June 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (DROOLS-1620) Unmarshalling <text> DMN elements containing CDATA fails on IBM JDK

by Edson Tirelli (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1620?page=com.atlassian.jira.plugi... ] Edson Tirelli reassigned DROOLS-1620: ------------------------------------- Assignee: Matteo Mortari (was: Edson Tirelli) > Unmarshalling <text> DMN elements containing CDATA fails on IBM JDK > ------------------------------------------------------------------- > > Key: DROOLS-1620 > URL: https://issues.jboss.org/browse/DROOLS-1620 > Project: Drools > Issue Type: Bug > Components: dmn engine > Affects Versions: 7.0.0.Final > Reporter: Tibor Zimányi > Assignee: Matteo Mortari > Labels: reported-by-qe > Fix For: 7.1.0.Final > > > When running test UnmarshalMarshalTest.testDish() on IBM JDK, the test fails with following output [1]. Unmarshall call here [2] produces UnaryTests with empty _text_ attributes, so whole CDATA content is ignored during unmarshalling. > [1] https://gist.github.com/baldimir/e65a8755aeebef17508788213676fcb2 > [2] https://github.com/kiegroup/drools/blob/158ae2f284f080f75016fedc2f8426568... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1622) NPE when compiling DMN file from test DMNRuntimeTest.testNoPrefix on IBM JDK

by Tibor Zimányi (JIRA)

Tibor Zimányi created DROOLS-1622: ------------------------------------- Summary: NPE when compiling DMN file from test DMNRuntimeTest.testNoPrefix on IBM JDK Key: DROOLS-1622 URL: https://issues.jboss.org/browse/DROOLS-1622 Project: Drools Issue Type: Bug Components: dmn engine Affects Versions: 7.0.0.Final Reporter: Tibor Zimányi Assignee: Edson Tirelli Fix For: 7.1.0.Final When running test [1] on IBM JDK, the test fails with this output [2]. [1] https://github.com/kiegroup/drools/blob/32822e243a237cf26f26830a895035b97... [2] https://gist.github.com/baldimir/969bd8f72665ff0e4244350abaed1ef4 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8968) Protocol stack for fork channel is missing defined fork protocols

by Paul Ferraro (JIRA)

[ https://issues.jboss.org/browse/WFLY-8968?page=com.atlassian.jira.plugin.... ] Paul Ferraro moved JBEAP-11699 to WFLY-8968: -------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-8968 (was: JBEAP-11699) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Clustering (was: Clustering) Affects Version/s: 11.0.0.Alpha1 (was: 7.1.0.ER1) > Protocol stack for fork channel is missing defined fork protocols > ----------------------------------------------------------------- > > Key: WFLY-8968 > URL: https://issues.jboss.org/browse/WFLY-8968 > Project: WildFly > Issue Type: Bug > Components: Clustering > Affects Versions: 11.0.0.Alpha1 > Reporter: Paul Ferraro > Assignee: Paul Ferraro > Priority: Critical > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1247) Elytron client configuration file throws ConfigXMLParseException when hashed-password is used

by Pedro Igor (JIRA)

[ https://issues.jboss.org/browse/ELY-1247?page=com.atlassian.jira.plugin.s... ] Pedro Igor reassigned ELY-1247: ------------------------------- Assignee: Pedro Igor (was: Darran Lofthouse) > Elytron client configuration file throws ConfigXMLParseException when hashed-password is used > --------------------------------------------------------------------------------------------- > > Key: ELY-1247 > URL: https://issues.jboss.org/browse/ELY-1247 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta52 > Reporter: Ondrej Lukas > Assignee: Pedro Igor > Priority: Blocker > > When Elytron client configuration file includes {{configuration.authentication-client.authentication-configurations.configuration.credentials.hashed-password}} element then ConfigXMLParseException is thrown during parsing of configuration file. > For following configuration file: > {code} > <configuration> > <authentication-client xmlns="urn:elytron:1.0"> > <authentication-rules> > <rule use-configuration="auth-config"/> > </authentication-rules> > <authentication-configurations> > <configuration name="auth-config"> > <sasl-mechanism-selector selector="DIGEST-MD5"/> > <set-user-name name="user"/> > <credentials> > <hashed-password algorithm="simple-digest-md5" hash="cGFzc3dvcmQ="/> > </credentials> > </configuration> > </authentication-configurations> > </authentication-client> > </configuration> > {code} > following exception is thrown: > {code} > org.wildfly.client.config.ConfigXMLParseException: CONF0005: Unexpected element "authentication-client" in namespace "urn:elytron:1.0" encountered > at vfs:/content/wildfly-config-xml.war/META-INF/wildfly-config.xml:15:5 > at org.wildfly.client.config.ConfigurationXMLStreamReader.unexpectedElement(ConfigurationXMLStreamReader.java:245) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:197) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:146) > at com.redhat.eap.qe.elytron.authnctx.WildflyConfigXmlServlet.parseAndCreateAuthenticationClientConfiguration(WildflyConfigXmlServlet.java:120) > ... 41 more > {code} > When {{hashed-password}} is changed to {{clear-password}}: > {code} > <clear-password password="password"/> > {code} > then it is parsed correctly. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1248) Elytron client configuration file throws ConfigXMLParseException when crypt-password is used

by Pedro Igor (JIRA)

[ https://issues.jboss.org/browse/ELY-1248?page=com.atlassian.jira.plugin.s... ] Pedro Igor reassigned ELY-1248: ------------------------------- Assignee: Pedro Igor (was: Darran Lofthouse) > Elytron client configuration file throws ConfigXMLParseException when crypt-password is used > -------------------------------------------------------------------------------------------- > > Key: ELY-1248 > URL: https://issues.jboss.org/browse/ELY-1248 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta52 > Reporter: Ondrej Lukas > Assignee: Pedro Igor > Priority: Blocker > > When Elytron client configuration file includes {{configuration.authentication-client.authentication-configurations.configuration.credentials.crypt-password}} element then ConfigXMLParseException is thrown during parsing of configuration file. It seems it is caused by {{$}} char in crypt value. It does not work even if this symbol is escaped. > For following configuration file: > {code} > <configuration> > <authentication-client xmlns="urn:elytron:1.0"> > <authentication-rules> > <rule use-configuration="default"/> > </authentication-rules> > <authentication-configurations> > <configuration name="default"> > <sasl-mechanism-selector selector="DIGEST-MD5"/> > <credentials> > <crypt-password crypt="$1$somesalt$W.KCTbPSiFDGffAGOjcBc."/> > </credentials> > </configuration> > </authentication-configurations> > </authentication-client> > </configuration> > {code} > following exception is thrown: > {code} > org.wildfly.client.config.ConfigXMLParseException: CONF0020: Failed to parse expression value of attribute "crypt" > at org.wildfly.common.expression.Expression.invalidExpressionSyntax(Expression.java:659) > at org.wildfly.common.expression.Expression.parseString(Expression.java:509) > at org.wildfly.common.expression.Expression.compile(Expression.java:203) > at org.wildfly.common.expression.Expression.compile(Expression.java:183) > at org.wildfly.client.config.ConfigurationXMLStreamReader.getExpressionAttributeValue(ConfigurationXMLStreamReader.java:683) > at org.wildfly.client.config.ConfigurationXMLStreamReader.getAttributeValueResolved(ConfigurationXMLStreamReader.java:330) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$requireSingleAttribute$44(ElytronXmlParser.java:2361) > at org.wildfly.security.auth.client.ElytronXmlParser.requireSingleAttribute(ElytronXmlParser.java:2380) > at org.wildfly.security.auth.client.ElytronXmlParser.requireSingleAttribute(ElytronXmlParser.java:2361) > at org.wildfly.security.auth.client.ElytronXmlParser.parseCryptPassword(ElytronXmlParser.java:1059) > at org.wildfly.security.auth.client.ElytronXmlParser.parseCredentialsType(ElytronXmlParser.java:951) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationConfigurationType(ElytronXmlParser.java:714) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationConfigurationsType(ElytronXmlParser.java:341) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:273) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:185) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:164) > ... > {code} > It does not work even if dollar sign is escaped: > {code} > <crypt-password crypt="\$1\$somesalt\$W.KCTbPSiFDGffAGOjcBc."/> > {code} > Value of crypt was created in the same way as in UnixMD5CryptUtilTest [1]. > [1] https://github.com/wildfly-security/wildfly-elytron/blob/371c1334fde7527d... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1255) Elytron client configuration file throws ConfigXMLParseException when credential certificate is used

by Pedro Igor (JIRA)

[ https://issues.jboss.org/browse/ELY-1255?page=com.atlassian.jira.plugin.s... ] Pedro Igor reassigned ELY-1255: ------------------------------- Assignee: Pedro Igor (was: Darran Lofthouse) > Elytron client configuration file throws ConfigXMLParseException when credential certificate is used > ---------------------------------------------------------------------------------------------------- > > Key: ELY-1255 > URL: https://issues.jboss.org/browse/ELY-1255 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta52 > Reporter: Ondrej Lukas > Assignee: Pedro Igor > Priority: Blocker > > When Elytron client configuration file includes configuration.authentication-client.authentication-configurations.configuration.credentials.certificate element then ConfigXMLParseException is thrown during parsing of configuration file. > For following configuration file: > {code} > <configuration> > <authentication-client xmlns="urn:elytron:1.0"> > <authentication-rules> > <rule use-configuration="default"/> > </authentication-rules> > <authentication-configurations> > <configuration name="default"> > <sasl-mechanism-selector selector="PLAIN"/> > <credentials> > <certificate> > <private-key-pem> > -----BEGIN ENCRYPTED PRIVATE KEY----- > MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI/UbK4uSM+lICAggA > MBQGCCqGSIb3DQMHBAjqSiGAFsiVUwSCBMg1UIOetO6ZNmBehx3pzNVqefIYE6wc > 5roz1Yz0ZLroq9zFn8kGGe65XlZRD8jO7+pYgglHwII0s05P2YPRx8boHgNvf/de > cYmPXOuT2W7obUQTRlM0TzJpjP+74cwmxeM0L/mvhRlQKgkHyFzIj3f0lJxlrCS5 > FiN8xM7YuDZ+nZwSil6pF+bCO/V/TAEsuR15eG2UHZuMeFgL9xez7ZPJPKDyeXIo > deMz2sv63keJ6nIEAxq46+m53HKFcOs3kCCa/M2LQg0uxxA3YyjLiVu8U0k/ox7L > rQ3XVBA11oBSUM9+vFl9CMW/7do/5niL3JNrz+e1FpG6ViG2MT+3+na7YfN+7ffp > FUSblMFR9Px00uBfqVHufCzKotNX0VqbEGGCE40i1Tpq5ZWCob4R6/42zW+BctJO > ZxUeiJJaXAoccvJiZRraicte6OpDMWZXPIKMR+FIc1YXuWYv3BHHhfZKhLm8tuxb > eSNE8vRR/exfV1z+YoZ0nvwOhpBOK7yQl9iqOy+eQ7e7h85yv15XFX2cOjPgY4bO > M3wN6H41K5eUock6UYaKLY2qzVlyI0rwV1aYnnrGeA5gHkfAFdPNpxm7+ejUAi2z > am117gT3NXKCLq0SsV55wjonAcN9ghN8X46tWZIO0chlNpVOHZSUz/NtavOrmZwZ > UcFajPKvoT3V7t8hGD1Tg1AdChahlIjT5dzDQBaHtJLbz7qPljHuAvvZR/bapTdW > 97zMxp3zRQbyHqPmu6BFUASgXHnKLY6Cu1a0w+AhVaemWLLVeHMweWlLsLAHxSo4 > qkqIkn8rMr9V92/nVaE6fEnmplnWTI3VY3t0vzI5gztwq7Q0ChlAttgG+BMpYOps > 4H7dO55iz7hZFdYrZlEXBON6VTfQFhnUPuuJHHBRK1E/GEvoA6whRV7bLSrgvtEW > 6AgFLgb8FWt9mWvf15PAptcvN/AxHGM2ymPyXqh32a+rvfPjdPgFIaCtEQmuGyoV > NpEwg+iV7TAnEzQ1u0BcOPKr+dKKrkGzahT1Mj1ZFLG0M2J60Hv4oItMXMwvb7vq > nnubuLwkI8dWdVgmNXIU415i546VoeRuMXY2F7hLEHUKAahcDy5PnmrEj34IVW0w > qodBW+MeykUA9O+WndUoLI5bTnsGXNS/vZ17LwwcaGyrj2M8bTkqCMvdx8HXGnJ2 > hNN+INazIbIq7FBcQZfEHH1uJsDKy5Niqk3uKysfByyPzehcY6QxseJgqztIRqLR > HDeymrgOn5k8HRgA4ePKOQwQe2r2vY+3ExydvL7irHMgD7EaSnUIE8KK1Aq39mQz > ZVWigJGII05HGk/vOQP4s804hjkyS8X+CNXpMzi/2bgmzKp4aPCS1yyx2m+8eP7B > Qs5h9YxqUh24HC7EGNkx31M4OuL1h1CmkT7uk9uCOREuRnhxClLvTL1Pu8f8OjbN > jd2W1c/X7spOsvBg7OMD8aBpxI7qWSSWwIe5dsbNbCCDeHkZpJ4GDqxtLLv4+tEO > XozNTlPhyF0eURRzrVyEL8C5OaSGLEfo3kFCJdS7eQX2TyttILOV9plP4YaFUw91 > DOZj1vjPVgRJSAr98/UlzE23yGfB1gUG/kUG2+HPgu2jS5TE7Mlsk6Wy5Q+3Ga+b > wD4= > -----END ENCRYPTED PRIVATE KEY----- > </private-key-pem> > <pem> > -----BEGIN CERTIFICATE----- > MIIDWTCCAkGgAwIBAgIEQFuxgzANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJD > WjEXMBUGA1UEBxMOQ3plY2ggUmVwdWJsaWMxDzANBgNVBAsTBkVBUCBRRTEQMA4G > A1UEChMHUmVkIEhhdDERMA8GA1UEAxMIY2xpZW50RG4wIBcNMTcwNjIwMDYxMzU5 > WhgPMjIxNzA1MDMwNjEzNTlaMFwxCzAJBgNVBAYTAkNaMRcwFQYDVQQHEw5DemVj > aCBSZXB1YmxpYzEPMA0GA1UECxMGRUFQIFFFMRAwDgYDVQQKEwdSZWQgSGF0MREw > DwYDVQQDEwhjbGllbnREbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB > AJsXwctr7ckEMiLtsyXaFiSaB03F5z5fVzyg89WMxqWMhfRPitDIFBGN8t3/fEML > s5I3g1dlQDwtVl9AlwHDLfwxFdLZIuDodRr6KzcTrbavDSRczGMCF+ntPo6KBBL1 > /UZLUW5y332bi7Tkc87NYN9zJ+3307fHrxGmCyeF6as7s/+uKJ0gY4JVjS/9XXec > K8gtlye/AbBZyJhpPiM71aoQy+LecYdSB/cRBQII0XGtsusguCFGnSSA80J79TLP > THaJG0trarktvORvnmNQz45Atxhpr9shv4xkbNWHR+qAiFO9N1w7uVFZOZUWEb9/ > bQEFlSo0LtMPgLomKGvg8/0CAwEAAaMhMB8wHQYDVR0OBBYEFO01U/yTywCdzOUl > hZmElDjVVcZXMA0GCSqGSIb3DQEBCwUAA4IBAQAEy+IphU7QjlWgn2kkKI6RAX6p > LAWGUlbNnfw7V131of9qz9lctRnFWazbuych/i5/oCvBj+0gyf6+PvpsfB7qlZwH > 3H+jMNNoCrMp5MutLe9SYcfmvYkYGym77K4e8BiuDlfw3whE4B274nD99Y+e9CcY > FuUx3yepXY9FDo58mE05zLSXhn31uIulnUGbL1iDB1yeCFG/6J7z+AkCBPKzbgFX > 3UZid9MUn45RDf8BlP6zG+px/cE2XlaZa+0LGSH9vvvVykD18cthsLHe71Q+Y2hC > vWvHG8wdujBxWg7A+H38x48i0PR6lNTsjEgTZbUgYM/SQtKvX2gNaR3z2YPU > -----END CERTIFICATE----- > </pem> > </certificate> > </credentials> > <providers> > <use-service-loader/> > </providers> > </configuration> > </authentication-configurations> > </authentication-client> > </configuration> > {code} > following exception is thrown: > {code} > org.wildfly.client.config.ConfigXMLParseException: parser must be on START_ELEMENT to read next text > at file:/path/to/some/wildfly-config.xml:13:89 > at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:40) > at java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.<clinit>(DefaultAuthenticationContextProvider.java:36) > ... 16 more > Caused by: org.wildfly.client.config.ConfigXMLParseException: parser must be on START_ELEMENT to read next text > at file:/path/to/some/wildfly-config.xml:13:89 > at com.sun.org.apache.xerces.internal.impl.XMLStreamReaderImpl.getElementText(XMLStreamReaderImpl.java:835) > at org.wildfly.client.config.BasicXMLStreamReader.getElementText(BasicXMLStreamReader.java:87) > at org.wildfly.client.config.AbstractDelegatingXMLStreamReader.getElementText(AbstractDelegatingXMLStreamReader.java:80) > at org.wildfly.client.config.AbstractDelegatingXMLStreamReader.getElementText(AbstractDelegatingXMLStreamReader.java:80) > at org.wildfly.security.auth.client.ElytronXmlParser.parsePem(ElytronXmlParser.java:1169) > at org.wildfly.security.auth.client.ElytronXmlParser.parseCertificateType(ElytronXmlParser.java:1116) > at org.wildfly.security.auth.client.ElytronXmlParser.parseCredentialsType(ElytronXmlParser.java:961) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationConfigurationType(ElytronXmlParser.java:714) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationConfigurationsType(ElytronXmlParser.java:341) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:273) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:185) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:146) > at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38) > ... 18 more > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1254) Elytron client configuration file throws ConfigXMLParseException when credential key-store-reference is used

by Pedro Igor (JIRA)

[ https://issues.jboss.org/browse/ELY-1254?page=com.atlassian.jira.plugin.s... ] Pedro Igor reassigned ELY-1254: ------------------------------- Assignee: Pedro Igor (was: Darran Lofthouse) > Elytron client configuration file throws ConfigXMLParseException when credential key-store-reference is used > ------------------------------------------------------------------------------------------------------------ > > Key: ELY-1254 > URL: https://issues.jboss.org/browse/ELY-1254 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta52 > Reporter: Ondrej Lukas > Assignee: Pedro Igor > Priority: Blocker > > When Elytron client configuration file includes configuration.authentication-client.authentication-configurations.configuration.credentials.key-store-reference element then ConfigXMLParseException is thrown during parsing of configuration file. This issue can be caused by JBEAP-11691. > For following configuration file: > {code} > <configuration> > <authentication-client xmlns="urn:elytron:1.0"> > <authentication-rules> > <rule use-configuration="default"/> > </authentication-rules> > <authentication-configurations> > <configuration name="default"> > <sasl-mechanism-selector selector="PLAIN"/> > <credentials> > <key-store-reference key-store-name="clientKeyStore"> > <key-store-clear-password password="secret"/> > </key-store-reference> > </credentials> > <providers> > <use-service-loader/> > </providers> > </configuration> > </authentication-configurations> > <key-stores> > <key-store name="clientKeyStore" type="JKS"> > <file name="/path/to/some/client.keystore"/> > <key-store-clear-password password="secretKeyStore"/> > </key-store> > </key-stores> > </authentication-client> > </configuration> > {code} > following exception is thrown: > {code} > org.wildfly.client.config.ConfigXMLParseException: ELY01135: Failed to load keystore data > at file:/path/to/some/wildfly-config.xml:10:74 > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$41(ElytronXmlParser.java:1448) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$25(ElytronXmlParser.java:932) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$23(ElytronXmlParser.java:919) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseCredentialsType$35(ElytronXmlParser.java:986) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$18(ElytronXmlParser.java:715) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$andThenOp$23(ElytronXmlParser.java:919) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationConfigurationType$22(ElytronXmlParser.java:763) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseAuthenticationRuleType$7(ElytronXmlParser.java:599) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseRulesType$8(ElytronXmlParser.java:623) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientType(ElytronXmlParser.java:323) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:185) > at org.wildfly.security.auth.client.ElytronXmlParser.parseAuthenticationClientConfiguration(ElytronXmlParser.java:146) > at org.wildfly.security.auth.client.DefaultAuthenticationContextProvider.lambda$static$0(DefaultAuthenticationContextProvider.java:38) > ... 18 more > Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:121) > at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:75) > at org.wildfly.security.auth.client.ElytronXmlParser.lambda$parseKeyStoreRefType$41(ElytronXmlParser.java:1423) > ... 30 more > {code} > It seems that mentioned configuration file does not result to ConfigXMLParseException in EAP 7.1.0.DR19. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2295) org.jboss.as.domain-management does not permit non-JKS file keystore

by ehsavoie Hugonnet (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2295?page=com.atlassian.jira.plugi... ] ehsavoie Hugonnet resolved WFCORE-2295. --------------------------------------- Fix Version/s: 3.0.0.Beta26 Resolution: Done Resolved as JBEAP cloned from is verified > org.jboss.as.domain-management does not permit non-JKS file keystore > -------------------------------------------------------------------- > > Key: WFCORE-2295 > URL: https://issues.jboss.org/browse/WFCORE-2295 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management, Security > Environment: Java 1.8.0_121, EAP 6.4.13 > Reporter: Rich Lucente > Assignee: Brian Stansberry > Labels: eap, fips, management, security > Fix For: 3.0.0.Beta26 > > Attachments: ProviderFileKeyManagerService.java, ProviderFileKeystore.java, ProviderFileTrustManagerService.java, SecurityRealmAddHandler.java > > > org.jboss.as.domain-management subsystem only enables users to specify either a `provider` attribute or a `keystore-path` attribute but not both. Users wishing to use a FIPS 140-2 certified provider are limited to the SunPKCS11 provider on RHEL. Non-JKS JCE providers that require an alternative provider with a keystore-path cannot be configured to secure the management interface. > With the recent FIPS 140-2 certification of pure java open source cryptographic modules, government customers seek to secure EAP on multiple operating systems using FIPS certified JCE providers. These same customers must use common criteria certified software and follow DISA security technical implementation guidelines (http://iase.disa.mil/stigs/app-security/app-servers/Pages/jboss.aspx). Currently, EAP 6 is the only option to meet both of those conditions. > The attached files incorporate changes to the org.jboss.as.domain.management.security package to enable the use of file-based keystores that rely on alternative JCE providers and that do not use JKS formatted keystores. > This configuration with the bouncy castle pure java FIPS 140-2 certified provider and the attached software changes enable securing the management interface: > {noformat} > ... > <security-realm name="ManagementRealmHTTPS"> > <server-identities> > <ssl protocol="TLS"> > <engine enabled-cipher-suites="SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_AES_256_CBC_SHA" enabled-protocols="TLSv1 TLSv1.1 TLSv1.2"/> > <keystore provider="BCFKS" path="vault/vault.bcfks" relative-to="jboss.home.dir" keystore-password="admin1jboss_" alias="jbossweb" key-password="admin1jboss_"/> > </ssl> > </server-identities> > <authentication> > <properties path="https-mgmt-users.properties" relative-to="jboss.server.config.dir"/> > </authentication> > </security-realm> > ... > {noformat} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2333) Native management interface does not work with SSL/TLS based on Elytron SSL Context

by ehsavoie Hugonnet (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2333?page=com.atlassian.jira.plugi... ] ehsavoie Hugonnet resolved WFCORE-2333. --------------------------------------- Fix Version/s: 3.0.0.Beta26 Resolution: Done Resolved as JBEAP cloned from is verified > Native management interface does not work with SSL/TLS based on Elytron SSL Context > ----------------------------------------------------------------------------------- > > Key: WFCORE-2333 > URL: https://issues.jboss.org/browse/WFCORE-2333 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta2 > Reporter: Ondrej Kotek > Priority: Blocker > Fix For: 3.0.0.Beta26 > > > Following [1,2] to set management {{native-interface}} backed by SSL Context from Elytron, {{jboss-cli}} connection results in: > {{Failed to connect to the controller: Unable to negotiate SSL connection with controller at localhost:9999}} > Are there any configuration steps that needs to be performed for this configuration to work? > [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildF... > [2] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#WildF... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2507) Key manager exported from legacy security domain can not be used by Elytron server-ssl-context

by ehsavoie Hugonnet (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2507?page=com.atlassian.jira.plugi... ] ehsavoie Hugonnet resolved WFCORE-2507. --------------------------------------- Fix Version/s: 3.0.0.Beta26 Resolution: Done Resolved as JBEAP cloned from is verified > Key manager exported from legacy security domain can not be used by Elytron server-ssl-context > ---------------------------------------------------------------------------------------------- > > Key: WFCORE-2507 > URL: https://issues.jboss.org/browse/WFCORE-2507 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta6 > Reporter: Ondrej Kotek > Priority: Critical > Fix For: 3.0.0.Beta26 > > > It is not possible to use a key manager exported from legacy security domain (i.e. {{elytron-key-manager}}) in Elytron {{server-ssl-context}}. It results in: > {noformat} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.ssc" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.ssc: WFLYELY00019: No 'X509ExtendedKeyManager' found in injected value."}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.ssc"] > }, > "rolled-back" => true > } > {noformat} > The exported key manager is announced as {{org.wildfly.security.key-managers}} capability. Hence it is expected to work wherever the capability is requested. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira June 2017