March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-8267) Unable to undefine credential-reference

by Tomas Hofman (JIRA)

Tomas Hofman created WFLY-8267: ---------------------------------- Summary: Unable to undefine credential-reference Key: WFLY-8267 URL: https://issues.jboss.org/browse/WFLY-8267 Project: WildFly Issue Type: Bug Components: JMS, Security Reporter: Tomas Hofman Assignee: Tomas Hofman A bridge is added and a credential-reference is set. However a "password" attribute cannot be set as the alternatives constraint validates the data, but the password attribute has a default value. Also neither credential-reference and password are required=true, so they may be undefined. {code} /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:add(discovery-group=mane,queue-name=DLQ,forwarding-address=DLQ) /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:write-attribute(name=credential-reference,value={clear-text=senha1}) /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:undefine-attribute(name=credential-reference) { "outcome" => "failed", "failure-description" => {"domain-failure-description" => "WFLYMSGAMQ0069: Attribute (credential-reference) can not been undefined as the resource does not define any alternative to this attribute."}, "rolled-back" => true } {code} The same problem, when user adds a bridge with a password and later wants to undefine it to add a credential-reference {code} /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:add(discovery-group=mane,queue-name=DLQ,forwarding-address=DLQ,password=senha1) /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:undefine-attribute(name=password) { "outcome" => "failed", "failure-description" => {"domain-failure-description" => "WFLYMSGAMQ0069: Attribute (password) can not been undefined as the resource does not define any alternative to this attribute."}, "rolled-back" => true } {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years

1
0
0 / 0

[JBoss JIRA] (WFLY-8238) Unable to undefine credential-reference

by Tomas Hofman (JIRA)

[ https://issues.jboss.org/browse/WFLY-8238?page=com.atlassian.jira.plugin.... ] Tomas Hofman commented on WFLY-8238: ------------------------------------ This is a bug in messaging subsystem - {{AlternativeAttributeCheckHandler}} doesn't allow to undefine attributes where alternatives are set, if the alternatives are undefined. It should take into account whether the attribute is required or not, which it doesn't and treats them always as required. When this is changed it will affect number of other attributes across the subsystem, and for some the "required" behaviour may be desirable. I didn't find any attributes that would be marked as required and had alternatives set too, which is probably a mistake. > Unable to undefine credential-reference > --------------------------------------- > > Key: WFLY-8238 > URL: https://issues.jboss.org/browse/WFLY-8238 > Project: WildFly > Issue Type: Bug > Components: JMS, Security > Reporter: Claudio Miranda > Assignee: Tomas Hofman > > A bridge is added and a credential-reference is set. > However a "password" attribute cannot be set as the alternatives constraint validates the data, but the password attribute has a default value. > Also neither credential-reference and password are required=true, so they may be undefined. > {code} > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:add(discovery-group=mane,queue-name=DLQ,forwarding-address=DLQ) > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:write-attribute(name=credential-reference,value={clear-text=senha1}) > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:undefine-attribute(name=credential-reference) > { > "outcome" => "failed", > "failure-description" => {"domain-failure-description" => "WFLYMSGAMQ0069: Attribute (credential-reference) can not been undefined as the resource does not define any alternative to this attribute."}, > "rolled-back" => true > } > {code} > The same problem, when user adds a bridge with a password and later wants to undefine it to add a credential-reference > {code} > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:add(discovery-group=mane,queue-name=DLQ,forwarding-address=DLQ,password=senha1) > /profile=full/subsystem=messaging-activemq/server=default/bridge=test1:undefine-attribute(name=password) > { > "outcome" => "failed", > "failure-description" => {"domain-failure-description" => "WFLYMSGAMQ0069: Attribute (password) can not been undefined as the resource does not define any alternative to this attribute."}, > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years

1
0
0 / 0

[JBoss JIRA] (WFLY-5319) fix org.jboss.as.test.integration.jpa.mockprovider.txtimeout.TxTimeoutTestCase.test_negativeTxTimeoutVerifyReaperThreadCanceledTxTest failure

by Scott Marlow (JIRA)

[ https://issues.jboss.org/browse/WFLY-5319?page=com.atlassian.jira.plugin.... ] Scott Marlow commented on WFLY-5319: ------------------------------------ [https://github.com/wildfly/wildfly/pull/8092] mentions "WFLY-5319 ignore TxTimeoutTestCase which seems to fail due to EJB StatefulSessionSynchronizationInterceptor.releaseLock not expecting to be called from TM Reaper thread", since I didn't mention this claim here, of what the possible cause is, I'm repeating it now. > fix org.jboss.as.test.integration.jpa.mockprovider.txtimeout.TxTimeoutTestCase.test_negativeTxTimeoutVerifyReaperThreadCanceledTxTest failure > --------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-5319 > URL: https://issues.jboss.org/browse/WFLY-5319 > Project: WildFly > Issue Type: Feature Request > Components: JPA / Hibernate > Reporter: Scott Marlow > Assignee: Scott Marlow > > https://gist.github.com/scottmarlow/6409290362f35f2d1320 contains the error exception -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years

1
0
0 / 0

[JBoss JIRA] (HAWKULARQE-32) Cassandra/Hawkular Schema Test

by Sunil kondkar (JIRA)

[ https://issues.jboss.org/browse/HAWKULARQE-32?page=com.atlassian.jira.plu... ] Sunil kondkar commented on HAWKULARQE-32: ----------------------------------------- Tested manually as below: 1) create/start cassandra version 3.10 ccm create hawkular -v 3.10 -n 1 ccm updateconf "start_rpc: true" ccm start 2) Start hawkular service version 33 ./standalone.sh -Dhawkular.rest.user=jdoe -Dhawkular.rest.password=password -Dhawkular.agent.enabled=true 3) Stopped cassandra with 'ccm stop' when I see below in logs 08:03:14,852 INFO [org.hawkular.metrics.schema.SchemaService] (metricsservice-lifecycle-thread) Creating table metrics_tags_idx 08:03:16,038 INFO [org.hawkular.metrics.schema.SchemaService] (metricsservice-lifecycle-thread) Creating table metrics_idx 4) Stopped hawkular services 5) Started cassandra with ccm start 6) Verified hawkular service continues schema creation. > Cassandra/Hawkular Schema Test > ------------------------------ > > Key: HAWKULARQE-32 > URL: https://issues.jboss.org/browse/HAWKULARQE-32 > Project: Hawkular QE > Issue Type: Task > Reporter: Matt Mahoney > Assignee: Sunil kondkar > > Test case request from Heiko (verbatim): > Start C*,wait until up. Start metrics/h-services > and once it starts schema creation (watch the logs), kill C*. Stop > h-services. Start C* again and then h-services,it should continue Schema > creation > While I was talking about h-services here, this applies foremost to > h-metrics (which is also used inside > of h-services). > Also I think Juca had a variation of this yesterday: > deploy h-metrics + C* into Openshift and then scale h-metrics up and > down at will. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years

1
0
0 / 0

[JBoss JIRA] (HAWKULARQE-32) Cassandra/Hawkular Schema Test

by Sunil kondkar (JIRA)

[ https://issues.jboss.org/browse/HAWKULARQE-32?page=com.atlassian.jira.plu... ] Sunil kondkar commented on HAWKULARQE-32: ----------------------------------------- Test case in Polarion: https://polarion.engineering.redhat.com/polarion/#/project/JBossON4/worki... > Cassandra/Hawkular Schema Test > ------------------------------ > > Key: HAWKULARQE-32 > URL: https://issues.jboss.org/browse/HAWKULARQE-32 > Project: Hawkular QE > Issue Type: Task > Reporter: Matt Mahoney > Assignee: Sunil kondkar > > Test case request from Heiko (verbatim): > Start C*,wait until up. Start metrics/h-services > and once it starts schema creation (watch the logs), kill C*. Stop > h-services. Start C* again and then h-services,it should continue Schema > creation > While I was talking about h-services here, this applies foremost to > h-metrics (which is also used inside > of h-services). > Also I think Juca had a variation of this yesterday: > deploy h-metrics + C* into Openshift and then scale h-metrics up and > down at will. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years

1
0
0 / 0

[JBoss JIRA] (ELY-978) MechanismInformationCallback blocks certificate based authn (Undertow with Elytron)

by Ondrej Kotek (JIRA)

[ https://issues.jboss.org/browse/ELY-978?page=com.atlassian.jira.plugin.sy... ] Ondrej Kotek closed ELY-978. ---------------------------- Resolution: Won't Fix Not a bug. {{CLIENT_CERT}} mechanism name has to used in {{http-authentication-factory}} instead of {{CLIENT-CERT}}. [~zrhoads], could you fix the documentation [1] please? > MechanismInformationCallback blocks certificate based authn (Undertow with Elytron) > ----------------------------------------------------------------------------------- > > Key: ELY-978 > URL: https://issues.jboss.org/browse/ELY-978 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Affects Versions: 1.1.0.Beta26 > Reporter: Ondrej Kotek > Priority: Blocker > Labels: authentication, eap71_alpha, http, ssl > Attachments: deployment.war, standalone.xml > > > It is not possible to set up authentication based on certificates. Following the community documentation [1,2] to set up 2-way SSL for apps and certificates based auth. Everything works as expected until a client with {{client}} certificate tries to access protected resource that should be accessible. Such resource returns 403 Forbidden instead of 200 OK. Trace log: > {noformat} > 13:31:15,565 TRACE [org.wildfly.security] (default task-33) Evidence verification: evidence = org.wildfly.security.evidence.X509PeerCertificateChainEvidence@42d7e114 evidencePrincipal = CN=client > 13:31:15,566 TRACE [org.wildfly.security] (default task-33) X500 principal [CN=client] decoded as name [client] (attribute values: [client]) > 13:31:15,566 TRACE [org.wildfly.security] (default task-33) Principal assigning: [CN=client], pre-realm rewritten: [client], realm name: [ksRealm], post realm rewritten: [client], realm rewritten: [client] > 13:31:15,566 TRACE [org.wildfly.security] (default task-33) X500 principal [CN=client] decoded as name [client] (attribute values: [client]) > 13:31:15,566 TRACE [org.wildfly.security] (default task-33) Evidence verification succeed for alias [client] > 13:31:15,566 TRACE [org.wildfly.security] (default task-33) Role mapping: principal [client] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles [Guest, Admin] > 13:31:15,566 TRACE [org.wildfly.security] (default task-33) Authorizing principal client. > 13:31:15,566 TRACE [org.wildfly.security] (default task-33) Authorizing against the following attributes: [] => [] > 13:31:15,566 TRACE [org.wildfly.security] (default task-33) Permission mapping: identity [client] with roles [Guest, Admin] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true > 13:31:15,566 TRACE [org.wildfly.security] (default task-33) Authorization succeed > 13:31:15,566 TRACE [org.wildfly.security] (default task-33) Authentication succeed for principal [CN=client] > 13:31:15,573 TRACE [org.wildfly.security] (default task-34) Handling MechanismInformationCallback > 13:31:15,574 TRACE [org.wildfly.security] (default task-34) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='CLIENT_CERT', hostName='localhost', protocol='https'. > {noformat} > The last message comes from {{ServerAuthenticationContext}} [3]. > [1] https://docs.jboss.org/author/display/WFLY/Using+the+Elytron+Subsystem#Us... > [2] https://docs.jboss.org/author/display/WFLY/Using+the+Elytron+Subsystem#Us... > [3] https://github.com/wildfly-security/wildfly-elytron/blob/6e4dad322ab04215... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years

1
0
0 / 0

[JBoss JIRA] (WFLY-8266) Credential store, during creation of CS backed keystore is not created on filesystem.

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-8266?page=com.atlassian.jira.plugin.... ] Martin Choma updated WFLY-8266: ------------------------------- Description: Keystore is created after writing secret key into it. So instead of "write alias" operation it is more "write alias and create backed keystore if not exists yet" operation. How to reproduce: - create credential store from scratch {code} [standalone@localhost:9990 /] /subsystem=elytron/credential-store=myCredStore:add(uri="cr-store://test/myCredStore.jceks?create=true", credential-reference={clear-text=pass123}, relative-to=jboss.server.config.dir) {"outcome" => "success"} {code} - myCredStore.jceks does not exists on FS (I would expect it will be created) {code} [standalone@localhost:9990 /] /subsystem=elytron/credential-store=myCredStore/alias=myAlias:add(secret-value=secret) {"outcome" => "success"} {code} - myCredStore.jceks exists on FS Setting high priority as lack of this behaviour can lead to more complex problems in multiprocess scenarios (e.g domain mode) was: Keystore is created after writing secret key into it. So instead of "write alias" operation it is more "write alias and create backed keystore if not exists yet" operation. How to reproduce: - create credential store from scratch {code} [standalone@localhost:9990 /] /subsystem=elytron/credential-store=myCredStore:add(uri="cr-store://test/myCredStore.jceks?create=true", credential-reference={clear-text=pass123}, relative-to=jboss.server.config.dir) {"outcome" => "success"} {code} - myCredStore.jceks does not exists on FS (I would expect it will be created) {code} [standalone@localhost:9990 /] /subsystem=elytron/credential-store=myCredStore/alias=myAlias:add(secret-value=secret) {"outcome" => "success"} {code} - myCredStore.jceks exists on FS Setting high priority as lack of this ehaviour can lead to more complex problems in multiprocess scenarios (e.g domain mode) > Credential store, during creation of CS backed keystore is not created on filesystem. > ------------------------------------------------------------------------------------- > > Key: WFLY-8266 > URL: https://issues.jboss.org/browse/WFLY-8266 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > > Keystore is created after writing secret key into it. So instead of "write alias" operation it is more "write alias and create backed keystore if not exists yet" operation. > How to reproduce: > - create credential store from scratch > {code} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=myCredStore:add(uri="cr-store://test/myCredStore.jceks?create=true", credential-reference={clear-text=pass123}, relative-to=jboss.server.config.dir) > {"outcome" => "success"} > {code} > - myCredStore.jceks does not exists on FS (I would expect it will be created) > {code} > [standalone@localhost:9990 /] /subsystem=elytron/credential-store=myCredStore/alias=myAlias:add(secret-value=secret) > {"outcome" => "success"} > {code} > - myCredStore.jceks exists on FS > Setting high priority as lack of this behaviour can lead to more complex problems in multiprocess scenarios (e.g domain mode) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years

1
0
0 / 0

[JBoss JIRA] (WFLY-8266) Credential store, during creation of CS backed keystore is not created on filesystem.

by Martin Choma (JIRA)

Martin Choma created WFLY-8266: ---------------------------------- Summary: Credential store, during creation of CS backed keystore is not created on filesystem. Key: WFLY-8266 URL: https://issues.jboss.org/browse/WFLY-8266 Project: WildFly Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Critical Keystore is created after writing secret key into it. So instead of "write alias" operation it is more "write alias and create backed keystore if not exists yet" operation. How to reproduce: - create credential store from scratch {code} [standalone@localhost:9990 /] /subsystem=elytron/credential-store=myCredStore:add(uri="cr-store://test/myCredStore.jceks?create=true", credential-reference={clear-text=pass123}, relative-to=jboss.server.config.dir) {"outcome" => "success"} {code} - myCredStore.jceks does not exists on FS (I would expect it will be created) {code} [standalone@localhost:9990 /] /subsystem=elytron/credential-store=myCredStore/alias=myAlias:add(secret-value=secret) {"outcome" => "success"} {code} - myCredStore.jceks exists on FS Setting high priority as lack of this ehaviour can lead to more complex problems in multiprocess scenarios (e.g domain mode) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-846) Some tests throws "Permission check failed" while run with security manager

by Jan Tymel (JIRA)

[ https://issues.jboss.org/browse/WFCORE-846?page=com.atlassian.jira.plugin... ] Jan Tymel reopened WFCORE-846: ------------------------------ Reopening since there still are some tests failing with security manager: * org.jboss.as.test.integration.domain.slavereconnect.SlaveReconnectTestCase * org.jboss.as.test.integration.domain.suites.DeploymentRolloutFailureTestCase * org.jboss.as.test.integration.jmx.ModelControllerMBeanTestCase * org.jboss.as.test.integration.logging.operations.CustomFormattersTestCase * org.jboss.as.test.integration.logging.operations.CustomHandlerOperationsTestCase * org.jboss.as.test.integration.logging.operations.CustomHandlerTestCase * org.jboss.as.test.integration.logging.operations.Log4jCustomHandlerTestCase * org.jboss.as.test.integration.logging.perdeploy.JBossLog4jXmlTestCase * org.jboss.as.test.integration.logging.perdeploy.JBossLoggingPropertiesTestCase * org.jboss.as.test.integration.logging.perdeploy.Log4jPropertiesTestCase * org.jboss.as.test.integration.logging.perdeploy.Log4jXmlTestCase * org.jboss.as.test.integration.logging.perdeploy.LoggingPropertiesTestCase * org.jboss.as.test.integration.logging.profiles.LoggingProfilesTestCase * org.jboss.as.test.integration.logging.profiles.NonExistingProfileTestCase * org.jboss.as.test.integration.logging.syslog.SyslogHandlerTestCase * org.jboss.as.test.integration.management.cli.modules.ModuleResourceRootPathsTestCase * org.jboss.as.test.integration.mgmt.access.JmxSensitiveTestCase * org.jboss.as.test.manualmode.deployment.InterdependentDeploymentTestCase * org.jboss.as.test.manualmode.logging.Log4jAppenderTestCase * org.jboss.as.test.manualmode.logging.LoggingPreferencesTestCase * org.jboss.as.test.manualmode.logging.PerDeployLoggingTestCase * org.jboss.as.test.manualmode.logging.ReconnectSyslogServerTestCase * org.jboss.as.test.manualmode.logging.SizeAppenderRestartTestCase * org.jboss.as.test.manualmode.logging.SyslogIsNotAvailableDuringServerBootTestCase * org.wildfly.core.test.standalone.mgmt.api.core.DeploymentOperationsTestCase > Some tests throws "Permission check failed" while run with security manager > --------------------------------------------------------------------------- > > Key: WFCORE-846 > URL: https://issues.jboss.org/browse/WFCORE-846 > Project: WildFly Core > Issue Type: Bug > Components: Test Suite > Affects Versions: 2.0.0.Alpha11 > Reporter: Petr Kremensky > Assignee: Ingo Weiss > Fix For: 3.0.0.Alpha23 > > > Some tests are failing to deploy an archive when testsuite run with security manager enabled. > {noformat} > 08:03:07,171 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service test.deployment.trivial: org.jboss.msc.service.StartException in service test.deployment.trivial: Failed to start service > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.util.PropertyPermission" "test.deployment.trivial.prop" "write")" in code source "(vfs:/content/test-http-deployment.sar <no signer certificates>)" of "null") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:274) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:176) > at java.lang.System.setProperty(System.java:792) > at org.jboss.as.test.deployment.trivial.ServiceActivatorDeployment.start(ServiceActivatorDeployment.java:80) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) > ... 3 more > 08:03:07,173 ERROR [org.jboss.as.controller.management-operation] (XNIO-1 task-5) WFLYCTL0013: Operation ("add") failed - address: ([{"deployment" => "test-http-deployment.sar"}]) - failure description: {"WFLYCTL0080: Failed services" => {"test.deployment.trivial" => "org.jboss.msc.service.StartException in service test.deployment.trivial: Failed to start service > Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission \"(\"java.util.PropertyPermission\" \"test.deployment.trivial.prop\" \"write\")\" in code source \"(vfs:/content/test-http-deployment.sar <no signer certificates>)\" of \"null\")"}} > 08:03:07,174 ERROR [org.jboss.as.server] (XNIO-1 task-5) WFLYSRV0021: Deploy of deployment "test-http-deployment.sar" was rolled back with the following failure message: > {"WFLYCTL0080: Failed services" => {"test.deployment.trivial" => "org.jboss.msc.service.StartException in service test.deployment.trivial: Failed to start service > Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission \"(\"java.util.PropertyPermission\" \"test.deployment.trivial.prop\" \"write\")\" in code source \"(vfs:/content/test-http-deployment.sar <no signer certificates>)\" of \"null\")"}} > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2193) JmxControlledStateNotificationsTestCase fails with security manager in WF core

by Jan Tymel (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2193?page=com.atlassian.jira.plugi... ] Jan Tymel reopened WFCORE-2193: ------------------------------- Reopening due to the issue with IBM JDK. The test located in domain submodule of testsuite fails with IBM JDK. On OpenJDK and "standard" (~Oracle) JDK passes. The output is following: {code} [Server:main-one] 13:07:49,343 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6) MSC000001: Failed to start service test.deployment.jmx: org.jboss.msc.service.StartException in service test.deployment.jmx: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jtymel/jboss-eap/src/7.1/jboss-eap-7.1.0.DR12-core/testsuite/domain/target/domains/JmxControlledStateNotificationsTestCase/master" "read")" in code source "(vfs:/content/test-jmx-notifications-deployment.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-jmx-notifications-deployment.jar" from Service Module Loader") [Server:main-one] at org.wildfly.test.jmx.ServiceActivatorDeployment.start(ServiceActivatorDeployment.java:111) [Server:main-one] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) [jboss-msc-1.2.7.SP1-redhat-1.jar:1.2.7.SP1-redhat-1] [Server:main-one] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) [jboss-msc-1.2.7.SP1-redhat-1.jar:1.2.7.SP1-redhat-1] [Server:main-one] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153) [rt.jar:1.8.0] [Server:main-one] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [rt.jar:1.8.0] [Server:main-one] at java.lang.Thread.run(Thread.java:785) [vm.jar:1.8.0] [Server:main-one] Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jtymel/jboss-eap/src/7.1/jboss-eap-7.1.0.DR12-core/testsuite/domain/target/domains/JmxControlledStateNotificationsTestCase/master" "read")" in code source "(vfs:/content/test-jmx-notifications-deployment.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-jmx-notifications-deployment.jar" from Service Module Loader") [Server:main-one] at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) [wildfly-elytron-1.1.0.Beta25-redhat-1.jar:1.1.0.Beta25-redhat-1] [Server:main-one] at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) [wildfly-elytron-1.1.0.Beta25-redhat-1.jar:1.1.0.Beta25-redhat-1] [Server:main-one] at java.lang.SecurityManager.checkRead(SecurityManager.java:901) [rt.jar:1.8.0] [Server:main-one] at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350) [wildfly-elytron-1.1.0.Beta25-redhat-1.jar:1.1.0.Beta25-redhat-1] [Server:main-one] at sun.nio.fs.UnixPath.checkRead(UnixPath.java:815) [rt.jar:1.8.0] [Server:main-one] at sun.nio.fs.UnixFileSystemProvider.checkAccess(UnixFileSystemProvider.java:302) [rt.jar:1.8.0] [Server:main-one] at java.nio.file.Files.createDirectories(Files.java:757) [rt.jar:1.8.0] [Server:main-one] at org.wildfly.test.jmx.ControlledStateNotificationListener.init(ControlledStateNotificationListener.java:57) [Server:main-one] at org.wildfly.test.jmx.ControlledStateNotificationListener.<init>(ControlledStateNotificationListener.java:43) [Server:main-one] at java.lang.J9VMInternals.newInstanceImpl(Native Method) [vm.jar:1.8.0] [Server:main-one] at java.lang.Class.newInstance(Class.java:1899) [vm.jar:1.8.0] [Server:main-one] at org.wildfly.test.jmx.ServiceActivatorDeployment.start(ServiceActivatorDeployment.java:106) [Server:main-one] ... 5 more [Server:main-one] [Server:main-one] 13:07:49,353 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 7) WFLYCTL0013: Operation ("add") failed - address: ([("deployment" => "test-jmx-notifications-deployment.jar")]) - failure description: { [Server:main-one] "WFLYCTL0080: Failed services" => {"test.deployment.jmx" => "org.jboss.msc.service.StartException in service test.deployment.jmx: java.security.AccessControlException: WFSM000001: Permission check failed (permission \"(\"java.io.FilePermission\" \"/home/jtymel/jboss-eap/src/7.1/jboss-eap-7.1.0.DR12-core/testsuite/domain/target/domains/JmxControlledStateNotificationsTestCase/master\" \"read\")\" in code source \"(vfs:/content/test-jmx-notifications-deployment.jar <no signer certificates>)\" of \"ModuleClassLoader for Module \"deployment.test-jmx-notifications-deployment.jar\" from Service Module Loader\") [Server:main-one] Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission \"(\"java.io.FilePermission\" \"/home/jtymel/jboss-eap/src/7.1/jboss-eap-7.1.0.DR12-core/testsuite/domain/target/domains/JmxControlledStateNotificationsTestCase/master\" \"read\")\" in code source \"(vfs:/content/test-jmx-notifications-deployment.jar <no signer certificates>)\" of \"ModuleClassLoader for Module \"deployment.test-jmx-notifications-deployment.jar\" from Service Module Loader\")"}, [Server:main-one] "WFLYCTL0412: Required services that are not installed:" => ["test.deployment.jmx"] [Server:main-one] } [Server:main-one] 13:07:49,365 ERROR [org.jboss.as.server] (ServerService Thread Pool -- 7) WFLYSRV0021: Deploy of deployment "test-jmx-notifications-deployment.jar" was rolled back with the following failure message: [Server:main-one] { [Server:main-one] "WFLYCTL0080: Failed services" => {"test.deployment.jmx" => "org.jboss.msc.service.StartException in service test.deployment.jmx: java.security.AccessControlException: WFSM000001: Permission check failed (permission \"(\"java.io.FilePermission\" \"/home/jtymel/jboss-eap/src/7.1/jboss-eap-7.1.0.DR12-core/testsuite/domain/target/domains/JmxControlledStateNotificationsTestCase/master\" \"read\")\" in code source \"(vfs:/content/test-jmx-notifications-deployment.jar <no signer certificates>)\" of \"ModuleClassLoader for Module \"deployment.test-jmx-notifications-deployment.jar\" from Service Module Loader\") [Server:main-one] Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission \"(\"java.io.FilePermission\" \"/home/jtymel/jboss-eap/src/7.1/jboss-eap-7.1.0.DR12-core/testsuite/domain/target/domains/JmxControlledStateNotificationsTestCase/master\" \"read\")\" in code source \"(vfs:/content/test-jmx-notifications-deployment.jar <no signer certificates>)\" of \"ModuleClassLoader for Module \"deployment.test-jmx-notifications-deployment.jar\" from Service Module Loader\")"}, [Server:main-one] "WFLYCTL0412: Required services that are not installed:" => ["test.deployment.jmx"] [Server:main-one] } [Server:main-one] 13:07:49,369 INFO [org.jboss.as.server.deployment] (MSC service thread 1-4) WFLYSRV0028: Stopped deployment test-jmx-notifications-deployment.jar (runtime-name: test-jmx-notifications-deployment.jar) in 11ms [Server:main-one] 13:07:49,377 INFO [org.jboss.as.controller] (ServerService Thread Pool -- 7) WFLYCTL0183: Service status report [Server:main-one] WFLYCTL0186: Services which failed to start: service test.deployment.jmx [Server:main-one] Failed: { "address" => [ ("server-group" => "main-server-group"), ("deployment" => "test-jmx-notifications-deployment.jar") ], "operation" => "add", "enabled" => true } {code} The test located in manualmode submodule passes fine on all JDKs. > JmxControlledStateNotificationsTestCase fails with security manager in WF core > ------------------------------------------------------------------------------ > > Key: WFCORE-2193 > URL: https://issues.jboss.org/browse/WFCORE-2193 > Project: WildFly Core > Issue Type: Bug > Components: Test Suite > Environment: IBM JDK > Reporter: Jan Tymel > Assignee: Ingo Weiss > Fix For: 3.0.0.Alpha23 > > > *org.jboss.as.test.integration.domain.events.JmxControlledStateNotificationsTestCase* > {{cd testsuite/domain/}} > {{mvn test -DtestLogToFile=false -Dtest=JmxControlledStateNotificationsTestCase -Dsecurity.manager}} > *org.wildfly.core.test.standalone.mgmt.events.JmxControlledStateNotificationsTestCase* > {{cd testsuite/manualmode/}} > {{mvn test -DtestLogToFile=false -Dtest=JmxControlledStateNotificationsTestCase -Dsecurity.manager}} > Both test cases fail with: > {code} > Tests run: 2, Failures: 2, Errors: 0, Skipped: 0, Time elapsed: 0.014 sec <<< FAILURE! - in org.jboss.as.test.integration.domain.events.JmxControlledStateNotificationsTestCase > org.jboss.as.test.integration.domain.events.JmxControlledStateNotificationsTestCase Time elapsed: 0.007 sec <<< FAILURE! > java.lang.AssertionError: {"outcome" => "failed","result" => undefined,"failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"main-server-group" => {"host" => {"master" => {"main-one" => {"WFLYCTL0080: Failed services" => {"test.deployment.jmx" => "org.jboss.msc.service.StartException in service test.deployment.jmx: java.security.AccessControlException: WFSM000001: Permission check failed (permission \"(\"java.util.PropertyPermission\" \"user.dir\" \"read\")\" in code source \"(vfs:/content/test-jmx-notifications-deployment.jar <no signer certificates>)\" of \"ModuleClassLoader for Module \"deployment.test-jmx-notifications-deployment.jar:main\" from Service Module Loader\") > Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission \"(\"java.util.PropertyPermission\" \"user.dir\" \"read\")\" in code source \"(vfs:/content/test-jmx-notifications-deployment.jar <no signer certificates>)\" of \"ModuleClassLoader for Module \"deployment.test-jmx-notifications-deployment.jar:main\" from Service Module Loader\")"},"WFLYCTL0412: Required services that are not installed:" => ["test.deployment.jmx"],"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined}}}}}}},"rolled-back" => true,"server-groups" => {"main-server-group" => {"host" => {"master" => {"main-one" => {"response" => {"outcome" => "failed","failure-description" => {"WFLYCTL0080: Failed services" => {"test.deployment.jmx" => "org.jboss.msc.service.StartException in service test.deployment.jmx: java.security.AccessControlException: WFSM000001: Permission check failed (permission \"(\"java.util.PropertyPermission\" \"user.dir\" \"read\")\" in code source \"(vfs:/content/test-jmx-notifications-deployment.jar <no signer certificates>)\" of \"ModuleClassLoader for Module \"deployment.test-jmx-notifications-deployment.jar:main\" from Service Module Loader\") > Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission \"(\"java.util.PropertyPermission\" \"user.dir\" \"read\")\" in code source \"(vfs:/content/test-jmx-notifications-deployment.jar <no signer certificates>)\" of \"ModuleClassLoader for Module \"deployment.test-jmx-notifications-deployment.jar:main\" from Service Module Loader\")"},"WFLYCTL0412: Required services that are not installed:" => ["test.deployment.jmx"],"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined},"rolled-back" => true}}}}}}} > at org.junit.Assert.fail(Assert.java:88) > at org.jboss.as.test.integration.management.rbac.RbacUtil.checkOperationResult(RbacUtil.java:115) > at org.jboss.as.test.integration.management.rbac.RbacUtil.executeOperation(RbacUtil.java:100) > at org.wildfly.test.jmx.JMXFacadeListenerDeploymentSetupTask.setup(JMXFacadeListenerDeploymentSetupTask.java:75) > at org.jboss.as.test.integration.domain.events.JmxControlledStateNotificationsTestCase.setupDomain(JmxControlledStateNotificationsTestCase.java:66) > org.jboss.as.test.integration.domain.events.JmxControlledStateNotificationsTestCase Time elapsed: 0.014 sec <<< FAILURE! > java.lang.AssertionError: {"outcome" => "failed","result" => undefined,"failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"main-server-group" => {"host" => {"master" => {"main-one" => "WFLYCTL0216: Management resource '[(\"deployment\" => \"test-jmx-notifications-deployment.jar\")]' not found"}}}}}},"rolled-back" => true,"server-groups" => {"main-server-group" => {"host" => {"master" => {"main-one" => {"response" => {"outcome" => "failed","failure-description" => "WFLYCTL0216: Management resource '[(\"deployment\" => \"test-jmx-notifications-deployment.jar\")]' not found","rolled-back" => true}}}}}}} > at org.junit.Assert.fail(Assert.java:88) > at org.jboss.as.test.integration.management.rbac.RbacUtil.checkOperationResult(RbacUtil.java:115) > at org.jboss.as.test.integration.management.rbac.RbacUtil.executeOperation(RbacUtil.java:100) > at org.wildfly.test.jmx.JMXFacadeListenerDeploymentSetupTask.tearDown(JMXFacadeListenerDeploymentSetupTask.java:115) > at org.jboss.as.test.integration.domain.events.JmxControlledStateNotificationsTestCase.tearDownDomain(JmxControlledStateNotificationsTestCase.java:71) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017