March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2526) Domain mode passed unwanted sys props to spawned servers

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2526?page=com.atlassian.jira.plugi... ] Brian Stansberry commented on WFCORE-2526: ------------------------------------------ I think there will have to be some special setting, to avoid breaking existing uses, but doing it via the command line and not requiring xml should be possible. For example: -Djboss.host.server-excluded-properties=jboss.modules.system.pkgs,java.util.logging.manager or --server-excluded-properties=jboss.modules.system.pkgs,java.util.logging.manager I think the former would be a better fit for what I think you're doing, as it can be included in $HOST_CONTROLLER_JAVA_OPTS in domain.conf along with other agent settings you are using. The latter would need to be part of the args to domain.sh which are out of your direct control. > Domain mode passed unwanted sys props to spawned servers > -------------------------------------------------------- > > Key: WFCORE-2526 > URL: https://issues.jboss.org/browse/WFCORE-2526 > Project: WildFly Core > Issue Type: Enhancement > Reporter: John Mazzitelli > > This is related to WFCORE-350, except the solution to that only involves filtering out some but not all unwanted sys props. > I would say the solution should involve any properties, not just jboss.server.xxx properties. > In my case, I'm trying to inject a javaagent into the host controller but I do NOT want the javaagent in the spawned servers. Because my javaagent uses JBoss Logging (JUL) I'm forced to pass in "-Djboss.modules.system.pkgs=org.jboss.byteman,org.jboss.logmanager" and > "-Djava.util.logging.manager=org.jboss.logmanager.LogManager" so the host controller can start up. > But these gets passed to the spawned servers and causes them to fail to boot up (because while my -javaagent command line argument isn't passed to their JVM, the -D sys props are and those combination of sys props are deadly without a JUL-enabled javaagent). > See: http://lists.jboss.org/pipermail/wildfly-dev/2017-March/005810.html -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-1832) Missing doPrivileged sections in JBossSecurityClient

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1832?page=com.atlassian.jira.plugi... ] Kabir Khan resolved WFCORE-1832. -------------------------------- Fix Version/s: 3.0.0.Beta8 Resolution: Done > Missing doPrivileged sections in JBossSecurityClient > ---------------------------------------------------- > > Key: WFCORE-1832 > URL: https://issues.jboss.org/browse/WFCORE-1832 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Jan Tymel > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta8 > > > There is a regression introduced by recent PicketBox upgrade (part of [1]). With PicketBox 4.9.7[2] it is possible to run {{performSimpleLogin()}} and {{cleanUp()}} methods of {{JBossSecurityClient}} class with security manager enabled. However; running these methods with PicketBox 5.0.0.Alpha3[3] causes AccessControlException. > PicketBox 4.9.7 is in EAP 7.1.0.DR3, PicketBox 5.0.0.Alpha3 in EAP 7.1.0.DR4 and DR5 => regression against 7.1.0.DR3. > This issue was noticed in consequence of an investigation of failed tests in AS TS run with security manager. > Tests that fail on {{performSimpleLogin()}} method: > * org.jboss.as.test.integration.ee.concurrent.DefaultContextServiceTestCase#testTaskSubmit > * org.jboss.as.test.integration.ee.concurrent.DefaultManagedExecutorServiceTestCase#testTaskSubmit > * org.jboss.as.test.integration.ee.concurrent.DefaultManagedScheduledExecutorServiceTestCase#testTaskSubmit > * org.jboss.as.test.integration.ee.concurrent.DefaultManagedThreadFactoryTestCase#testTaskSubmit > * org.jboss.as.test.integration.ejb.security.RunAsPrincipalTestCase#testAnonymous > * org.jboss.as.test.integration.ejb.security.RunAsPrincipalTestCase#testJackInABox > * org.jboss.as.test.integration.ejb.security.RunAsPrincipalTestCase#testSingletonPostconstructSecurity > * org.jboss.as.test.integration.ejb.security.RunAsPrincipalTestCase#testSingletonPostconstructSecurityNotPropagating > * org.jboss.as.test.integration.ejb.security.callerprincipal.GetCallerPrincipalTestCase#testMDBLifecycle > * org.jboss.as.test.integration.ejb.security.singleton.SingletonSecurityTestCase#testInvocationOnSecuredMethodWithCorrectRole > * org.jboss.as.test.integration.ejb.security.singleton.SingletonSecurityTestCase#testInvocationOnSecuredMethodWithInCorrectRole > {{./integration-tests.sh -DtestLogToFile=false -Dts.noSmoke -Dts.basic -Dtest=DefaultContextServiceTestCase -Dsecurity.manager}} > {code} > SEVERE [org.jboss.arquillian.protocol.jmx.JMXTestRunner] (pool-3-thread-1) Failed: org.jboss.as.test.integration.ee.concurrent.DefaultContextServiceTestCase.testTaskSubmit: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "org.jboss.security.getSecurityContext")" in code source "(vfs:/content/DefaultContextServiceTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.DefaultContextServiceTestCase.war:main" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at org.jboss.security.SecurityContextAssociation.getSecurityContext(SecurityContextAssociation.java:145) > at org.jboss.security.client.JBossSecurityClient.performSimpleLogin(JBossSecurityClient.java:77) > at org.jboss.security.client.SecurityClient.login(SecurityClient.java:74) > at org.jboss.as.test.integration.ee.concurrent.DefaultContextServiceTestCase.testTaskSubmit(DefaultContextServiceTestCase.java:55) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) > at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) > at org.jboss.arquillian.junit.Arquillian$8$1.invoke(Arquillian.java:370) > at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:145) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:116) > at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67) > at org.jboss.arquillian.container.test.impl.execution.ContainerTestExecuter.execute(ContainerTestExecuter.java:38) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81) > at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:145) > at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:136) > at org.jboss.arquillian.junit.Arquillian$8.evaluate(Arquillian.java:363) > at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:245) > at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:422) > at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:54) > at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:259) > at org.jboss.arquillian.junit.Arquillian$7$1.invoke(Arquillian.java:315) > at org.jboss.arquillian.container.test.impl.execution.BeforeLifecycleEventExecuter.on(BeforeLifecycleEventExecuter.java:35) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81) > at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:145) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:116) > at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.fireCustomLifecycle(EventTestRunnerAdaptor.java:159) > at org.jboss.arquillian.junit.Arquillian$7.evaluate(Arquillian.java:311) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) > at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) > at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) > at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:204) > at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:422) > at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:54) > at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:218) > at org.junit.runners.ParentRunner.run(ParentRunner.java:363) > at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:166) > at org.junit.runner.JUnitCore.run(JUnitCore.java:137) > at org.junit.runner.JUnitCore.run(JUnitCore.java:115) > at org.jboss.arquillian.junit.container.JUnitTestRunner.execute(JUnitTestRunner.java:66) > at org.jboss.arquillian.protocol.jmx.JMXTestRunner.doRunTestMethod(JMXTestRunner.java:180) > at org.jboss.as.arquillian.service.ArquillianService$ExtendedJMXTestRunner.doRunTestMethod(ArquillianService.java:243) > at org.jboss.arquillian.protocol.jmx.JMXTestRunner.runTestMethodInternal(JMXTestRunner.java:162) > at org.jboss.arquillian.protocol.jmx.JMXTestRunner.runTestMethod(JMXTestRunner.java:141) > at org.jboss.as.arquillian.service.ArquillianService$ExtendedJMXTestRunner.runTestMethod(ArquillianService.java:219) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:71) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:275) > at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:112) > at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:46) > at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:237) > at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:138) > at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:252) > at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) > at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) > at org.jboss.as.jmx.PluggableMBeanServerImpl$TcclMBeanServer.invoke(PluggableMBeanServerImpl.java:1503) > at org.jboss.as.jmx.PluggableMBeanServerImpl.invoke(PluggableMBeanServerImpl.java:724) > at org.jboss.as.jmx.BlockingNotificationMBeanServer.invoke(BlockingNotificationMBeanServer.java:168) > at org.jboss.remotingjmx.protocol.v2.ServerProxy$InvokeHandler.handle(ServerProxy.java:950) > at org.jboss.remotingjmx.protocol.v2.ServerCommon$MessageReciever$1$1.run(ServerCommon.java:153) > at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor$1.run(ServerInterceptorFactory.java:75) > at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor$1.run(ServerInterceptorFactory.java:70) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149) > at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor.handleEvent(ServerInterceptorFactory.java:70) > at org.jboss.remotingjmx.protocol.v2.ServerCommon$MessageReciever$1.run(ServerCommon.java:149) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} > Tests failing on {{cleanUp()}} method: > * org.jboss.as.test.integration.ejb.servlet.ServletUnitTestCase#testEJBServlet > * org.jboss.as.test.integration.ejb.servlet.ServletUnitTestCase#testEJBServletEar > {{./integration-tests.sh -DtestLogToFile=false -Dts.noSmoke -Dts.basic -Dtest=ServletUnitTestCase -Dsecurity.manager}} > {code} > ERROR [org.jboss.as.test.integration.ejb.servlet.EJBServlet] (default task-1) java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "org.jboss.security.getSecurityContext")" in code source "(vfs:/content/ejb3-servlet.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ejb3-servlet.war:main" from Service Module Loader") > 15:07:52,122 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ejb3-servlet/EJBServlet: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "org.jboss.security.setSecurityContext")" in code source "(vfs:/content/ejb3-servlet.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ejb3-servlet.war:main" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at org.jboss.security.SecurityContextAssociation.setSecurityContext(SecurityContextAssociation.java:124) > at org.jboss.security.client.JBossSecurityClient.cleanUp(JBossSecurityClient.java:95) > at org.jboss.security.client.SecurityClient.logout(SecurityClient.java:86) > at org.jboss.as.test.integration.ejb.servlet.EJBServlet.processRequest(EJBServlet.java:75) > at org.jboss.as.test.integration.ejb.servlet.EJBServlet.doGet(EJBServlet.java:84) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) > at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1668) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1668) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1668) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1668) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110) > at java.security.AccessController.doPrivileged(Native Method) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:207) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:810) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {code} > [1] https://github.com/wildfly/wildfly-core/pull/1764/files > [2] https://github.com/picketbox/picketbox/blob/v4.9.6.Final/security-jboss-s... > [3] https://github.com/picketbox/picketbox/blob/5.0.0.Alpha3/security-jboss-s... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ELY-1002) Elytron, using wrong provider-http-server-mechanism-factory does not generates any log messages

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1002?page=com.atlassian.jira.plugin.s... ] Jan Kalina updated ELY-1002: ---------------------------- Component/s: Utils (was: Authentication Mechanisms) > Elytron, using wrong provider-http-server-mechanism-factory does not generates any log messages > ----------------------------------------------------------------------------------------------- > > Key: ELY-1002 > URL: https://issues.jboss.org/browse/ELY-1002 > Project: WildFly Elytron > Issue Type: Bug > Components: Utils > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Blocker > > When I secure management interface with wrongly configured http-authentication-factory and try to authenticate I get no error except of warning during boot > {code} > 11:41:16,140 WARN [org.jboss.as.remoting] (MSC service thread 1-2) ****** All authentication is ANONYMOUS for org.jboss.as.remoting.RemotingHttpUpgradeService > {code} > But user is not able to know what is going wrong. > When I do similar for deployment there is at least error during boot: > {code} > 14:30:59,608 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 63) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./secured-webapp: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./secured-webapp: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:84) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:241) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:99) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81) > ... 6 more > Caused by: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at org.wildfly.extension.undertow.ApplicationSecurityDomainDefinition$ApplicationSecurityDomainService.initialSecurityHandler(ApplicationSecurityDomainDefinition.java:463) > at org.wildfly.extension.undertow.ApplicationSecurityDomainDefinition$ApplicationSecurityDomainService.lambda$applyElytronSecurity$2(ApplicationSecurityDomainDefinition.java:425) > at io.undertow.servlet.core.DeploymentManagerImpl.setupSecurityHandlers(DeploymentManagerImpl.java:415) > at io.undertow.servlet.core.DeploymentManagerImpl.access$600(DeploymentManagerImpl.java:119) > at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:211) > at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:174) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:239) > ... 8 more > 14:30:59,613 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "secured-webapp.war")]) - failure description: { > "WFLYCTL0080: Failed services" => {"jboss.undertow.deployment.default-server.default-host./secured-webapp" => "org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./secured-webapp: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > Caused by: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory."}, > "WFLYCTL0412: Required services that are not installed:" => ["jboss.undertow.deployment.default-server.default-host./secured-webapp"] > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ELY-1002) Elytron, using wrong provider-http-server-mechanism-factory does not generates any log messages

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1002?page=com.atlassian.jira.plugin.s... ] Jan Kalina moved WFCORE-2499 to ELY-1002: ----------------------------------------- Project: WildFly Elytron (was: WildFly Core) Key: ELY-1002 (was: WFCORE-2499) Component/s: Authentication Mechanisms (was: Security) > Elytron, using wrong provider-http-server-mechanism-factory does not generates any log messages > ----------------------------------------------------------------------------------------------- > > Key: ELY-1002 > URL: https://issues.jboss.org/browse/ELY-1002 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Mechanisms > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Blocker > > When I secure management interface with wrongly configured http-authentication-factory and try to authenticate I get no error except of warning during boot > {code} > 11:41:16,140 WARN [org.jboss.as.remoting] (MSC service thread 1-2) ****** All authentication is ANONYMOUS for org.jboss.as.remoting.RemotingHttpUpgradeService > {code} > But user is not able to know what is going wrong. > When I do similar for deployment there is at least error during boot: > {code} > 14:30:59,608 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 63) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./secured-webapp: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./secured-webapp: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:84) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:241) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:99) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81) > ... 6 more > Caused by: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at org.wildfly.extension.undertow.ApplicationSecurityDomainDefinition$ApplicationSecurityDomainService.initialSecurityHandler(ApplicationSecurityDomainDefinition.java:463) > at org.wildfly.extension.undertow.ApplicationSecurityDomainDefinition$ApplicationSecurityDomainService.lambda$applyElytronSecurity$2(ApplicationSecurityDomainDefinition.java:425) > at io.undertow.servlet.core.DeploymentManagerImpl.setupSecurityHandlers(DeploymentManagerImpl.java:415) > at io.undertow.servlet.core.DeploymentManagerImpl.access$600(DeploymentManagerImpl.java:119) > at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:211) > at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:174) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:239) > ... 8 more > 14:30:59,613 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "secured-webapp.war")]) - failure description: { > "WFLYCTL0080: Failed services" => {"jboss.undertow.deployment.default-server.default-host./secured-webapp" => "org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./secured-webapp: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > Caused by: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory."}, > "WFLYCTL0412: Required services that are not installed:" => ["jboss.undertow.deployment.default-server.default-host./secured-webapp"] > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-352) read-operation-name and read-operation-description should be combined

by Jean-Francois Denise (JIRA)

[ https://issues.jboss.org/browse/WFCORE-352?page=com.atlassian.jira.plugin... ] Jean-Francois Denise commented on WFCORE-352: --------------------------------------------- It seems that we want to list operations in a compact way to quickly identify the operations. Not really "read" the management model to return all details of a operations. I don't see it as very user friendly to concatenate all operation descriptions. To accommodate the "I want it all", we could introduce an option (--eg: --full-description). I was thinking to introduce a new extensible resource command with the following actions: - read-operation <name> [--node] - read-attribute <name> [--node] - list-operations [--node] [--no-description] [--full-description] We could then add new actions to the command according to new requirements, for example: - list-attributes [--node] [--no-description] - list-children [--node] [--no-description] - read-attribute-description <name> [--node] - read [--node] (to read fully a resource, idem :read-resource). ... > read-operation-name and read-operation-description should be combined > --------------------------------------------------------------------- > > Key: WFCORE-352 > URL: https://issues.jboss.org/browse/WFCORE-352 > Project: WildFly Core > Issue Type: Feature Request > Components: CLI > Reporter: Kevin Barfield > Priority: Minor > Labels: eap6-ux > > For usability, there should be a way to get a list of operation names with the descriptions attached > Example: > read-resource - This shows you the resources at the this node > etc > etc > etc -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-352) read-operation-name and read-operation-description should be combined

by Jean-Francois Denise (JIRA)

[ https://issues.jboss.org/browse/WFCORE-352?page=com.atlassian.jira.plugin... ] Jean-Francois Denise reassigned WFCORE-352: ------------------------------------------- Assignee: Jean-Francois Denise > read-operation-name and read-operation-description should be combined > --------------------------------------------------------------------- > > Key: WFCORE-352 > URL: https://issues.jboss.org/browse/WFCORE-352 > Project: WildFly Core > Issue Type: Feature Request > Components: CLI > Reporter: Kevin Barfield > Assignee: Jean-Francois Denise > Priority: Minor > Labels: eap6-ux > > For usability, there should be a way to get a list of operation names with the descriptions attached > Example: > read-resource - This shows you the resources at the this node > etc > etc > etc -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2499) Elytron, using wrong provider-http-server-mechanism-factory does not generates any log messages

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2499?page=com.atlassian.jira.plugi... ] Jan Kalina updated WFCORE-2499: ------------------------------- Priority: Blocker (was: Major) > Elytron, using wrong provider-http-server-mechanism-factory does not generates any log messages > ----------------------------------------------------------------------------------------------- > > Key: WFCORE-2499 > URL: https://issues.jboss.org/browse/WFCORE-2499 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Blocker > > When I secure management interface with wrongly configured http-authentication-factory and try to authenticate I get no error except of warning during boot > {code} > 11:41:16,140 WARN [org.jboss.as.remoting] (MSC service thread 1-2) ****** All authentication is ANONYMOUS for org.jboss.as.remoting.RemotingHttpUpgradeService > {code} > But user is not able to know what is going wrong. > When I do similar for deployment there is at least error during boot: > {code} > 14:30:59,608 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 63) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./secured-webapp: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./secured-webapp: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:84) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:241) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:99) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81) > ... 6 more > Caused by: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at org.wildfly.extension.undertow.ApplicationSecurityDomainDefinition$ApplicationSecurityDomainService.initialSecurityHandler(ApplicationSecurityDomainDefinition.java:463) > at org.wildfly.extension.undertow.ApplicationSecurityDomainDefinition$ApplicationSecurityDomainService.lambda$applyElytronSecurity$2(ApplicationSecurityDomainDefinition.java:425) > at io.undertow.servlet.core.DeploymentManagerImpl.setupSecurityHandlers(DeploymentManagerImpl.java:415) > at io.undertow.servlet.core.DeploymentManagerImpl.access$600(DeploymentManagerImpl.java:119) > at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:211) > at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:174) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:239) > ... 8 more > 14:30:59,613 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "secured-webapp.war")]) - failure description: { > "WFLYCTL0080: Failed services" => {"jboss.undertow.deployment.default-server.default-host./secured-webapp" => "org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./secured-webapp: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > Caused by: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory."}, > "WFLYCTL0412: Required services that are not installed:" => ["jboss.undertow.deployment.default-server.default-host./secured-webapp"] > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2499) Elytron, using wrong provider-http-server-mechanism-factory does not generates any log messages

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2499?page=com.atlassian.jira.plugi... ] Jan Kalina reassigned WFCORE-2499: ---------------------------------- Assignee: Jan Kalina (was: Darran Lofthouse) > Elytron, using wrong provider-http-server-mechanism-factory does not generates any log messages > ----------------------------------------------------------------------------------------------- > > Key: WFCORE-2499 > URL: https://issues.jboss.org/browse/WFCORE-2499 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Jan Kalina > > When I secure management interface with wrongly configured http-authentication-factory and try to authenticate I get no error except of warning during boot > {code} > 11:41:16,140 WARN [org.jboss.as.remoting] (MSC service thread 1-2) ****** All authentication is ANONYMOUS for org.jboss.as.remoting.RemotingHttpUpgradeService > {code} > But user is not able to know what is going wrong. > When I do similar for deployment there is at least error during boot: > {code} > 14:30:59,608 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 63) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./secured-webapp: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./secured-webapp: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:84) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:241) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:99) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:81) > ... 6 more > Caused by: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > at org.wildfly.extension.undertow.ApplicationSecurityDomainDefinition$ApplicationSecurityDomainService.initialSecurityHandler(ApplicationSecurityDomainDefinition.java:463) > at org.wildfly.extension.undertow.ApplicationSecurityDomainDefinition$ApplicationSecurityDomainService.lambda$applyElytronSecurity$2(ApplicationSecurityDomainDefinition.java:425) > at io.undertow.servlet.core.DeploymentManagerImpl.setupSecurityHandlers(DeploymentManagerImpl.java:415) > at io.undertow.servlet.core.DeploymentManagerImpl.access$600(DeploymentManagerImpl.java:119) > at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:211) > at io.undertow.servlet.core.DeploymentManagerImpl$1.call(DeploymentManagerImpl.java:174) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:239) > ... 8 more > 14:30:59,613 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "secured-webapp.war")]) - failure description: { > "WFLYCTL0080: Failed services" => {"jboss.undertow.deployment.default-server.default-host./secured-webapp" => "org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./secured-webapp: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory. > Caused by: java.lang.IllegalStateException: WFLYUT0084: There are no mechanisms available from the HttpAuthenticationFactory."}, > "WFLYCTL0412: Required services that are not installed:" => ["jboss.undertow.deployment.default-server.default-host./secured-webapp"] > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2378) Regression against 7.0.GA, Kerberos over CLI

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2378?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2378: ------------------------------------- Fix Version/s: 3.0.0.Beta8 > Regression against 7.0.GA, Kerberos over CLI > -------------------------------------------- > > Key: WFCORE-2378 > URL: https://issues.jboss.org/browse/WFCORE-2378 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Labels: regression > Fix For: 3.0.0.Beta8 > > > It is not possible to authenticate to CLI using kerberos. > Same configuration works well against 7.0.0.GA > {code:titl=server.log on TRACE level} > 17:32:21,109 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) configuredMaxReceiveBuffer=16777215 > 17:32:21,109 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) relaxComplianceChecks=false > 17:32:21,109 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) QOP={AUTH} > 17:32:21,109 TRACE [org.wildfly.security.sasl.gssapi.server] (management I/O-2) Our name 'remote(a)localhost.localdomain' > 17:32:21,113 INFO [stdout] (management I/O-2) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb5-945898887586223869.conf > 17:32:21,113 INFO [stdout] (management I/O-2) Loaded from Java config > 17:32:21,114 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Unable to create SaslServer: javax.security.sasl.SaslException: ELY05029: [GSSAPI] Unable to create GSSContext [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)] > at org.wildfly.security.sasl.gssapi.GssapiServer.<init>(GssapiServer.java:77) > at org.wildfly.security.sasl.gssapi.GssapiServerFactory.createSaslServer(GssapiServerFactory.java:44) > at org.wildfly.security.sasl.util.SecurityProviderSaslServerFactory.createSaslServer(SecurityProviderSaslServerFactory.java:77) > at org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory.createSaslServer(FilterMechanismSaslServerFactory.java:88) > at org.wildfly.security.sasl.util.PropertiesSaslServerFactory.createSaslServer(PropertiesSaslServerFactory.java:56) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) > at org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory.createSaslServer(SetMechanismInformationSaslServerFactory.java:79) > at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory.createSaslServer(AuthenticationCompleteCallbackSaslServerFactory.java:51) > at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.createSaslServer(TrustManagerSaslServerFactory.java:72) > at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory.createSaslServer(AuthenticationTimeoutSaslServerFactory.java:74) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) > at org.wildfly.security.sasl.util.ServerNameSaslServerFactory.createSaslServer(ServerNameSaslServerFactory.java:48) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64) > at org.wildfly.security.sasl.util.ProtocolSaslServerFactory.createSaslServer(ProtocolSaslServerFactory.java:48) > at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory.createSaslServer(SecurityIdentitySaslServerFactory.java:51) > at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:59) > at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:50) > at org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory.createMechanism(AbstractMechanismAuthenticationFactory.java:54) > at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:259) > at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:125) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:567) > Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) > at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87) > at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:127) > at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) > at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) > at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62) > at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) > at org.wildfly.security.sasl.gssapi.GssapiServer.<init>(GssapiServer.java:72) > ... 24 more > 17:32:21,115 TRACE [org.jboss.remoting.remote] (management I/O-2) Rejected invalid SASL mechanism GSSAPI > 17:32:21,115 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 5 bytes > 17:32:21,115 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel > 17:32:21,115 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 17:32:21,115 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 17:32:21,115 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received 59 bytes > 17:32:21,116 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received message java.nio.HeapByteBuffer[pos=0 lim=55 cap=8192] > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Received java.nio.HeapByteBuffer[pos=0 lim=55 cap=8192] > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capabilities request > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: version 1 > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote endpoint name "cli-client" > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: message close protocol supported > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote version is "5.0.0.Beta17-redhat-1" > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels in is "40" > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels out is "40" > 17:32:21,116 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: authentication service > 17:32:21,116 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 77 bytes > 17:32:21,116 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel > 17:32:21,118 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 17:32:21,118 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 17:32:21,118 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received EOF > 17:32:21,118 TRACE [org.jboss.remoting.remote] (management I/O-2) Received connection end-of-stream > 17:32:21,441 INFO [org.jboss.eapqe.krbldap.eap7.utils.CustomCLIExecutor] (main) CLI executor output: > 17:32:21,441 INFO [org.jboss.eapqe.krbldap.eap7.utils.CustomCLIExecutor] (main) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb5-945898887586223869.conf > Loaded from Java config > >>>KinitOptions cache name is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb5cc > >>>DEBUG <CCacheInputStream> client principal is hnelson7259cb36-69b2-4e28-afb5-f668120a8dea(a)JBOSS.ORG > >>>DEBUG <CCacheInputStream> server principal is krbtgt/JBOSS.ORG(a)JBOSS.ORG > >>>DEBUG <CCacheInputStream> key type: 17 > >>>DEBUG <CCacheInputStream> auth time: Thu Feb 23 17:32:11 CET 2017 > >>>DEBUG <CCacheInputStream> start time: Thu Feb 23 17:32:11 CET 2017 > >>>DEBUG <CCacheInputStream> end time: Fri Feb 24 01:32:11 CET 2017 > >>>DEBUG <CCacheInputStream> renew_till time: null > >>> CCacheInputStream: readFlags() INITIAL; PRE_AUTH; > Found ticket for hnelson7259cb36-69b2-4e28-afb5-f668120a8dea(a)JBOSS.ORG to go to krbtgt/JBOSS.ORG(a)JBOSS.ORG expiring on Fri Feb 24 01:32:11 CET 2017 > Entered Krb5Context.initSecContext with state=STATE_NEW > Service ticket not found in the subject > >>> Credentials acquireServiceCreds: same realm > default etypes for default_tgs_enctypes: 17. > >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType > >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType > >>> KdcAccessibility: reset > >>> KrbKdcReq send: kdc=localhost.localdomain UDP:6088, timeout=5000, number of retries =3, #bytes=648 > >>> KDCCommunication: kdc=localhost.localdomain UDP:6088, timeout=5000,Attempt =1, #bytes=648 > >>> KrbKdcReq send: #bytes read=634 > >>> KdcAccessibility: remove localhost.localdomain:6088 > >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType > >>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000 > >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType > Krb5Context setting mySeqNumber to: 951540638 > Krb5Context setting peerSeqNumber to: 0 > Created InitSecContextToken: > 0000: 01 00 6E 82 02 2C 30 82 02 28 A0 03 02 01 05 A1 ..n..,0..(...... > 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................ > 0020: 2C 61 82 01 28 30 82 01 24 A0 03 02 01 05 A1 0B ,a..(0..$....... > 0030: 1B 09 4A 42 4F 53 53 2E 4F 52 47 A2 2A 30 28 A0 ..JBOSS.ORG.*0(. > 0040: 03 02 01 00 A1 21 30 1F 1B 06 72 65 6D 6F 74 65 .....!0...remote > 0050: 1B 15 6C 6F 63 61 6C 68 6F 73 74 2E 6C 6F 63 61 ..localhost.loca > 0060: 6C 64 6F 6D 61 69 6E A3 81 E3 30 81 E0 A0 03 02 ldomain...0..... > 0070: 01 11 A2 81 D8 04 81 D5 AF 46 53 89 B1 22 66 A6 .........FS.."f. > 0080: C7 3C 9B 50 EB 36 7C D7 95 45 C9 46 BE A7 17 43 .<.P.6...E.F...C > 0090: CD 9E DB B1 34 F7 1E 89 A4 D8 7B 2D 37 F9 4D DE ....4......-7.M. > 00A0: 8C B6 9D 07 83 2B 3E BF 80 34 34 CB 52 B9 01 95 .....+>..44.R... > 00B0: AF 07 D1 8A 15 F8 7D 29 56 03 63 36 13 44 17 0B .......)V.c6.D.. > 00C0: C9 31 CD 6F 41 35 5D B2 5A 5F 25 27 20 8D DE 9A .1.oA5].Z_%' ... > 00D0: 1B A9 26 A9 22 E2 81 4C 18 BB F9 15 27 A4 75 68 ..&."..L....'.uh > 00E0: AF FE F4 2D 84 6D 44 24 73 C8 18 C0 3E 85 3E 0C ...-.mD$s...>.>. > 00F0: 6E 2C 89 FA 54 0B F6 E4 D3 C9 DA A3 61 14 5F 97 n,..T.......a._. > 0100: 1D FE 6A 70 D7 C7 9C D2 91 D7 D0 B0 88 20 A1 C8 ..jp......... .. > 0110: 53 42 DD 6B DB 3C 39 DC 2C DF 8A 52 C9 8B E4 0B SB.k.<9.,..R.... > 0120: AD 05 B8 81 08 0E D2 4E 83 F9 23 C8 DC F1 9A 42 .......N..#....B > 0130: BD 44 A4 DB CB E6 64 9B 9D 53 FA F3 4E 77 99 5F .D....d..S..Nw._ > 0140: AE 0C B3 52 11 B5 6E 65 FB 2C 6E D9 49 A4 81 E2 ...R..ne.,n.I... > 0150: 30 81 DF A0 03 02 01 11 A2 81 D7 04 81 D4 13 3B 0..............; > 0160: BB 37 F0 B9 F9 C3 60 E0 80 DA A2 8D 0C E9 8A 34 .7....`........4 > 0170: DA E1 55 CB 4F 09 EB 36 3A F4 68 D3 90 D9 0F CD ..U.O..6:.h..... > 0180: 0F BA 50 1C A9 5C 70 84 1B CD 43 12 33 41 8A CA ..P..\p...C.3A.. > 0190: 46 B0 21 4B 10 D7 22 5C EC D0 79 C1 0D 5E 1C 58 F.!K.."\..y..^.X > 01A0: 64 7C 75 43 77 96 82 1F 3A AD A2 C1 C4 9B 96 5B d.uCw...:......[ > 01B0: 0D 1B DC 60 BD 76 91 69 53 DE 2F 34 CF 9E 0B EE ...`.v.iS./4.... > 01C0: 8D D9 98 E0 37 AB 8D 2F 0D 61 B5 8C 10 43 20 2B ....7../.a...C + > 01D0: 6D 36 E1 0F 5B 23 22 8A 76 1B 55 0C 2E A1 8C D7 m6..[#".v.U..... > 01E0: 8C 6F D2 07 2B 26 3B BF 54 74 9B 76 4A 78 2B E8 .o..+&;.Tt.vJx+. > 01F0: 70 E3 81 08 E9 8B A3 F1 69 A3 E2 BE 1D 5B 8F 3A p.......i....[.: > 0200: 0F 34 3D 2D 01 69 C4 FC 67 FB 13 4B F3 D9 BE 94 .4=-.i..g..K.... > 0210: 9D 24 75 92 32 13 4B 8B 18 D0 FF 3B F9 51 19 90 .$u.2.K....;.Q.. > 0220: 44 63 61 BF A0 91 9E 76 9D 42 AA 3D B3 46 64 0A Dca....v.B.=.Fd. > 0230: 0D 19 .. > Failed to connect to the controller: Unable to authenticate against controller at localhost.localdomain:9990: Authentication failed: all available authentication mechanisms failed: > GSSAPI: Server rejected authentication > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2526) Domain mode passed unwanted sys props to spawned servers

by John Mazzitelli (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2526?page=com.atlassian.jira.plugi... ] John Mazzitelli commented on WFCORE-2526: ----------------------------------------- BTW: it would be really nice if the solution didn't require any additional configuration changes required in host/server configs like host.xml or domain.xml. Just being able to add a java opts argument to inject a java agent (and the necessary changes that requires in domain.conf) would be ideal. > Domain mode passed unwanted sys props to spawned servers > -------------------------------------------------------- > > Key: WFCORE-2526 > URL: https://issues.jboss.org/browse/WFCORE-2526 > Project: WildFly Core > Issue Type: Enhancement > Reporter: John Mazzitelli > > This is related to WFCORE-350, except the solution to that only involves filtering out some but not all unwanted sys props. > I would say the solution should involve any properties, not just jboss.server.xxx properties. > In my case, I'm trying to inject a javaagent into the host controller but I do NOT want the javaagent in the spawned servers. Because my javaagent uses JBoss Logging (JUL) I'm forced to pass in "-Djboss.modules.system.pkgs=org.jboss.byteman,org.jboss.logmanager" and > "-Djava.util.logging.manager=org.jboss.logmanager.LogManager" so the host controller can start up. > But these gets passed to the spawned servers and causes them to fail to boot up (because while my -javaagent command line argument isn't passed to their JVM, the -D sys props are and those combination of sys props are deadly without a JUL-enabled javaagent). > See: http://lists.jboss.org/pipermail/wildfly-dev/2017-March/005810.html -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017