May 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2821) Elytron two way SSL with CRL set does not work

by Kabir Khan (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2821?page=com.atlassian.jira.plugi... ] Kabir Khan resolved WFCORE-2821. -------------------------------- Fix Version/s: 3.0.0.Beta22 Resolution: Done > Elytron two way SSL with CRL set does not work > ---------------------------------------------- > > Key: WFCORE-2821 > URL: https://issues.jboss.org/browse/WFCORE-2821 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta21 > Reporter: Ondrej Kotek > Priority: Blocker > Labels: eap7.1-rfe-blocker > Fix For: 3.0.0.Beta22 > > > Having set two way SSL Elytron {{server-ssl-context}} [1] but with {{trust-managers}} with {{certificate-revocation-list}} set (and {{algorithm}} unset), a client is not able to connect to the server, because the server closes connections. > Debugging reveals that just {{getAcceptedIssuers}} method is called on {{X509CRLExtendedTrustManager}} and returns {{null}} (as set from the subsystem). > There is also unexpected error in server log (twice): > {noformat} > ERROR [org.xnio.nio] (default I/O-3) XNIO000011: Task io.undertow.protocols.ssl.SslConduit$5$1@106b714d failed with an exception: java.lang.RuntimeException: Delegated task threw Exception/Error > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429) > at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) > at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) > at io.undertow.protocols.ssl.ALPNHackSSLEngine.unwrap(ALPNHackSSLEngine.java:265) > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) > at io.undertow.server.protocol.http.ALPNLimitingSSLEngine.unwrap(ALPNLimitingSSLEngine.java:73) > at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:749) > at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:646) > at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63) > at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1046) > at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:468) > Caused by: java.lang.NullPointerException > at sun.security.ssl.HandshakeMessage$CertificateRequest.<init>(HandshakeMessage.java:1306) > at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:963) > at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) > at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) > at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) > at java.security.AccessController.doPrivileged(Native Method) > at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) > at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1034) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > {noformat} > The CRL functionality is required by EAP7-203, hence Blocker priority is set. > [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildF... > [2] https://docs.jboss.org/author/display/WFLY/SSL+Configuration+using+Elytro... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8842) Elytron AuthenticationConfiguration uses SASL mechanism from incorrect security Provider in some cases

by Josef Cacek (JIRA)

Josef Cacek created WFLY-8842: --------------------------------- Summary: Elytron AuthenticationConfiguration uses SASL mechanism from incorrect security Provider in some cases Key: WFLY-8842 URL: https://issues.jboss.org/browse/WFLY-8842 Project: WildFly Issue Type: Bug Components: Security Reporter: Josef Cacek Assignee: Darran Lofthouse Priority: Blocker In our tests for PLAIN SASL mechanism in the AS testsuite we realized a wrong SaslClient implementation is used. Instead of the Elytron one, the JDK provided one is used ({{com.sun.security.sasl.PlainClient}}). The Elytron client builds the AuthenticationContext and runs executed code in this way: {code:java} AuthenticationConfiguration authnCfg = AuthenticationConfiguration.EMPTY.allowSaslMechanisms(MECHANISM_PLAIN) .useName(USERNAME).usePassword("wrongPassword") .useProviders(() -> new Provider[] { new WildFlyElytronProvider() }); AuthenticationContext.empty().with(MatchRule.ALL, authnCfg).run(...) {code} It seems to be related to what's included on classpath. When we use the same code in [elytron-client-demo|https://github.com/jboss-security-qe/elytron-client-demo] the correct mechanism is used. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8644) LdapUrlInSearchBaseTestCase is failing due to WFNC-29

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFLY-8644?page=com.atlassian.jira.plugin.... ] Jan Kalina reassigned WFLY-8644: -------------------------------- Assignee: Jan Kalina > LdapUrlInSearchBaseTestCase is failing due to WFNC-29 > ----------------------------------------------------- > > Key: WFLY-8644 > URL: https://issues.jboss.org/browse/WFLY-8644 > Project: WildFly > Issue Type: Bug > Reporter: David Lloyd > Assignee: Jan Kalina > Fix For: 11.0.0.Beta1 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1579) Using salience with parallel agenda

by Tibor Zimányi (JIRA)

Tibor Zimányi created DROOLS-1579: ------------------------------------- Summary: Using salience with parallel agenda Key: DROOLS-1579 URL: https://issues.jboss.org/browse/DROOLS-1579 Project: Drools Issue Type: Enhancement Components: core engine Affects Versions: 7.0.0.Final Reporter: Tibor Zimányi Assignee: Mario Fusco Priority: Minor Using salience with parallel agenda is probably not feasible, because salience is ordering of rules and ordering introduces rule serialization. However we should discuss this more so we know 100% that there are no feasible solutions. One possible scenario could be to put all salienced rules (and relatives according to rete) to separate partition, which is handled by separate agenda and process this agenda before all other agendas. In such case these "other" agendas could be processed in parallel after the "salienced" agenda is processed. Other name for this feature could be "postponed partitioning". First process everything that cannot be partitioned and then process everything that is partitioned in parallel. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1479) Allow serialization of a session using the parallel engine

by Tibor Zimányi (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1479?page=com.atlassian.jira.plugi... ] Tibor Zimányi updated DROOLS-1479: ---------------------------------- Labels: parallel-agenda (was: ) > Allow serialization of a session using the parallel engine > ---------------------------------------------------------- > > Key: DROOLS-1479 > URL: https://issues.jboss.org/browse/DROOLS-1479 > Project: Drools > Issue Type: Enhancement > Reporter: Mario Fusco > Assignee: Mario Fusco > Labels: parallel-agenda > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1024) Rule engine parallelization

by Tibor Zimányi (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1024?page=com.atlassian.jira.plugi... ] Tibor Zimányi updated DROOLS-1024: ---------------------------------- Labels: parallel-agenda (was: ) > Rule engine parallelization > --------------------------- > > Key: DROOLS-1024 > URL: https://issues.jboss.org/browse/DROOLS-1024 > Project: Drools > Issue Type: Enhancement > Reporter: Mario Fusco > Assignee: Mario Fusco > Labels: parallel-agenda > Fix For: 7.0.0.Beta3 > > > Allow rules to be evaluated and fired in parallel -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1487) Parallel agenda cycles itself or throws NPE

by Tibor Zimányi (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1487?page=com.atlassian.jira.plugi... ] Tibor Zimányi updated DROOLS-1487: ---------------------------------- Labels: parallel-agenda reported-by-qe (was: reported-by-qe) > Parallel agenda cycles itself or throws NPE > ------------------------------------------- > > Key: DROOLS-1487 > URL: https://issues.jboss.org/browse/DROOLS-1487 > Project: Drools > Issue Type: Bug > Components: core engine > Affects Versions: 7.0.0.Beta7 > Reporter: Tibor Zimányi > Assignee: Mario Fusco > Labels: parallel-agenda, reported-by-qe > > Running AdvOperatorsExpertBenchmark benchmarks from our kie-benchmarks suite with parallel agenda option, the benchmark either cycles itself or throws NPE [1]. I created a "reproducer" here[2]. Be aware that this is failing nondeterministically, so with high probability it is a nasty race condition. > I tried to debug this a bit and this is the output of some variables that is available on this line [3]: > Returned fire count: 0 > Head: null > Group: AgendaGroup 'MAIN' > Group is auto deactivate: true > Limit reached: false > IsInternalFire: false > IsFiring: true > [1] http://pastebin.com/sjLjQwgX > [2] https://github.com/kiegroup/kie-benchmarks/pull/8/files > [3] https://github.com/kiegroup/drools/blob/3038a1b9287978069bcb2765dc684f696... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1496) Parallel agenda freezes when running fireUntilHalt on multiple KieSessions

by Tibor Zimányi (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1496?page=com.atlassian.jira.plugi... ] Tibor Zimányi updated DROOLS-1496: ---------------------------------- Labels: parallel-agenda (was: ) > Parallel agenda freezes when running fireUntilHalt on multiple KieSessions > -------------------------------------------------------------------------- > > Key: DROOLS-1496 > URL: https://issues.jboss.org/browse/DROOLS-1496 > Project: Drools > Issue Type: Bug > Components: core engine > Reporter: Jiri Petrlik > Assignee: Mario Fusco > Labels: parallel-agenda > Fix For: 7.0.0.Beta8 > > > Parallel agenda freezes when running in multiple KieSessions. Reproducer is in "testMultipleParallelKieSessionsFireUntilHalt" test from https://github.com/kiegroup/drools/pull/1164/commits/b3d8edee350b4e05101f... > Reproducer does the following steps: > # Create kie base. > # Run 5 separate threads. > # Each thread creates its own kie session with parallel agenda enabled. > # Run fire until halt on its own kie session. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1494) Problems with parallel agenda

by Tibor Zimányi (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1494?page=com.atlassian.jira.plugi... ] Tibor Zimányi updated DROOLS-1494: ---------------------------------- Labels: parallel-agenda reported-by-qe (was: reported-by-qe) > Problems with parallel agenda > ----------------------------- > > Key: DROOLS-1494 > URL: https://issues.jboss.org/browse/DROOLS-1494 > Project: Drools > Issue Type: Bug > Components: core engine > Affects Versions: 7.0.0.Beta7 > Reporter: Tibor Zimányi > Assignee: Mario Fusco > Labels: parallel-agenda, reported-by-qe > Fix For: 7.0.0.Beta8 > > > From doc [1] there can be seen that four benchmarks show problems when run with parallel agenda enabled. > Benchmarks _AdvOperators3ExpertBenchmark_ and _RetractFactsFromWmExpertBenchmark_ > falled back to single threaded agenda although they doesn't use features that aren't supported with parallel agenda (e.g. like salience). > Benchmarks StartsStartedbyFusionBenchmark and UpdateFactsInWmExpertBenchmark shows no gain when using parallel agenda although they contain more partitions. > I created runners for debugging here [2], so the benchmarks can be debugged outside of JMH. They are part of master branch in kie-benchmarks, so just pull of new changes is sufficient to get them. > [1] https://docs.google.com/a/redhat.com/spreadsheets/d/1hp5lLcmox_NFEUsqNSNZ... > [2] https://github.com/kiegroup/kie-benchmarks/commit/887f758931b02d096f1e870... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1495) Partition also ObjectTypeNodes when using parallel agenda

by Tibor Zimányi (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1495?page=com.atlassian.jira.plugi... ] Tibor Zimányi updated DROOLS-1495: ---------------------------------- Labels: parallel-agenda reported-by-qe (was: reported-by-qe) > Partition also ObjectTypeNodes when using parallel agenda > --------------------------------------------------------- > > Key: DROOLS-1495 > URL: https://issues.jboss.org/browse/DROOLS-1495 > Project: Drools > Issue Type: Enhancement > Components: core engine > Affects Versions: 7.0.0.Beta7 > Reporter: Tibor Zimányi > Assignee: Mario Fusco > Priority: Minor > Labels: parallel-agenda, reported-by-qe > > Currently we don't parallelize ObjectTypeNodes. They are part of MAIN partition. The parallelization starts then after OTNs. This limitation doesn't introduce performance gains for scenarios, where only one partition is after each OTN. The better approach would be to have the Rete network partitioned right from Entry Point. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2017