June 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2853) Referral mode 'throw' for searching groups in legacy LDAP realm causes NPE

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2853?page=com.atlassian.jira.plugi... ] Brian Stansberry reassigned WFCORE-2853: ---------------------------------------- Assignee: (was: Brian Stansberry) > Referral mode 'throw' for searching groups in legacy LDAP realm causes NPE > -------------------------------------------------------------------------- > > Key: WFCORE-2853 > URL: https://issues.jboss.org/browse/WFCORE-2853 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Affects Versions: 3.0.0.Beta21 > Reporter: Ondrej Lukas > > When referral mode 'throw' is configured for LDAP outbound connection which is used by legacy LDAP security realm and its groups are assigned through principal-to-group LDAP authorization then it finishes with NPE. It causes that Management Console returns status 500 when referral mode 'throw' is used for group searching user includes referral role. > It can be reproduced by using configuration from [1] with referral mode 'throw'. > Thrown exception on trace level: > {code} > TRACE [org.wildfly.security] (management task-1) BASIC: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException > at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:176) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100) > at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: org.wildfly.security.http.HttpAuthenticationException: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException > at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:98) > at org.wildfly.security.http.impl.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:154) > ... 12 more > Caused by: org.wildfly.security.auth.server.RealmUnavailableException: java.io.IOException: java.lang.NullPointerException > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:336) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getAuthorizationIdentity(LdapSubjectSupplementalService.java:319) > at org.wildfly.security.auth.realm.AggregateSecurityRealm$Identity.getAuthorizationIdentity(AggregateSecurityRealm.java:157) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:1797) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:1826) > at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:477) > at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:472) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:757) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:735) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) > at org.wildfly.security.http.impl.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:92) > ... 13 more > Caused by: java.io.IOException: java.lang.NullPointerException > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:203) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$SecurityRealmImpl$RealmIdentityImpl.getGroups(LdapSubjectSupplementalService.java:334) > ... 23 more > Caused by: java.lang.NullPointerException > at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:315) > at org.jboss.as.domain.management.security.LdapGroupSearcherFactory$PrincipalToGroupSearcher.search(LdapGroupSearcherFactory.java:221) > at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroupEntries(LdapSubjectSupplementalService.java:250) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:227) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:220) > at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapGroupSearcher.loadGroups(LdapSubjectSupplementalService.java:194) > ... 24 more > {code} > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1417272#c1 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1256) Make SPNEGO mechanism fail quickly.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1256?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1256: ---------------------------------- Fix Version/s: 1.1.0.Beta54 > Make SPNEGO mechanism fail quickly. > ----------------------------------- > > Key: ELY-1256 > URL: https://issues.jboss.org/browse/ELY-1256 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Affects Versions: 1.1.0.Beta53 > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 1.1.0.Beta54 > > > Intention on legacy security realm is tracked by JBEAP-8563: > * If this is the only mechanism enabled then 500 is the correct status code > * however if a fallback mechanism was also enabled then that mechanism should be able to challenge with a HTTP 401 status code. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8970) Drop UndertowDefaultConfigUpgradeTestCase

by Brian Stansberry (JIRA)

Brian Stansberry created WFLY-8970: -------------------------------------- Summary: Drop UndertowDefaultConfigUpgradeTestCase Key: WFLY-8970 URL: https://issues.jboss.org/browse/WFLY-8970 Project: WildFly Issue Type: Task Components: Web (Undertow) Reporter: Brian Stansberry Assignee: Brian Stansberry UndertowDefaultConfigUpgradeTestCase tests that if we parse and marshal a particular undertow subsystem config file using the WildFly 8 xsd (file presumably matching what we shipped in our standard WildFly 8 config) that the marshaled output will match a config file that uses the current xsd. This won't work once WFCORE-2704 is fixed because the old config file includes default values (which should be marshaled since they are in the config) while the new file does not. It's basically a bug that parsing these two documents results in the same marshaled output. This test doesn't serve any purpose any more (we've long since established that a WF 8 config can works in WF 8.1, when the schema changed a lot) and keeping it around is blocking the important WFCORE-2704 fix. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8971) Drop UndertowDefaultConfigUpgradeTestCase

by Brian Stansberry (JIRA)

Brian Stansberry created WFLY-8971: -------------------------------------- Summary: Drop UndertowDefaultConfigUpgradeTestCase Key: WFLY-8971 URL: https://issues.jboss.org/browse/WFLY-8971 Project: WildFly Issue Type: Task Components: Web (Undertow) Reporter: Brian Stansberry Assignee: Brian Stansberry UndertowDefaultConfigUpgradeTestCase tests that if we parse and marshal a particular undertow subsystem config file using the WildFly 8 xsd (file presumably matching what we shipped in our standard WildFly 8 config) that the marshaled output will match a config file that uses the current xsd. This won't work once WFCORE-2704 is fixed because the old config file includes default values (which should be marshaled since they are in the config) while the new file does not. It's basically a bug that parsing these two documents results in the same marshaled output. This test doesn't serve any purpose any more (we've long since established that a WF 8 config can works in WF 8.1, when the schema changed a lot) and keeping it around is blocking the important WFCORE-2704 fix. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1623) Inappropriate "Missing Header" DecisionTableParseException

by Edson Tirelli (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1623?page=com.atlassian.jira.plugi... ] Edson Tirelli reassigned DROOLS-1623: ------------------------------------- Assignee: Mario Fusco (was: Edson Tirelli) > Inappropriate "Missing Header" DecisionTableParseException > ---------------------------------------------------------- > > Key: DROOLS-1623 > URL: https://issues.jboss.org/browse/DROOLS-1623 > Project: Drools > Issue Type: Bug > Reporter: Christian Lowe > Assignee: Mario Fusco > > Introduced in [this commit|https://github.com/kiegroup/drools/commit/0bd98541b3177bdc7d0e1f5f...], > A condition in the "when" section of a drt file, which begins with the word package, such as: > {code:mvel} > $box: Box ( > packageName == $productPackageName, > ) > {code} > ... will cause an error: > {code:java} > org.drools.template.parser.DecisionTableParseException: Missing header > at org.drools.template.parser.DefaultTemplateContainer.parseTemplate(DefaultTemplateContainer.java:127) > ....... > {code} > Previously, the parsing logic would only look for unindented keywords. Now, DefaultTemplateContainer will trim the line, see that it starts with the word "package," and error out. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1623) Inappropriate "Missing Header" DecisionTableParseException

by Christian Lowe (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1623?page=com.atlassian.jira.plugi... ] Christian Lowe updated DROOLS-1623: ----------------------------------- Description: Introduced in [this commit|https://github.com/kiegroup/drools/commit/0bd98541b3177bdc7d0e1f5f...], A condition in the "when" section of a drt file, which begins with the word package, such as: {code:mvel} $box: Box ( packageName == $productPackageName, ) {code} ... will cause an error: {code:java} org.drools.template.parser.DecisionTableParseException: Missing header at org.drools.template.parser.DefaultTemplateContainer.parseTemplate(DefaultTemplateContainer.java:127) ....... {code} Previously, the parsing logic would only look for unindented keywords. Now, DefaultTemplateContainer will trim the line, see that it starts with the word "package," and error out. was: Introduced in commit ___, A condition in the "when" section of a drt file, which begins with the word package, such as: {code:mvel} $box: Box ( packageName == $productPackageName, ) {code} ... will cause an error: {code:java} org.drools.template.parser.DecisionTableParseException: Missing header at org.drools.template.parser.DefaultTemplateContainer.parseTemplate(DefaultTemplateContainer.java:127) ....... {code} > Inappropriate "Missing Header" DecisionTableParseException > ---------------------------------------------------------- > > Key: DROOLS-1623 > URL: https://issues.jboss.org/browse/DROOLS-1623 > Project: Drools > Issue Type: Bug > Reporter: Christian Lowe > Assignee: Edson Tirelli > > Introduced in [this commit|https://github.com/kiegroup/drools/commit/0bd98541b3177bdc7d0e1f5f...], > A condition in the "when" section of a drt file, which begins with the word package, such as: > {code:mvel} > $box: Box ( > packageName == $productPackageName, > ) > {code} > ... will cause an error: > {code:java} > org.drools.template.parser.DecisionTableParseException: Missing header > at org.drools.template.parser.DefaultTemplateContainer.parseTemplate(DefaultTemplateContainer.java:127) > ....... > {code} > Previously, the parsing logic would only look for unindented keywords. Now, DefaultTemplateContainer will trim the line, see that it starts with the word "package," and error out. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1256) Elytron, be consistent with legacy for misconfigured kerberos authentication of http management interface

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1256?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse moved JBEAP-11700 to ELY-1256: ----------------------------------------------- Project: WildFly Elytron (was: JBoss Enterprise Application Platform) Key: ELY-1256 (was: JBEAP-11700) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: HTTP (was: Security) Affects Version/s: 1.1.0.Beta53 (was: 7.1.0.DR15) > Elytron, be consistent with legacy for misconfigured kerberos authentication of http management interface > --------------------------------------------------------------------------------------------------------- > > Key: ELY-1256 > URL: https://issues.jboss.org/browse/ELY-1256 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Affects Versions: 1.1.0.Beta53 > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > > Intention on legacy security realm is tracked by JBEAP-8563: > * If this is the only mechanism enabled then 500 is the correct status code > * however if a fallback mechanism was also enabled then that mechanism should be able to challenge with a HTTP 401 status code. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1623) Inappropriate "Missing Header" DecisionTableParseException

by Christian Lowe (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1623?page=com.atlassian.jira.plugi... ] Christian Lowe updated DROOLS-1623: ----------------------------------- Description: Introduced in commit ___, A condition in the "when" section of a drt file, which begins with the word package, such as: {code:mvel} $box: Box ( packageName == $productPackageName, ) {code} ... will cause an error: {code:java} org.drools.template.parser.DecisionTableParseException: Missing header at org.drools.template.parser.DefaultTemplateContainer.parseTemplate(DefaultTemplateContainer.java:127) ....... {code} was: Introduced in commit ___, $box: Box ( packageName == $productPackageName, ) > Inappropriate "Missing Header" DecisionTableParseException > ---------------------------------------------------------- > > Key: DROOLS-1623 > URL: https://issues.jboss.org/browse/DROOLS-1623 > Project: Drools > Issue Type: Bug > Reporter: Christian Lowe > Assignee: Edson Tirelli > > Introduced in commit ___, > A condition in the "when" section of a drt file, which begins with the word package, such as: > {code:mvel} > $box: Box ( > packageName == $productPackageName, > ) > {code} > ... will cause an error: > {code:java} > org.drools.template.parser.DecisionTableParseException: Missing header > at org.drools.template.parser.DefaultTemplateContainer.parseTemplate(DefaultTemplateContainer.java:127) > ....... > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1256) Make SPNEGO mechanism fail quickly.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1256?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1256: ---------------------------------- Summary: Make SPNEGO mechanism fail quickly. (was: Elytron, be consistent with legacy for misconfigured kerberos authentication of http management interface) > Make SPNEGO mechanism fail quickly. > ----------------------------------- > > Key: ELY-1256 > URL: https://issues.jboss.org/browse/ELY-1256 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Affects Versions: 1.1.0.Beta53 > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > > Intention on legacy security realm is tracked by JBEAP-8563: > * If this is the only mechanism enabled then 500 is the correct status code > * however if a fallback mechanism was also enabled then that mechanism should be able to challenge with a HTTP 401 status code. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1623) Inappropriate "Missing Header" DecisionTableParseException

by Christian Lowe (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1623?page=com.atlassian.jira.plugi... ] Christian Lowe updated DROOLS-1623: ----------------------------------- Description: Introduced in commit ___, $box: Box ( packageName == $productPackageName, ) > Inappropriate "Missing Header" DecisionTableParseException > ---------------------------------------------------------- > > Key: DROOLS-1623 > URL: https://issues.jboss.org/browse/DROOLS-1623 > Project: Drools > Issue Type: Bug > Reporter: Christian Lowe > Assignee: Edson Tirelli > > Introduced in commit ___, > $box: Box ( > packageName == $productPackageName, > ) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira June 2017