPKCS11], path=/usr/java/jdk1.8.0_66_fips_mode/__fips_config_material/pkcs11.cfg) > /subsystem=elytron/provider-loader=fips:add(class-names=[sun.security.pkcs11.SunPKCS11], configuration={ \ > name=nssModule, value=fips \ > name=nssSecmodDirectory, value=/usr/java/jdk1.8.0_66_fips_mode/__fips_config_material/fipsdb \ > name=nssLibraryDirectory, value=/usr/lib64 \ > name=name, value=testPkcs \ > name=nssDbMode, value=readOnly \ > } > {code} > I get exception > {code} > 10:46:28,630 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service org.wildfly.security.providers.fips: org.jboss.msc.service.StartException in service org.wildfly.security.providers.fips: java.security.ProviderException: SunPKCS11 requires configuration file argument > at org.wildfly.extension.elytron.ProviderDefinitions$1$1.get(ProviderDefinitions.java:185) > at org.wildfly.extension.elytron.ProviderDefinitions$1$1.get(ProviderDefinitions.java:143) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.security.ProviderException: SunPKCS11 requires configuration file argument > at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:98) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:422) > at java.lang.Class.newInstance(Class.java:442) > at org.wildfly.extension.elytron.ProviderDefinitions$1$1.get(ProviderDefinitions.java:156) > ... 7 more > 10:46:28,630 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 10) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("provider-loader" => "fips") > ]) - failure description: { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.providers.fips" => "org.jboss.msc.service.StartException in service org.wildfly.security.providers.fips: java.security.ProviderException: SunPKCS11 requires configuration file argument > Caused by: java.security.ProviderException: SunPKCS11 requires configuration file argument"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.providers.fips"] > } > {code} > It occures because loading of providers is in subsystem implemented in 2 steps > * create provider instance (call noargs constructor) > * optionally load configuration > But {{sun.security.pkcs11.SunPKCS11}} can't be created without configuration [1] > [1] http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1440) Insufficient synchronization in ObjectModelResolverProvider

by Marek Schmidt (JIRA)

Marek Schmidt created DROOLS-1440: ------------------------------------- Summary: Insufficient synchronization in ObjectModelResolverProvider Key: DROOLS-1440 URL: https://issues.jboss.org/browse/DROOLS-1440 Project: Drools Issue Type: Bug Components: kie server Affects Versions: 6.4.0.Final Environment: kie-server 6.4.0.Final-redhat-13 (BPMS 6.3.4) Reporter: Marek Schmidt Assignee: Edson Tirelli Immediately after server startup with parallel clients, the following error appeared in the logs, suggesting insufficient synchronization in ObjectModelResolverProvider initialization: {noformat} 11:59:17,735 WARN [org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory] (http-10.1.3.249:8080-5) Unable to find ObjectModelResolver for mvel 11:59:17,736 ERROR [org.kie.server.remote.rest.jbpm.ProcessResource] (http-10.1.3.249:8080-5) Unexpected error during processing null: java.lang.NullPointerException at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getInstanceFromModel(DefaultRegisterableItemsFactory.java:213) at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getWorkItemHandlersFromDescriptor(DefaultRegisterableItemsFactory.java:260) at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getWorkItemHandlers(DefaultRegisterableItemsFactory.java:84) at org.jbpm.runtime.manager.impl.KModuleRegisterableItemsFactory.getWorkItemHandlers(KModuleRegisterableItemsFactory.java:98) at org.jbpm.runtime.manager.impl.AbstractRuntimeManager.registerItems(AbstractRuntimeManager.java:119) at org.jbpm.runtime.manager.impl.PerProcessInstanceRuntimeManager$PerProcessInstanceInitializer.initKieSession(PerProcessInstanceRuntimeManager.java:514) at org.jbpm.runtime.manager.impl.RuntimeEngineImpl.getKieSession(RuntimeEngineImpl.java:70) at org.jbpm.kie.services.impl.ProcessServiceImpl.signalProcessInstance(ProcessServiceImpl.java:173) at org.kie.server.services.jbpm.ProcessServiceBase.signalProcessInstance(ProcessServiceBase.java:153) at org.kie.server.remote.rest.jbpm.ProcessResource.signalProcessInstance(ProcessResource.java:185) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_121] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_121] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_121] at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_121] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168) at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269) at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227) at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216) at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:583) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:565) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:130) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50) at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:832) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:620) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:553) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:482) at org.openshift.kieserver.web.redirect.RedirectFilter.doFilter(RedirectFilter.java:150) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.openshift.kieserver.web.security.SecurityFilter.doFilter(SecurityFilter.java:73) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_121] 11:59:17,736 WARN [org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory] (http-10.1.3.249:8080-1) Unable to find ObjectModelResolver for mvel 11:59:17,738 ERROR [org.kie.server.remote.rest.jbpm.ProcessResource] (http-10.1.3.249:8080-1) Unexpected error during processing null: java.lang.NullPointerException at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getInstanceFromModel(DefaultRegisterableItemsFactory.java:213) at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getWorkItemHandlersFromDescriptor(DefaultRegisterableItemsFactory.java:260) at org.jbpm.runtime.manager.impl.DefaultRegisterableItemsFactory.getWorkItemHandlers(DefaultRegisterableItemsFactory.java:84) at org.jbpm.runtime.manager.impl.KModuleRegisterableItemsFactory.getWorkItemHandlers(KModuleRegisterableItemsFactory.java:98) at org.jbpm.runtime.manager.impl.AbstractRuntimeManager.registerItems(AbstractRuntimeManager.java:119) at org.jbpm.runtime.manager.impl.PerProcessInstanceRuntimeManager$PerProcessInstanceInitializer.initKieSession(PerProcessInstanceRuntimeManager.java:514) at org.jbpm.runtime.manager.impl.RuntimeEngineImpl.getKieSession(RuntimeEngineImpl.java:70) at org.jbpm.kie.services.impl.ProcessServiceImpl.signalProcessInstance(ProcessServiceImpl.java:173) at org.kie.server.services.jbpm.ProcessServiceBase.signalProcessInstance(ProcessServiceBase.java:153) at org.kie.server.remote.rest.jbpm.ProcessResource.signalProcessInstance(ProcessResource.java:185) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_121] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_121] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_121] at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_121] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:168) at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:269) at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:227) at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216) at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:583) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:565) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:130) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50) at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:832) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:620) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:553) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:482) at org.openshift.kieserver.web.redirect.RedirectFilter.doFilter(RedirectFilter.java:150) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.openshift.kieserver.web.security.SecurityFilter.doFilter(SecurityFilter.java:73) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_121] {noformat} see https://github.com/droolsjbpm/jbpm/blob/6.4.x/jbpm-runtime-manager/src/ma... and https://github.com/droolsjbpm/droolsjbpm-knowledge/blob/6.4.x/kie-interna... (seems like resolvers could be an non-null empty array still for the second thread, as it would not go into the synchronized block... ) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017