February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-8230) EJB tests are failing in AS TS with Elytron profile

by Josef Cacek (JIRA)

Josef Cacek created WFLY-8230: --------------------------------- Summary: EJB tests are failing in AS TS with Elytron profile Key: WFLY-8230 URL: https://issues.jboss.org/browse/WFLY-8230 Project: WildFly Issue Type: Bug Components: Test Suite Reporter: Josef Cacek Tests in {{org.jboss.as.test.integration.naming.remote.multiple}} package are failing when using {{"-Delytron"}} argument. {code} cd testsuite/integration/basic mvn clean test -Dtest=org.jboss.as.test.integration.naming.remote.multiple.* -Delytron ... Tests in error: MultipleClientRemoteJndiTestCase.testLifeCycle:86 » IO java.util.concurrent.Ex... NestedRemoteContextTestCase.testLifeCycle:76 » IO java.util.concurrent.Executi... Tests run: 2, Failures: 0, Errors: 2, Skipped: 0 {code} Related stack trace in the server log: {code} 10:30:28,402 ERROR [io.undertow.request] (default task-8) UT005023: Exception handling request to /web/CallEjbServlet: java.lang.RuntimeException: javax.naming.CommunicationException: WFNAM00018: Failed to connect to remote host [Root exception is javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: JBOSS-LOCAL-USER: Server rejected authentication] at org.jboss.as.test.integration.naming.remote.multiple.CallEjbServlet.doGet(CallEjbServlet.java:44) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:60) at io.undertow.server.handlers.BlockingHandler.handleRequest(BlockingHandler.java:56) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:46) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1700) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1700) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1700) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1700) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: javax.naming.CommunicationException: WFNAM00018: Failed to connect to remote host [Root exception is javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: JBOSS-LOCAL-USER: Server rejected authentication] at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:91) at org.wildfly.naming.client.remote.RemoteContext.lambda$lookupNative$0(RemoteContext.java:109) at org.wildfly.naming.client.NamingProvider.performExceptionAction(NamingProvider.java:99) at org.wildfly.naming.client.remote.RemoteContext.lookupNative(RemoteContext.java:108) at org.wildfly.naming.client.AbstractFederatingContext.lookup(AbstractFederatingContext.java:78) at org.wildfly.naming.client.AbstractFederatingContext.lookup(AbstractFederatingContext.java:64) at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:131) at javax.naming.InitialContext.lookup(InitialContext.java:417) at javax.naming.InitialContext.lookup(InitialContext.java:417) at org.jboss.as.test.integration.naming.remote.multiple.CallEjbServlet.doGet(CallEjbServlet.java:36) ... 36 more Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: JBOSS-LOCAL-USER: Server rejected authentication at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:110) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:414) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:239) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) at ...asynchronous invocation...(Unknown Source) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:464) at org.jboss.remoting3.FutureConnection.getConnection(FutureConnection.java:117) at org.jboss.remoting3.FutureConnection.init(FutureConnection.java:77) at org.jboss.remoting3.FutureConnection.get(FutureConnection.java:152) at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:397) at org.jboss.remoting3.EndpointImpl.getConnection(EndpointImpl.java:340) at org.wildfly.naming.client.remote.RemoteNamingProvider.lambda$new$0(RemoteNamingProvider.java:65) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentity(RemoteNamingProvider.java:107) at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:89) ... 45 more {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2325) User in any role can read sensitive configuration with RBAC enable in domain

by Jan Tymel (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2325?page=com.atlassian.jira.plugi... ] Jan Tymel updated WFCORE-2325: ------------------------------ Security Sensitive Issue: This issue is security relevant > User in any role can read sensitive configuration with RBAC enable in domain > ---------------------------------------------------------------------------- > > Key: WFCORE-2325 > URL: https://issues.jboss.org/browse/WFCORE-2325 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Reporter: Jan Tymel > Priority: Blocker > > User in any role can read sensitive configuration (e.g. authorization settings) in RBAC in domain. If user checks for assigned roles, the SuperUser is always given as a result ({{"mapped-roles" => ["SuperUser"]}}) - see result of step 12, no matter what roles should be mapped according to configuration. > User can then read any part of the configuration, e.g. following command {{/core-service=management/access=authorization/role-mapping=SuperUser:read-resource(recursive)}} results in output similar to: > {code} > { > "outcome" => "success", > "result" => { > "include-all" => false, > "exclude" => undefined, > "include" => { > "user-$local" => { > "name" => "$local", > "realm" => undefined, > "type" => "USER" > }, > "user-admin" => { > "name" => "admin", > "realm" => undefined, > "type" => "USER" > } > } > }, > "response-headers" => {"process-state" => "reload-required"} > } > {code} > However, user cannot add himself/herself to SuperUser role, if {{/core-service=management/access=authorization/role-mapping=SuperUser/include=user-user:add(name=user,type=USER)}} command is entered, the following output is given: > {code} > { > "outcome" => "failed", > "result" => undefined, > "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => { > "main-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-one" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"SuperUser\"), > (\"include\" => \"user-user\") > ]' not found"}}}, > "other-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-two" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"SuperUser\"), > (\"include\" => \"user-user\") > ]' not found"}}} > }}}, > "rolled-back" => true, > "server-groups" => { > "main-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-one" => {"response" => { > "outcome" => "failed", > "result" => undefined, > "failure-description" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"SuperUser\"), > (\"include\" => \"user-user\") > ]' not found", > "rolled-back" => true, > "response-headers" => {"process-state" => "reload-required"} > }}}}}, > "other-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-two" => {"response" => { > "outcome" => "failed", > "result" => undefined, > "failure-description" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"SuperUser\"), > (\"include\" => \"user-user\") > ]' not found", > "rolled-back" => true, > "response-headers" => {"process-state" => "reload-required"} > }}}}} > }, > "response-headers" => {"process-state" => "reload-required"} > } > {code} > Therefore, user in Monitor role has not the same rights as user in SuperUser role since (s)he is missing (at least) rights to write. However, (s)he can see any part of the configuration. > This is a regression against 7.0.0.GA -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8229) When Elytron is used redirect from j_security_check uses HTTP code 303

by Josef Cacek (JIRA)

Josef Cacek created WFLY-8229: --------------------------------- Summary: When Elytron is used redirect from j_security_check uses HTTP code 303 Key: WFLY-8229 URL: https://issues.jboss.org/browse/WFLY-8229 Project: WildFly Issue Type: Bug Components: Web (Undertow), Security Reporter: Josef Cacek Assignee: Stuart Douglas Priority: Blocker Form authentication backed by Elytron in the web applications uses status code 303 (See Other) to redirect user after processing /j_security_check. We see two serious issues here: * Legacy security uses status code 302 (Moved Temporarily/Found) to handle this redirect and existing applications/clients may behave differently for these different codes. (e.g. default behavior of Apache HTTP client is to follow redirect for 303, but not to follow for 302) * The 303 status code was introduced in HTTP 1.1 so it's not part of HTTP 1.0, but the 303 is returned also for HTTP/1.0 request as a HTTP/1.0 response, which is wrong. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2325) User in any role can read sensitive configuration with RBAC enable in domain

by Jan Tymel (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2325?page=com.atlassian.jira.plugi... ] Jan Tymel reassigned WFCORE-2325: --------------------------------- Assignee: (was: Brian Stansberry) > User in any role can read sensitive configuration with RBAC enable in domain > ---------------------------------------------------------------------------- > > Key: WFCORE-2325 > URL: https://issues.jboss.org/browse/WFCORE-2325 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Reporter: Jan Tymel > Priority: Blocker > > User in any role can read sensitive configuration (e.g. authorization settings) in RBAC in domain. If user checks for assigned roles, the SuperUser is always given as a result ({{"mapped-roles" => ["SuperUser"]}}) - see result of step 12, no matter what roles should be mapped according to configuration. > User can then read any part of the configuration, e.g. following command {{/core-service=management/access=authorization/role-mapping=SuperUser:read-resource(recursive)}} results in output similar to: > {code} > { > "outcome" => "success", > "result" => { > "include-all" => false, > "exclude" => undefined, > "include" => { > "user-$local" => { > "name" => "$local", > "realm" => undefined, > "type" => "USER" > }, > "user-admin" => { > "name" => "admin", > "realm" => undefined, > "type" => "USER" > } > } > }, > "response-headers" => {"process-state" => "reload-required"} > } > {code} > However, user cannot add himself/herself to SuperUser role, if {{/core-service=management/access=authorization/role-mapping=SuperUser/include=user-user:add(name=user,type=USER)}} command is entered, the following output is given: > {code} > { > "outcome" => "failed", > "result" => undefined, > "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => { > "main-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-one" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"SuperUser\"), > (\"include\" => \"user-user\") > ]' not found"}}}, > "other-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-two" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"SuperUser\"), > (\"include\" => \"user-user\") > ]' not found"}}} > }}}, > "rolled-back" => true, > "server-groups" => { > "main-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-one" => {"response" => { > "outcome" => "failed", > "result" => undefined, > "failure-description" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"SuperUser\"), > (\"include\" => \"user-user\") > ]' not found", > "rolled-back" => true, > "response-headers" => {"process-state" => "reload-required"} > }}}}}, > "other-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-two" => {"response" => { > "outcome" => "failed", > "result" => undefined, > "failure-description" => "WFLYCTL0216: Management resource '[ > (\"core-service\" => \"management\"), > (\"access\" => \"authorization\"), > (\"role-mapping\" => \"SuperUser\"), > (\"include\" => \"user-user\") > ]' not found", > "rolled-back" => true, > "response-headers" => {"process-state" => "reload-required"} > }}}}} > }, > "response-headers" => {"process-state" => "reload-required"} > } > {code} > Therefore, user in Monitor role has not the same rights as user in SuperUser role since (s)he is missing (at least) rights to write. However, (s)he can see any part of the configuration. > This is a regression against 7.0.0.GA -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2325) User in any role can read sensitive configuration with RBAC enable in domain

by Jan Tymel (JIRA)

Jan Tymel created WFCORE-2325: --------------------------------- Summary: User in any role can read sensitive configuration with RBAC enable in domain Key: WFCORE-2325 URL: https://issues.jboss.org/browse/WFCORE-2325 Project: WildFly Core Issue Type: Bug Components: Domain Management, Security Reporter: Jan Tymel Assignee: Brian Stansberry Priority: Blocker User in any role can read sensitive configuration (e.g. authorization settings) in RBAC in domain. If user checks for assigned roles, the SuperUser is always given as a result ({{"mapped-roles" => ["SuperUser"]}}) - see result of step 12, no matter what roles should be mapped according to configuration. User can then read any part of the configuration, e.g. following command {{/core-service=management/access=authorization/role-mapping=SuperUser:read-resource(recursive)}} results in output similar to: {code} { "outcome" => "success", "result" => { "include-all" => false, "exclude" => undefined, "include" => { "user-$local" => { "name" => "$local", "realm" => undefined, "type" => "USER" }, "user-admin" => { "name" => "admin", "realm" => undefined, "type" => "USER" } } }, "response-headers" => {"process-state" => "reload-required"} } {code} However, user cannot add himself/herself to SuperUser role, if {{/core-service=management/access=authorization/role-mapping=SuperUser/include=user-user:add(name=user,type=USER)}} command is entered, the following output is given: {code} { "outcome" => "failed", "result" => undefined, "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => { "main-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-one" => "WFLYCTL0216: Management resource '[ (\"core-service\" => \"management\"), (\"access\" => \"authorization\"), (\"role-mapping\" => \"SuperUser\"), (\"include\" => \"user-user\") ]' not found"}}}, "other-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-two" => "WFLYCTL0216: Management resource '[ (\"core-service\" => \"management\"), (\"access\" => \"authorization\"), (\"role-mapping\" => \"SuperUser\"), (\"include\" => \"user-user\") ]' not found"}}} }}}, "rolled-back" => true, "server-groups" => { "main-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-one" => {"response" => { "outcome" => "failed", "result" => undefined, "failure-description" => "WFLYCTL0216: Management resource '[ (\"core-service\" => \"management\"), (\"access\" => \"authorization\"), (\"role-mapping\" => \"SuperUser\"), (\"include\" => \"user-user\") ]' not found", "rolled-back" => true, "response-headers" => {"process-state" => "reload-required"} }}}}}, "other-server-group" => {"host" => {"dhcp-4-212.brq.redhat.com" => {"server-two" => {"response" => { "outcome" => "failed", "result" => undefined, "failure-description" => "WFLYCTL0216: Management resource '[ (\"core-service\" => \"management\"), (\"access\" => \"authorization\"), (\"role-mapping\" => \"SuperUser\"), (\"include\" => \"user-user\") ]' not found", "rolled-back" => true, "response-headers" => {"process-state" => "reload-required"} }}}}} }, "response-headers" => {"process-state" => "reload-required"} } {code} Therefore, user in Monitor role has not the same rights as user in SuperUser role since (s)he is missing (at least) rights to write. However, (s)he can see any part of the configuration. This is a regression against 7.0.0.GA -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1445) Mask should reflect properties accessed in other nodes join constraints

by Mario Fusco (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1445?page=com.atlassian.jira.plugi... ] Mario Fusco resolved DROOLS-1445. --------------------------------- Fix Version/s: 7.0.0.CR1 Resolution: Done Fixed by https://github.com/droolsjbpm/drools/commit/ff8d793b248c42029d0571742c9d0... > Mask should reflect properties accessed in other nodes join constraints > ----------------------------------------------------------------------- > > Key: DROOLS-1445 > URL: https://issues.jboss.org/browse/DROOLS-1445 > Project: Drools > Issue Type: Bug > Components: core engine > Reporter: Matteo Mortari > Assignee: Mario Fusco > Fix For: 7.0.0.CR1 > > > The following test exhibit a failing and a working test: > {code:java} > @Test() > public void testAbis_NotWorking() { > // DROOLS-644 > String drl = > "import " + Person.class.getCanonicalName() + ";\n" + > "global java.util.List list;\n" + > "rule R when\n" + > " $p1 : Person( name == \"Mario\" ) \n" + > " $p2 : Person( age > $p1.age ) \n" + > "then\n" + > " list.add(\"t0\");\n" + > "end\n" + > "rule Z when\n" + > " $p1 : Person( name == \"Mario\" ) \n" + > "then\n" + > " modify($p1) { setAge(35); } \n" + > "end\n" > ; > > // making the default explicit: > KieSession ksession = new KieHelper(PropertySpecificOption.ALWAYS).addContent(drl, ResourceType.DRL) > .build() > .newKieSession(); > ksession.addEventListener(new DebugAgendaEventListener()); > System.out.println(drl); > ReteDumper.dumpRete(ksession); > List<String> list = new ArrayList<String>(); > ksession.setGlobal("list", list); > Person mario = new Person("Mario", 40); > Person mark = new Person("Mark", 37); > FactHandle fh_mario = ksession.insert(mario); > ksession.insert(mark); > int x = ksession.fireAllRules(); > assertEquals(1, list.size()); > assertEquals("t0", list.get(0)); > } > > @Test() > public void testAbis_Working() { > // DROOLS-644 > String drl = > "import " + Person.class.getCanonicalName() + ";\n" + > "global java.util.List list;\n" + > "rule R when\n" + > " $p1 : Person( name == \"Mario\", $a1: age) \n" + > " $p2 : Person( age > $a1 ) \n" + > "then\n" + > " list.add(\"t0\");\n" + > "end\n" + > "rule Z when\n" + > " $p1 : Person( name == \"Mario\" ) \n" + > "then\n" + > " modify($p1) { setAge(35); } \n" + > "end\n" > ; > // making the default explicit: > KieSession ksession = new KieHelper(PropertySpecificOption.ALWAYS).addContent(drl, ResourceType.DRL) > .build() > .newKieSession(); > > System.out.println(drl); > ReteDumper.dumpRete(ksession); > List<String> list = new ArrayList<String>(); > ksession.setGlobal("list", list); > Person mario = new Person("Mario", 40); > Person mark = new Person("Mark", 37); > FactHandle fh_mario = ksession.insert(mario); > ksession.insert(mark); > int x = ksession.fireAllRules(); > assertEquals(1, list.size()); > assertEquals("t0", list.get(0)); > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8228) Servlet server distribution fails to work with Elytron - NoClassDefFoundError

by Josef Cacek (JIRA)

Josef Cacek created WFLY-8228: --------------------------------- Summary: Servlet server distribution fails to work with Elytron - NoClassDefFoundError Key: WFLY-8228 URL: https://issues.jboss.org/browse/WFLY-8228 Project: WildFly Issue Type: Bug Components: Security Reporter: Josef Cacek Assignee: Darran Lofthouse Priority: Critical Elytron uses {{javax.json.Json}} to format audit events (e.g. authentication). The {{javax.json}} is not part of the servlet distribution, so the usage of Elytron fails. Sample output: {code} 17:08:20,394 ERROR [io.undertow.request] (default task-8) UT005023: Exception handling request to /form-auth/restricted/j_security_check: java.lang.NoClassDefFoundError: javax/json/Json at org.wildfly.security.audit.JsonSecurityEventFormatter.handlePermissionCheckEvent(JsonSecurityEventFormatter.java:91) at org.wildfly.security.audit.JsonSecurityEventFormatter.handlePermissionCheckEvent(JsonSecurityEventFormatter.java:42) at org.wildfly.security.auth.server.event.SecurityEventVisitor.handlePermissionCheckSuccessfulEvent(SecurityEventVisitor.java:104) at org.wildfly.security.auth.server.event.SecurityPermissionCheckSuccessfulEvent.accept(SecurityPermissionCheckSuccessfulEvent.java:43) at org.wildfly.extension.elytron.AuditResourceDefinitions$1.lambda$null$1(AuditResourceDefinitions.java:156) at org.wildfly.security.audit.AuditLogger.accept(AuditLogger.java:56) at org.wildfly.security.audit.AuditLogger.accept(AuditLogger.java:35) at org.wildfly.security.auth.server.SecurityDomain.handleSecurityEvent(SecurityDomain.java:588) at org.wildfly.security.auth.server.SecurityDomain.safeHandleSecurityEvent(SecurityDomain.java:595) at org.wildfly.security.auth.server.SecurityIdentity.implies(SecurityIdentity.java:684) at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:1727) at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:1697) at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:450) at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:446) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:929) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:728) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) at org.wildfly.security.http.impl.FormAuthenticationMechanism.authorize(FormAuthenticationMechanism.java:215) at org.wildfly.security.http.impl.FormAuthenticationMechanism.attemptAuthentication(FormAuthenticationMechanism.java:172) at org.wildfly.security.http.impl.FormAuthenticationMechanism.evaluateRequest(FormAuthenticationMechanism.java:105) at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115) at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:110) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:84) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:46) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1702) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1702) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8228) Servlet server distribution fails to work with Elytron - NoClassDefFoundError

by Josef Cacek (JIRA)

[ https://issues.jboss.org/browse/WFLY-8228?page=com.atlassian.jira.plugin.... ] Josef Cacek updated WFLY-8228: ------------------------------ Priority: Blocker (was: Critical) > Servlet server distribution fails to work with Elytron - NoClassDefFoundError > ----------------------------------------------------------------------------- > > Key: WFLY-8228 > URL: https://issues.jboss.org/browse/WFLY-8228 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Darran Lofthouse > Priority: Blocker > > Elytron uses {{javax.json.Json}} to format audit events (e.g. authentication). The {{javax.json}} is not part of the servlet distribution, so the usage of Elytron fails. > Sample output: > {code} > 17:08:20,394 ERROR [io.undertow.request] (default task-8) UT005023: Exception handling request to /form-auth/restricted/j_security_check: java.lang.NoClassDefFoundError: javax/json/Json > at org.wildfly.security.audit.JsonSecurityEventFormatter.handlePermissionCheckEvent(JsonSecurityEventFormatter.java:91) > at org.wildfly.security.audit.JsonSecurityEventFormatter.handlePermissionCheckEvent(JsonSecurityEventFormatter.java:42) > at org.wildfly.security.auth.server.event.SecurityEventVisitor.handlePermissionCheckSuccessfulEvent(SecurityEventVisitor.java:104) > at org.wildfly.security.auth.server.event.SecurityPermissionCheckSuccessfulEvent.accept(SecurityPermissionCheckSuccessfulEvent.java:43) > at org.wildfly.extension.elytron.AuditResourceDefinitions$1.lambda$null$1(AuditResourceDefinitions.java:156) > at org.wildfly.security.audit.AuditLogger.accept(AuditLogger.java:56) > at org.wildfly.security.audit.AuditLogger.accept(AuditLogger.java:35) > at org.wildfly.security.auth.server.SecurityDomain.handleSecurityEvent(SecurityDomain.java:588) > at org.wildfly.security.auth.server.SecurityDomain.safeHandleSecurityEvent(SecurityDomain.java:595) > at org.wildfly.security.auth.server.SecurityIdentity.implies(SecurityIdentity.java:684) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:1727) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:1697) > at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:450) > at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:446) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:929) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:728) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) > at org.wildfly.security.http.impl.FormAuthenticationMechanism.authorize(FormAuthenticationMechanism.java:215) > at org.wildfly.security.http.impl.FormAuthenticationMechanism.attemptAuthentication(FormAuthenticationMechanism.java:172) > at org.wildfly.security.http.impl.FormAuthenticationMechanism.evaluateRequest(FormAuthenticationMechanism.java:105) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:110) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:84) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:46) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1702) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1702) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8217) ActiveMQ leaks connections if a JMS message is sent from an MDB

by Miroslav Novak (JIRA)

[ https://issues.jboss.org/browse/WFLY-8217?page=com.atlassian.jira.plugin.... ] Miroslav Novak commented on WFLY-8217: -------------------------------------- [~silvaran] Hi, could you try it with latest WF11 nightly build [1]. There is a chance that this was fixed already. [1] https://ci.wildfly.org/guestAuth/repository/download/WF_Nightly/latest.la... > ActiveMQ leaks connections if a JMS message is sent from an MDB > --------------------------------------------------------------- > > Key: WFLY-8217 > URL: https://issues.jboss.org/browse/WFLY-8217 > Project: WildFly > Issue Type: Bug > Components: JMS, Transactions > Affects Versions: 10.1.0.Final > Environment: Running on Windows 10. Java(TM) SE Runtime Environment (build 1.8.0_92-b14) > Reporter: Scott Van Wart > Assignee: Jeff Mesnil > Attachments: leak.zip, leak.zip, log.txt, log.txt > > > If an MDB causes a JMS message to be sent during the call to onMessage(), ActiveMQ won't close its connection. I'm using JMS2 through an @Inject'ed JMSContext. My sample project is an EAR with an EJB JAR (containing a service and an MDB) and a JAX-RS endpoint (entry point for the test). > 1) Build the EAR > 2) Run wildfly with the standalone-full.xml configuration: > {{standalone.bat --server-config=standalone-full.xml}} > 3) Enable debug and error reporting for leaked connections with ActiveMQ/CCM: > {{jboss-cli.bat -c}} > {{/subsystem=jca/cached-connection-manager=cached-connection-manager:write-attribute(name=debug,value=true)}} > {{/subsystem=jca/cached-connection-manager=cached-connection-manager:write-attribute(name=error,value=true)}} > 4) Deploy the EAR. > 5) Access http://localhost:8080/leak-web/rest/test?message=Hi > The REST endpoint will send a message to the test topic (Defined in leak-ejb/src/main/java/test/mdb/TestTopic.java). TestTopicListener (in the same package as TestTopic) will receive the message and send a second message to the topic. Upon returning from TestTopicListener.onMessage(), the message is sent, but this shows up in the logs > (see attached log.txt) > I have no idea why JIRA attached each file twice. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (AG-11) Create a simple web page

by Luis Barreiro (JIRA)

[ https://issues.jboss.org/browse/AG-11?page=com.atlassian.jira.plugin.syst... ] Luis Barreiro resolved AG-11. ----------------------------- Resolution: Done Online at https://agroal.github.io > Create a simple web page > ------------------------ > > Key: AG-11 > URL: https://issues.jboss.org/browse/AG-11 > Project: Agroal > Issue Type: Task > Components: web > Affects Versions: 0.1 > Reporter: Luis Barreiro > Assignee: Luis Barreiro > Fix For: 0.2 > > > Using GitHub pages -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017