[JBoss JIRA] (WFCORE-2537) ModelControllerMBeanTestCase fails with security manager in WF core
by ehsavoie Hugonnet (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2537?page=com.atlassian.jira.plugi... ]
ehsavoie Hugonnet reassigned WFCORE-2537:
-----------------------------------------
Assignee: ehsavoie Hugonnet
> ModelControllerMBeanTestCase fails with security manager in WF core
> -------------------------------------------------------------------
>
> Key: WFCORE-2537
> URL: https://issues.jboss.org/browse/WFCORE-2537
> Project: WildFly Core
> Issue Type: Bug
> Components: Test Suite
> Reporter: Jan Tymel
> Assignee: ehsavoie Hugonnet
>
> *org.jboss.as.test.integration.jmx.ModelControllerMBeanTestCase#testDeploymentViaJmx*
> {{cd testsuite/standalone/}}
> {{mvn test -Dtest=ModelControllerMBeanTestCase -Dsecurity.manager -DtestLogToFile=false}}
> {code}
> 13:53:17,762 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service test.deployment.jmx: org.jboss.msc.service.StartException in service test.deployment.jmx: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("javax.management.MBeanPermission" "org.wildfly.test.jmx.Dynamic#-[jboss.test:service=test-jmx.jar]" "registerMBean")" in code source "(vfs:/content/test-jmx.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-jmx.jar" from Service Module Loader")
> at org.wildfly.test.jmx.ServiceActivatorDeployment.start(ServiceActivatorDeployment.java:111)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.lang.Thread.run(Thread.java:785)
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("javax.management.MBeanPermission" "org.wildfly.test.jmx.Dynamic#-[jboss.test:service=test-jmx.jar]" "registerMBean")" in code source "(vfs:/content/test-jmx.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-jmx.jar" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.checkMBeanPermission(DefaultMBeanServerInterceptor.java:1842)
> at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:333)
> at com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:534)
> at org.jboss.as.jmx.PluggableMBeanServerImpl$TcclMBeanServer.registerMBean(PluggableMBeanServerImpl.java:1536)
> at org.jboss.as.jmx.PluggableMBeanServerImpl.registerMBean(PluggableMBeanServerImpl.java:878)
> at org.wildfly.test.jmx.ServiceActivatorDeployment.registerMBean(ServiceActivatorDeployment.java:139)
> at org.wildfly.test.jmx.ServiceActivatorDeployment.start(ServiceActivatorDeployment.java:99)
> ... 5 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFLY-8382) Elytron, unable to create custom principal transformer
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFLY-8382?page=com.atlassian.jira.plugin.... ]
Jan Kalina updated WFLY-8382:
-----------------------------
Git Pull Request: https://github.com/wildfly-security-incubator/wildfly/pull/161, https://github.com/wildfly-security-incubator/wildfly-core/pull/78 (was: https://github.com/wildfly-security-incubator/wildfly/pull/161)
> Elytron, unable to create custom principal transformer
> ------------------------------------------------------
>
> Key: WFLY-8382
> URL: https://issues.jboss.org/browse/WFLY-8382
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Jan Kalina
> Priority: Blocker
>
> When I try to register custom principal transformer I get {{NoClassDefFoundError}}
> {code}
> 07:11:37,203 WARN [org.jboss.modules] (MSC service thread 1-4) Failed to define class org.wildfly.extras.creaper.commands.elytron.mapper.AddCustomPrincipalTransformerImpl in Module "org.jboss.customprincipaltransformerimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules,/home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules/system/layers/base)): java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/mapper/AddCustomPrincipalTransformerImpl (Module "org.jboss.customprincipaltransformerimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules,/home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/PrincipalTransformer
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:448)
> at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:276)
> at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:79)
> at org.jboss.modules.Module.loadModuleClass(Module.java:708)
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:192)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.createValue(CustomComponentDefinition.java:156)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.lambda$performRuntime$1(CustomComponentDefinition.java:135)
> at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> 07:11:37,204 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.principal-transformer.CreaperTestAddCustomPrincipalTransformer: org.jboss.msc.service.StartException in service org.wildfly.security.principal-transformer.CreaperTestAddCustomPrincipalTransformer: Failed to start service
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/mapper/AddCustomPrincipalTransformerImpl (Module "org.jboss.customprincipaltransformerimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules,/home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/PrincipalTransformer
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:448)
> at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:276)
> at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:79)
> at org.jboss.modules.Module.loadModuleClass(Module.java:708)
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:192)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.createValue(CustomComponentDefinition.java:156)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.lambda$performRuntime$1(CustomComponentDefinition.java:135)
> at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> ... 3 more
> 07:11:37,207 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 3) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("custom-principal-transformer" => "CreaperTestAddCustomPrincipalTransformer")
> ]) - failure description: {
> "WFLYCTL0080: Failed services" => {"org.wildfly.security.principal-transformer.CreaperTestAddCustomPrincipalTransformer" => "org.jboss.msc.service.StartException in service org.wildfly.security.principal-transformer.CreaperTestAddCustomPrincipalTransformer: Failed to start service
> Caused by: java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/mapper/AddCustomPrincipalTransformerImpl (Module \"org.jboss.customprincipaltransformerimpl\" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules,/home/mchoma/workspace/git-repositories/creaper/testsuite/standalone/target/jboss-as/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/PrincipalTransformer"},
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.principal-transformer.CreaperTestAddCustomPrincipalTransformer"]
> }
> {code}
> That works in DR11 without issue
> Here is implementation of used custom prncipal transformer
> {code:java|title=AddCustomPrincipalTransformerImpl.java}
> package org.wildfly.extras.creaper.commands.elytron.mapper;
> import org.wildfly.extension.elytron.Configurable;
> import java.security.Principal;
> import java.util.Map;
> import org.wildfly.extension.elytron.capabilities.PrincipalTransformer;
> public class AddCustomPrincipalTransformerImpl implements PrincipalTransformer, Configurable {
> @Override
> public Principal apply(Principal p) {
> return p;
> }
> @Override
> public void initialize(Map<String, String> configuration) {
> if (configuration.containsKey("throwException")) {
> throw new IllegalStateException("Only test purpose. This exception was thrown on demand.");
> }
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (HAWKULARQE-69) Regression Test Hawkular Inventory
by Matt Mahoney (JIRA)
Matt Mahoney created HAWKULARQE-69:
--------------------------------------
Summary: Regression Test Hawkular Inventory
Key: HAWKULARQE-69
URL: https://issues.jboss.org/browse/HAWKULARQE-69
Project: Hawkular QE
Issue Type: Task
Reporter: Matt Mahoney
Assignee: mfoley user
Place-holder task, for now.
Hawkular Inventory is being redesigned, and expected to be included in the 4.5 release. Will need to regression test around Inventory features.
Note: The use of Postgres DB for Inventory data will be going away.
Further details are forthcoming.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFCORE-157) Write expressions to logging.properties configuration file
by James Perkins (JIRA)
[ https://issues.jboss.org/browse/WFCORE-157?page=com.atlassian.jira.plugin... ]
James Perkins commented on WFCORE-157:
--------------------------------------
I guess the main issue here will be if a user wants to use a vault value this will not work. We could limit the ability to only write expressions to the file name (maybe level too), but it wouldn't work for {{custom-handler}}'s. I suppose though a vault value wouldn't make much sense anyway as it would be written in plain text to the {{logging.properties}} anyway.
> Write expressions to logging.properties configuration file
> ----------------------------------------------------------
>
> Key: WFCORE-157
> URL: https://issues.jboss.org/browse/WFCORE-157
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Logging
> Reporter: James Perkins
> Assignee: James Perkins
> Priority: Optional
>
> Allow properties that use expressions to write the expression out to the logging.properties configuration file. This allows properties passed in at runtime to affect the initial logging configuration.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFLY-8131) Aliases in credential stores should be case insensitive
by ehsavoie Hugonnet (JIRA)
[ https://issues.jboss.org/browse/WFLY-8131?page=com.atlassian.jira.plugin.... ]
ehsavoie Hugonnet reassigned WFLY-8131:
---------------------------------------
Assignee: ehsavoie Hugonnet (was: Peter Skopek)
> Aliases in credential stores should be case insensitive
> -------------------------------------------------------
>
> Key: WFLY-8131
> URL: https://issues.jboss.org/browse/WFLY-8131
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Josef Cacek
> Assignee: ehsavoie Hugonnet
> Priority: Critical
> Labels: credential-store, user_experience
>
> Working with credential store aliases should be case insensitive.
> Current behavior, when aliases are converted to lowercase during add operation is not user-friendly. Subsequent operations should also support automatic conversion to lowercase.
> E.g.
> {code}
> /subsystem=elytron/credential-store=cred-store-default/alias=UPPER:add(secret-value=password)
> /subsystem=elytron/credential-store=cred-store-default/alias=UPPER:remove()
> {code}
> *Current behavior:*
> First command succeeds and the second fails as the alias is changed to "upper" (in lowercase).
> *Expected behavior:*
> Both commans succeeds.
> *Unignore tests*
> When this issue is fixed, unignore (and fix if needed) related tests in {{testsuite/elytron/src/test/java/org/wildfly/test/integration/elytron/application/}}. Thanks.
> {code}
> git grep WFLY-8131
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFCORE-2392) Remoting EJB identity propagation does not work with Elytron
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2392?page=com.atlassian.jira.plugi... ]
Jan Kalina updated WFCORE-2392:
-------------------------------
Steps to Reproduce:
Checkout wildfly ladybird and run test:
{code}
cd testsuite/elytron
mvn clean test -Dtest=org.wildfly.test.integration.elytron.ejb.AuthenticationTestCase
{code}
(need to unignore tests tagged as [WFLY-7778])
was:
Checkout wildfly ladybird and run test:
{code}
cd testsuite/elytron
mvn clean test -Dtest=org.wildfly.test.integration.elytron.ejb.AuthenticationTestCase
{code}
(need to un-ignore tests tagged as [WFLY-7778])
> Remoting EJB identity propagation does not work with Elytron
> ------------------------------------------------------------
>
> Key: WFCORE-2392
> URL: https://issues.jboss.org/browse/WFCORE-2392
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Critical
> Labels: elytron-legacy-test-fails
>
> Even througth succesful obtaining LoginContext, identity is not propagated in EJB call.
> Identity is unauthorized on server side.
> *Remoting does not work because it is not implemented yet* - this issue created primary for tests ignore issue reference.
> Often error message:
> {code:java}
> SaslException: Authentication failed: all available authentication mechanisms failed:
> JBOSS-LOCAL-USER: Server rejected authentication
> DIGEST-MD5: Server rejected authentication]
> at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:110)
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFCORE-2392) Remoting EJB identity propagation does not work with Elytron
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2392?page=com.atlassian.jira.plugi... ]
Jan Kalina updated WFCORE-2392:
-------------------------------
Steps to Reproduce:
Checkout wildfly ladybird and run test:
{code}
cd testsuite/elytron
mvn clean test -Dtest=org.wildfly.test.integration.elytron.ejb.AuthenticationTestCase
{code}
(need to un-ignore tests tagged as [WFLY-7778])
was:
Tests: (after modification to use Elytron instead of legacy subystem: https://github.com/wildfly-security-incubator/wildfly/pull/56 )
org.jboss.as.test.integration.ejb.security.AuthenticationTestCase.testAuthentication()
org.jboss.as.test.integration.ejb.security.AuthenticationTestCase.testAuthentication_BadPwd()
org.jboss.as.test.integration.ejb.security.AuthenticationTestCase.testAuthentication_TwoBeans()
org.jboss.as.test.integration.ejb.security.AuthenticationTestCase.testAuthentication_TwoBeans_ReAuth_BadPwd()
(and a lot of other, most of tests using EJB)
UPDATE:
https://github.com/wildfly-security-incubator/wildfly/pull/102 instead and following with -Delytron option:
org.jboss.as.test.integration.ejb.security.AuthenticationElytronTestCase.testAuthentication()
> Remoting EJB identity propagation does not work with Elytron
> ------------------------------------------------------------
>
> Key: WFCORE-2392
> URL: https://issues.jboss.org/browse/WFCORE-2392
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Critical
> Labels: elytron-legacy-test-fails
>
> Even througth succesful obtaining LoginContext, identity is not propagated in EJB call.
> Identity is unauthorized on server side.
> *Remoting does not work because it is not implemented yet* - this issue created primary for tests ignore issue reference.
> Often error message:
> {code:java}
> SaslException: Authentication failed: all available authentication mechanisms failed:
> JBOSS-LOCAL-USER: Server rejected authentication
> DIGEST-MD5: Server rejected authentication]
> at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:110)
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month