[JBoss JIRA] (WFCORE-2440) CS tool, 2 places to specify credential store location
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2440?page=com.atlassian.jira.plugi... ]
Darran Lofthouse resolved WFCORE-2440.
--------------------------------------
Fix Version/s: 3.0.0.Beta29
Resolution: Done
> CS tool, 2 places to specify credential store location
> ------------------------------------------------------
>
> Key: WFCORE-2440
> URL: https://issues.jboss.org/browse/WFCORE-2440
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 3.0.0.Beta29
>
>
> Currently there are 2 places, where location can be specified:
> - URI parameter
> - location parameter
> {code}
> java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="test.store" --uri "cr-store://test.store?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --summary --salt 12345678 --iteration 230
> {code}
> Choose one. In case SPI dictates that, revise SPI.
> Setting to high priotity, as possible it is problem of SPI.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 10 months
[JBoss JIRA] (WFCORE-2444) There isn't possibility log in to management web console as user which was dynamically added after EAP was started.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2444?page=com.atlassian.jira.plugi... ]
Darran Lofthouse resolved WFCORE-2444.
--------------------------------------
Resolution: Rejected
The load operation should be invoked on the realm to reload the properties file.
> There isn't possibility log in to management web console as user which was dynamically added after EAP was started.
> -------------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2444
> URL: https://issues.jboss.org/browse/WFCORE-2444
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Critical
>
> I am not able to log in to management web console as user which was dynamically added after EAP was started.
> *Scenario:*
> * EAP is running - *standalone.sh -c=standalone-elytron.xml*
> * add user through script *add-user.sh -u john -p password1! -s*
> * log in to management web console as user *john*
> *Result:*
> * It doesn't work until restart
> When we use Picketbox then it works fine.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 10 months
[JBoss JIRA] (WFLY-9053) AbstractMethodError with Hibernate 5.2
by Giovanni Lovato (JIRA)
[ https://issues.jboss.org/browse/WFLY-9053?page=com.atlassian.jira.plugin.... ]
Giovanni Lovato commented on WFLY-9053:
---------------------------------------
I'd really like to provide the full trace, but that {{... 5 more}} is part of log. How can I tell WildFly to print the full trace?
> AbstractMethodError with Hibernate 5.2
> --------------------------------------
>
> Key: WFLY-9053
> URL: https://issues.jboss.org/browse/WFLY-9053
> Project: WildFly
> Issue Type: Bug
> Components: JPA / Hibernate
> Affects Versions: 11.0.0.Alpha1
> Reporter: Giovanni Lovato
> Assignee: Scott Marlow
>
> I'm deploying an EAR specifying in its {{persistence.xml}} to use Hibernate 5.2 as JPA provider:
> {code:xml}
> <property name="jboss.as.jpa.providerModule" value="org.hibernate:5.2" />
> {code}
> Hibernate 5.2 modules are placed in the {{modules}} directory.
> This configuration works in 10.1.0.Final but in 11.0.0.Alpha1 I get this error at deployment:
> {code}
> ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.deployment.unit."oss-application-ear-1.0.0.ear".FIRST_MODULE_USE: org.jboss.msc.service.StartException in service jboss.deployment.unit."oss-application-ear-1.0.0.ear".FIRST_MODULE_USE: WFLYSRV0153: Failed to process phase FIRST_MODULE_USE of deployment "oss-application-ear-1.0.0.ear"
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:172)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.AbstractMethodError: org.jboss.as.jpa.hibernate5.HibernatePersistenceProviderAdaptor.beanManagerLifeCycle(Ljavax/enterprise/inject/spi/BeanManager;)Ljava/lang/Object;
> at org.jboss.as.jpa.service.PhaseOnePersistenceUnitServiceImpl.<init>(PhaseOnePersistenceUnitServiceImpl.java:89)
> at org.jboss.as.jpa.processor.PersistenceUnitServiceHandler.deployPersistenceUnitPhaseOne(PersistenceUnitServiceHandler.java:485)
> at org.jboss.as.jpa.processor.PersistenceUnitServiceHandler.addPuService(PersistenceUnitServiceHandler.java:279)
> at org.jboss.as.jpa.processor.PersistenceUnitServiceHandler.handleEarDeployment(PersistenceUnitServiceHandler.java:228)
> at org.jboss.as.jpa.processor.PersistenceUnitServiceHandler.deploy(PersistenceUnitServiceHandler.java:135)
> at org.jboss.as.jpa.processor.PersistenceBeginInstallProcessor.deploy(PersistenceBeginInstallProcessor.java:52)
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:165)
> ... 5 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 10 months
[JBoss JIRA] (WFCORE-2449) Default Elytron realm names are confusing - use same values as Legacy security realms
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2449?page=com.atlassian.jira.plugi... ]
Darran Lofthouse resolved WFCORE-2449.
--------------------------------------
Fix Version/s: 3.0.0.Beta29
Resolution: Rejected
> Default Elytron realm names are confusing - use same values as Legacy security realms
> -------------------------------------------------------------------------------------
>
> Key: WFCORE-2449
> URL: https://issues.jboss.org/browse/WFCORE-2449
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Josef Cacek
> Assignee: Darran Lofthouse
> Priority: Blocker
> Labels: user_experience
> Fix For: 3.0.0.Beta29
>
>
> The default application server profiles now contain Elytron subsystem configured (more in EAP7-543). The subsystem contains 2 properties realms, which copy behavior of security realms in legacy security. They use the same name as the original ones *ApplicationRealm* and *ManagementRealm*:
> {code:xml}
> <properties-realm name="ApplicationRealm">
> <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
> <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> <properties-realm name="ManagementRealm">
> <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
> <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> {code}
> The new Elytron realms must use different names than legacy ones. Otherwise customers/administrators may think about the Elytron realms as just references to the legacy security.
> *Suggested solution*
> Rename the default Elytron realms to something like *ElytronManagementRealm* or *ManagementElytronRealm*. So the configuration looks like:
> {code:xml}
> <properties-realm name="ApplicationElytronRealm">
> <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
> <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> <properties-realm name="ManagementElytronRealm">
> <users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
> <groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
> </properties-realm>
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 10 months
[JBoss JIRA] (WFCORE-2450) Definition Credential Store with existing storage file but with wrong key password causes ugly failure-description.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2450?page=com.atlassian.jira.plugi... ]
Darran Lofthouse resolved WFCORE-2450.
--------------------------------------
Fix Version/s: 3.0.0.Beta29
(was: 4.0.0.Alpha1)
Resolution: Done
> Definition Credential Store with existing storage file but with wrong key password causes ugly failure-description.
> -------------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2450
> URL: https://issues.jboss.org/browse/WFCORE-2450
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Fix For: 3.0.0.Beta29
>
>
> Definition Credential Store with existing storage file but with wrong key password causes ugly failure-description.
> *How to reproduce*
> Prepare credential store file (the easiest way is create credential store from scratch)
> /subsystem=elytron/credential-store=cs_pass123:add(uri="cr-store://test/cs/ks-pass123.jceks?store.password=pass123;create.storage=true")
> /subsystem=elytron/credential-store=cs_pass123/alias=dbPass:add(secret-value=passwordToDB)
> Then I try to create Credential store with wrong key password to existing store file.
> /subsystem=elytron/credential-store=cs_wrong_key_pass:add(uri="cr-store://test/cs/ks-pass123.jceks?store.password=pass123;key.password=pass456")
> *I can see this result:*
> {code}
> {
> "outcome" => "failed",
> "failure-description" => {
> "WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store-client.cs_wrong_key_pass" => "org.jboss.msc.service.StartException in service org.wildfly.security.credential-store-client.cs_wrong_key_pass: WFLYELY00004: Unable to start the service.
> Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09506: Cannot read credential storage file '/home/hsvabek/securityworkspace/VERIFICATION/2016_11_02_UX_testing/jboss-eap-7.1.0.DR7/standalone/data/cs/ks-pass123.jceks' for the store named 'cs_wrong_key_pass'
> Caused by: java.security.UnrecoverableKeyException: Given final block not properly padded"},
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.credential-store-client.cs_wrong_key_pass"],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined
> },
> "rolled-back" => true
> }
> {code}
> *Suggestion for solution*
> failure-description must not contain Exception or snippet stacktrace.
> Description like that "Password for credential store key is incorrect."
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 10 months
[JBoss JIRA] (WFLY-9053) AbstractMethodError with Hibernate 5.2
by Scott Marlow (JIRA)
[ https://issues.jboss.org/browse/WFLY-9053?page=com.atlassian.jira.plugin.... ]
Scott Marlow commented on WFLY-9053:
------------------------------------
This is likely caused by the [WFLY-2387] (CDI injection in entity listeners failing) change. Could you include more of the exception call stack? I would like to see exactly which line of code is getting the AbstractMethodError (perhaps near [https://github.com/wildfly/wildfly/blob/master/jpa/hibernate5/src/main/ja...]). Perhaps we need to catch/ignore the AbstractMethodError in the HibernatePersistenceProviderAdaptor class but first we need to understand why we are getting that.
By the way, [WFLY-2387] was not fixed in WildFly 10.x, which is why you didn't see this issue before.
> AbstractMethodError with Hibernate 5.2
> --------------------------------------
>
> Key: WFLY-9053
> URL: https://issues.jboss.org/browse/WFLY-9053
> Project: WildFly
> Issue Type: Bug
> Components: JPA / Hibernate
> Affects Versions: 11.0.0.Alpha1
> Reporter: Giovanni Lovato
> Assignee: Scott Marlow
>
> I'm deploying an EAR specifying in its {{persistence.xml}} to use Hibernate 5.2 as JPA provider:
> {code:xml}
> <property name="jboss.as.jpa.providerModule" value="org.hibernate:5.2" />
> {code}
> Hibernate 5.2 modules are placed in the {{modules}} directory.
> This configuration works in 10.1.0.Final but in 11.0.0.Alpha1 I get this error at deployment:
> {code}
> ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.deployment.unit."oss-application-ear-1.0.0.ear".FIRST_MODULE_USE: org.jboss.msc.service.StartException in service jboss.deployment.unit."oss-application-ear-1.0.0.ear".FIRST_MODULE_USE: WFLYSRV0153: Failed to process phase FIRST_MODULE_USE of deployment "oss-application-ear-1.0.0.ear"
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:172)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.AbstractMethodError: org.jboss.as.jpa.hibernate5.HibernatePersistenceProviderAdaptor.beanManagerLifeCycle(Ljavax/enterprise/inject/spi/BeanManager;)Ljava/lang/Object;
> at org.jboss.as.jpa.service.PhaseOnePersistenceUnitServiceImpl.<init>(PhaseOnePersistenceUnitServiceImpl.java:89)
> at org.jboss.as.jpa.processor.PersistenceUnitServiceHandler.deployPersistenceUnitPhaseOne(PersistenceUnitServiceHandler.java:485)
> at org.jboss.as.jpa.processor.PersistenceUnitServiceHandler.addPuService(PersistenceUnitServiceHandler.java:279)
> at org.jboss.as.jpa.processor.PersistenceUnitServiceHandler.handleEarDeployment(PersistenceUnitServiceHandler.java:228)
> at org.jboss.as.jpa.processor.PersistenceUnitServiceHandler.deploy(PersistenceUnitServiceHandler.java:135)
> at org.jboss.as.jpa.processor.PersistenceBeginInstallProcessor.deploy(PersistenceBeginInstallProcessor.java:52)
> at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:165)
> ... 5 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 10 months
[JBoss JIRA] (WFLY-9048) MDB20TopicTestCase fails with security manager
by Yeray Borges (JIRA)
[ https://issues.jboss.org/browse/WFLY-9048?page=com.atlassian.jira.plugin.... ]
Yeray Borges reassigned WFLY-9048:
----------------------------------
Assignee: Yeray Borges
> MDB20TopicTestCase fails with security manager
> ----------------------------------------------
>
> Key: WFLY-9048
> URL: https://issues.jboss.org/browse/WFLY-9048
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite
> Affects Versions: 11.0.0.Beta1
> Reporter: Ondrej Kotek
> Assignee: Yeray Borges
> Labels: security-manager
>
> MDB20TopicTestCase fails with security manager:
> {noformat}
> java.io.IOException: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.jboss.remoting3.security.RemotingPermission" "createEndpoint")" in code source "(vfs:/content/MDB20TopicTestCase.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.MDB20TopicTestCase.jar" from Service Module Loader")
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
> at org.jboss.as.test.integration.ejb.mdb.ejb2x.MDB20TopicTestCase.getNumberOfAllSubscriptions(MDB20TopicTestCase.java:171)
> ...
> {noformat}
> There are missing permissions {{RemotingPermission("createEndpoint")}}, {{RemotingPermission("connect")}}, and possibly others, and missing dependency on {{org.jboss.remoting3}}.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 10 months
[JBoss JIRA] (WFLY-9061) LazyTransactionEnlistmentUnitTestCase#testRawSQL fails with security manager
by Ondrej Kotek (JIRA)
[ https://issues.jboss.org/browse/WFLY-9061?page=com.atlassian.jira.plugin.... ]
Ondrej Kotek moved JBEAP-11995 to WFLY-9061:
--------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-9061 (was: JBEAP-11995)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: EJB
Test Suite
Transactions
(was: EJB)
(was: Test Suite)
(was: Transactions)
Affects Version/s: 11.0.0.Beta1
(was: 7.1.0.ER1)
> LazyTransactionEnlistmentUnitTestCase#testRawSQL fails with security manager
> ----------------------------------------------------------------------------
>
> Key: WFLY-9061
> URL: https://issues.jboss.org/browse/WFLY-9061
> Project: WildFly
> Issue Type: Bug
> Components: EJB, Test Suite, Transactions
> Affects Versions: 11.0.0.Beta1
> Reporter: Ondrej Kotek
> Priority: Blocker
> Labels: security-manager
>
> {{LazyTransactionEnlistmentUnitTestCase#testRawSQL}} fails with security manager:
> {noformat}LazyTransactionEnlistmentUnitTestCase.testRawSQL:82 expected:<875000.0> but was:<625000.0>{noformat}
> It is not obvious why does it fail. In case the same conditions can occur in a real application, it may lead to unexpected and undesirable behaviour. Setting priority to Blocker, proper investigation is necessary.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
8 years, 10 months