[JBoss JIRA] (ELY-1155) EJB client requires authentication context to be configured
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1155?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse moved JBEAP-10909 to ELY-1155:
-----------------------------------------------
Project: WildFly Elytron (was: JBoss Enterprise Application Platform)
Key: ELY-1155 (was: JBEAP-10909)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Authentication Client
(was: EJB)
(was: Security)
Affects Version/s: 1.1.0.Beta42
(was: 7.1.0.DR18)
> EJB client requires authentication context to be configured
> -----------------------------------------------------------
>
> Key: ELY-1155
> URL: https://issues.jboss.org/browse/ELY-1155
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Client
> Affects Versions: 1.1.0.Beta42
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
>
> Lets have wildfly-config.xml:
> {code:java}
> <configuration>
> <jboss-ejb-client xmlns="urn:jboss:wildfly-client-ejb:3.0">
> <connections>
> <connection uri="remote+http://127.0.0.1:8080" />
> </connections>
> </jboss-ejb-client>
> </configuration>
> {code}
> EJB client requires authentication context to be configured and this will fail.
> If I following lines are added, everything is fine.
> {code:java}
> <authentication-client xmlns="urn:elytron:1.0">
> <authentication-rules>
> <rule use-configuration="default"/>
> </authentication-rules>
> <authentication-configurations>
> <configuration name="default">
> <use-service-loader-providers/>
> </configuration>
> </authentication-configurations>
> </authentication-client>
> {code}
> IMHO, this should not be required.
> Here is a stacktrace.
> {code:java}
> 10:55:35,178 INFO [org.wildfly.security.Version:57] ELY00001: WildFly Elytron version 1.1.0.Beta42-redhat-1
> Exception in thread "main" java.lang.ExceptionInInitializerError
> at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49)
> at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282)
> at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81)
> at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:139)
> at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:216)
> at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.lambda$discover$0(RemotingEJBDiscoveryProvider.java:103)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:103)
> at org.wildfly.discovery.impl.AggregateDiscoveryProvider.discover(AggregateDiscoveryProvider.java:58)
> at org.wildfly.discovery.ConfiguredProvider.discover(ConfiguredProvider.java:45)
> at org.wildfly.discovery.Discovery.discover(Discovery.java:94)
> at org.jboss.ejb.client.EJBClientContext.discover(EJBClientContext.java:442)
> at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:714)
> at org.jboss.ejb.client.EJBClientContext.performLocatedAction(EJBClientContext.java:701)
> at org.jboss.ejb.client.EJBClientContext.createSession(EJBClientContext.java:681)
> at org.jboss.ejb.client.EJBClient.createSession(EJBClient.java:288)
> at org.jboss.ejb.client.EJBRootContext.lookupNative(EJBRootContext.java:146)
> at org.wildfly.naming.client.AbstractContext.lookup(AbstractContext.java:88)
> at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:153)
> at javax.naming.InitialContext.lookup(InitialContext.java:417)
> at client.Client.main(Client.java:48)
> Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: CONF0003: Unexpected end of document
> at file:/home/istraka/repositories/istraka/mock-artifacts/ejbclient/eap7.1-set-source-ip-address/client/target/classes/META-INF/wildfly-config.xml:23:17
> at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36)
> ... 21 more
> Caused by: org.wildfly.client.config.ConfigXMLParseException: CONF0003: Unexpected end of document
> at file:/home/istraka/repositories/istraka/mock-artifacts/ejbclient/eap7.1-set-source-ip-address/client/target/classes/META-INF/wildfly-config.xml:23:17
> at org.wildfly.client.config.ConfigurationXMLStreamReader.unexpectedDocumentEnd(ConfigurationXMLStreamReader.java:266)
> at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:208)
> at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:141)
> at org.wildfly.se
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (ELY-1155) EJB client requires authentication context to be configured
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1155?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated ELY-1155:
----------------------------------
Fix Version/s: 1.1.0.Beta43
> EJB client requires authentication context to be configured
> -----------------------------------------------------------
>
> Key: ELY-1155
> URL: https://issues.jboss.org/browse/ELY-1155
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Client
> Affects Versions: 1.1.0.Beta42
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.1.0.Beta43
>
>
> Lets have wildfly-config.xml:
> {code:java}
> <configuration>
> <jboss-ejb-client xmlns="urn:jboss:wildfly-client-ejb:3.0">
> <connections>
> <connection uri="remote+http://127.0.0.1:8080" />
> </connections>
> </jboss-ejb-client>
> </configuration>
> {code}
> EJB client requires authentication context to be configured and this will fail.
> If I following lines are added, everything is fine.
> {code:java}
> <authentication-client xmlns="urn:elytron:1.0">
> <authentication-rules>
> <rule use-configuration="default"/>
> </authentication-rules>
> <authentication-configurations>
> <configuration name="default">
> <use-service-loader-providers/>
> </configuration>
> </authentication-configurations>
> </authentication-client>
> {code}
> IMHO, this should not be required.
> Here is a stacktrace.
> {code:java}
> 10:55:35,178 INFO [org.wildfly.security.Version:57] ELY00001: WildFly Elytron version 1.1.0.Beta42-redhat-1
> Exception in thread "main" java.lang.ExceptionInInitializerError
> at org.wildfly.security.auth.client.AuthenticationContext.lambda$static$0(AuthenticationContext.java:49)
> at org.wildfly.common.context.ContextManager.getPrivileged(ContextManager.java:282)
> at org.wildfly.security.auth.client.AuthenticationContext.captureCurrent(AuthenticationContext.java:81)
> at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:139)
> at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:216)
> at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.lambda$discover$0(RemotingEJBDiscoveryProvider.java:103)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:103)
> at org.wildfly.discovery.impl.AggregateDiscoveryProvider.discover(AggregateDiscoveryProvider.java:58)
> at org.wildfly.discovery.ConfiguredProvider.discover(ConfiguredProvider.java:45)
> at org.wildfly.discovery.Discovery.discover(Discovery.java:94)
> at org.jboss.ejb.client.EJBClientContext.discover(EJBClientContext.java:442)
> at org.jboss.ejb.client.EJBClientContext.discoverAffinityNone(EJBClientContext.java:714)
> at org.jboss.ejb.client.EJBClientContext.performLocatedAction(EJBClientContext.java:701)
> at org.jboss.ejb.client.EJBClientContext.createSession(EJBClientContext.java:681)
> at org.jboss.ejb.client.EJBClient.createSession(EJBClient.java:288)
> at org.jboss.ejb.client.EJBRootContext.lookupNative(EJBRootContext.java:146)
> at org.wildfly.naming.client.AbstractContext.lookup(AbstractContext.java:88)
> at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:153)
> at javax.naming.InitialContext.lookup(InitialContext.java:417)
> at client.Client.main(Client.java:48)
> Caused by: org.wildfly.security.auth.client.InvalidAuthenticationConfigurationException: org.wildfly.client.config.ConfigXMLParseException: CONF0003: Unexpected end of document
> at file:/home/istraka/repositories/istraka/mock-artifacts/ejbclient/eap7.1-set-source-ip-address/client/target/classes/META-INF/wildfly-config.xml:23:17
> at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36)
> ... 21 more
> Caused by: org.wildfly.client.config.ConfigXMLParseException: CONF0003: Unexpected end of document
> at file:/home/istraka/repositories/istraka/mock-artifacts/ejbclient/eap7.1-set-source-ip-address/client/target/classes/META-INF/wildfly-config.xml:23:17
> at org.wildfly.client.config.ConfigurationXMLStreamReader.unexpectedDocumentEnd(ConfigurationXMLStreamReader.java:266)
> at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:208)
> at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:141)
> at org.wildfly.se
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFLY-8762) WebSocketsDefinition BUFFER_POOL and WORKER are not configured as capability references
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFLY-8762?page=com.atlassian.jira.plugin.... ]
Brian Stansberry commented on WFLY-8762:
----------------------------------------
Why doesn't your new capability show up in that failure? I was getting that message originally, and quickly fixed those three since the failure message told me what to fix reasonably simply, but then the websocket one was still failing the boot.
I fear the problem is those websocket attributes are not configured but rather have default values, and we're not registering the requirement.
> WebSocketsDefinition BUFFER_POOL and WORKER are not configured as capability references
> ---------------------------------------------------------------------------------------
>
> Key: WFLY-8762
> URL: https://issues.jboss.org/browse/WFLY-8762
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Reporter: Brian Stansberry
> Assignee: Tomaz Cerar
>
> This makes it hard to remove or rename the 'default' worker (e.g. as part of doing performance tuning), because the requirement for that worker isn't shown in standalone.xml. Since there's no capability ref failure, boot proceeds to RUNTIME, ServletContainerService can't start but a whole lot of others can't start as well. So there's a lot of noise that obscures the issue.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFCORE-2807) Revise configuration options of ssl-context in wildfly-config.xml
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2807?page=com.atlassian.jira.plugi... ]
Jan Kalina moved JBEAP-10906 to WFCORE-2807:
--------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-2807 (was: JBEAP-10906)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Security
(was: Security)
Affects Version/s: 3.0.0.Beta21
(was: 7.1.0.DR17)
> Revise configuration options of ssl-context in wildfly-config.xml
> -----------------------------------------------------------------
>
> Key: WFCORE-2807
> URL: https://issues.jboss.org/browse/WFCORE-2807
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta21
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Critical
>
> Comparing subsystem configuration options of client-ssl-context to wildfly-config.xml I am missing these attributes:
> * client-ssl-context
> ** use-cipher-suites-order
> ** maximum-session-cache-size
> ** session-timeout
> * key-managers/trust-managers:
> ** algorithm (is IBM - IBMX509 handled properly? e.g. *ManagerFactory.getDefaultAlgorithm() is called internally)
> * trust-manager
> ** certificate-revocation-list
> * key-managers
> ** key-password
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month
[JBoss JIRA] (WFLY-8772) Deployments referencing outbound connection with authentication context always use Elytron default-authentication-context
by Farah Juma (JIRA)
[ https://issues.jboss.org/browse/WFLY-8772?page=com.atlassian.jira.plugin.... ]
Farah Juma reassigned WFLY-8772:
--------------------------------
Assignee: Farah Juma (was: David Lloyd)
> Deployments referencing outbound connection with authentication context always use Elytron default-authentication-context
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-8772
> URL: https://issues.jboss.org/browse/WFLY-8772
> Project: WildFly
> Issue Type: Bug
> Components: Remoting, Security
> Reporter: Farah Juma
> Assignee: Farah Juma
> Priority: Blocker
> Labels: eap7.1-rfe-blocker, eap7.1-rfe-failure, eap71_beta_candidate
>
> Analysis document for EAP7-551 states the following:
> {quote}This RFE is to add a reference to the new authentication-context capability to the remote-outbound-connection resource and make use of it satisfy the security requirements for the outbound connections being established.
> The AuthenticationContext will be used to access both information required for authentication and also for any SSLContext required for the connection.
> A newly referenced authentication-context will be used to provide all security configuration for outbound connections.{quote}
> However, currently the remoting outbound connections will only use Elytron default authentication context and ignore authentication context defined in remoting outbound connection resource:
> * If no default authentication context is defined in Elytron subsystem but remote outbound connection has defined one, no authentication context is associated with remote outbound connection.
> * If the default authentication context is defined in Elytron subsystem but no authentication context is defined in remote outbound connection, remoting assumes that outbound connection uses legacy security.
> * If the default authentication context is defined in Elytron subsystem and different authentication context is defined in remote outbound connection, the remote outbound connection will use the Elytron subsystem default none the less.
> * The authentication context defined in outbound remote connection will only work if it is the same as default authentication context in Elytron subsystem.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 1 month