[JBoss JIRA] (ELY-1263) Coverity, Dereference null return value (PeriodicRotatingFileAuditEndpoint)
by Yeray Borges (JIRA)
[ https://issues.jboss.org/browse/ELY-1263?page=com.atlassian.jira.plugin.s... ]
Yeray Borges reassigned ELY-1263:
---------------------------------
Assignee: Yeray Borges (was: Darran Lofthouse)
> Coverity, Dereference null return value (PeriodicRotatingFileAuditEndpoint)
> ---------------------------------------------------------------------------
>
> Key: ELY-1263
> URL: https://issues.jboss.org/browse/ELY-1263
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Martin Choma
> Assignee: Yeray Borges
>
> Coverity found potential dereference of null object , because {{file.getParentFile()}} can return null in some circumstances.
>
> {code:java|title=PeriodicRotatingFileAuditEndpoint.java}
> @Override
> protected void preWrite(Instant instant) {
> final long recordMillis = instant.toEpochMilli();
> if (recordMillis >= nextRollover) {
> try {
> final File file = getFile();
> if (file == null) {
> // no file is set; a direct output stream or writer was specified
> return;
> }
> closeStreams(); // close the original file (some OSes won't let you move/rename a file that is open)
> final Path target = file.getParentFile().toPath().resolve(file.getName() + nextSuffix);
> Files.move(file.toPath(), target, StandardCopyOption.REPLACE_EXISTING);
> setFile(file);
> } catch (IOException e) {
> audit.unableToRotateLogFile(e);
> }
> calcNextRollover(recordMillis);
> }
> }
> {code}
> https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=25046...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years
[JBoss JIRA] (WFLY-8998) [GSS](7.0.z) @RunAsIdentity should cause authentication part to be skipped
by Jörg Bäsner (JIRA)
Jörg Bäsner created WFLY-8998:
---------------------------------
Summary: [GSS](7.0.z) @RunAsIdentity should cause authentication part to be skipped
Key: WFLY-8998
URL: https://issues.jboss.org/browse/WFLY-8998
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 11.0.0.Alpha1
Reporter: Jörg Bäsner
Assignee: Darran Lofthouse
The issue [WFLY-140|https://issues.jboss.org/browse/WFLY-140] introduced a change in behavior.
Before this change, the SecurityContextInterceptor would just invoke the push() method on SimpleSecurityManager and that method would internally create a new security context and authenticate the incoming principal if needed. In that implementation the presence of a RunAsIdentity would cause authentication part to be skipped.
With the changes in the above issue, the security context establishment and the authentication parts were separated and while push() still checks for a RunAsIdentity, the authenticate() implementation does not, which ends up triggering the authentication process even if a RunAsIdentity is available. There is another check in place to avoid authentication if a valid authenticated subject already exists and the security domains match but this should also be the case if the security domains do not match.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years
[JBoss JIRA] (WFLY-8997) @RunAsIdentity should cause authentication part to be skipped
by Jörg Bäsner (JIRA)
Jörg Bäsner created WFLY-8997:
---------------------------------
Summary: @RunAsIdentity should cause authentication part to be skipped
Key: WFLY-8997
URL: https://issues.jboss.org/browse/WFLY-8997
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 11.0.0.Alpha1
Reporter: Jörg Bäsner
Assignee: Darran Lofthouse
The issue [WFLY-140|https://issues.jboss.org/browse/WFLY-140] introduced a change in behavior.
Before this change, the SecurityContextInterceptor would just invoke the push() method on SimpleSecurityManager and that method would internally create a new security context and authenticate the incoming principal if needed. In that implementation the presence of a RunAsIdentity would cause authentication part to be skipped.
With the changes in the above issue, the security context establishment and the authentication parts were separated and while push() still checks for a RunAsIdentity, the authenticate() implementation does not, which ends up triggering the authentication process even if a RunAsIdentity is available. There is another check in place to avoid authentication if a valid authenticated subject already exists and the security domains match but this should also be the case if the security domains do not match.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years
[JBoss JIRA] (JGRP-2172) Non-blocking flow control
by Bela Ban (JIRA)
[ https://issues.jboss.org/browse/JGRP-2172?page=com.atlassian.jira.plugin.... ]
Bela Ban resolved JGRP-2172.
----------------------------
Resolution: Done
> Non-blocking flow control
> -------------------------
>
> Key: JGRP-2172
> URL: https://issues.jboss.org/browse/JGRP-2172
> Project: JGroups
> Issue Type: Feature Request
> Reporter: Bela Ban
> Assignee: Bela Ban
> Fix For: 4.0.4
>
>
> Sending a message through FlowControl (UFC, MFC) should not block if {{Message.Flag.NB_FC}} (non-blocking flow control) is set.
> Instead, the message should be added to a queue (bounded if {{max_size}} > 0, else unbounded). The max queue size is given in bytes, so we can estimate what the memory penalty for reaching that size would be (if bounded).
> The queued messages are sent when credits arrive. TBD: when credits arrive, should blocked threads or queued messages be released first?
> Non-blocking flow control can be used by both external and internal threads.
> If the queue is unbounded, then it is the responsibility of the application (e.g. Infinispan) to make sure the queue doesn't grow to an untenable size.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years