August 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-3172) (7.0.z) Upgrade log4j-jboss-logmanager from 1.1.2.Final-redhat-2 to 1.1.4.Final-redhat-1

by Tomas Hofman (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3172?page=com.atlassian.jira.plugi... ] Tomas Hofman updated WFCORE-3172: --------------------------------- Summary: (7.0.z) Upgrade log4j-jboss-logmanager from 1.1.2.Final-redhat-2 to 1.1.4.Final-redhat-1 (was: (7.0.z) Upgrade log4j-jboss-logmanager from 1.1.2.Final-redhat-2 to 1.1.4.Final-redhat-1 ?) > (7.0.z) Upgrade log4j-jboss-logmanager from 1.1.2.Final-redhat-2 to 1.1.4.Final-redhat-1 > ---------------------------------------------------------------------------------------- > > Key: WFCORE-3172 > URL: https://issues.jboss.org/browse/WFCORE-3172 > Project: WildFly Core > Issue Type: Component Upgrade > Components: Logging > Reporter: Tomas Hofman > Assignee: James Perkins > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3147) Getting org.osgi.framework.AdminPermission check failed with security manager

by Girish Pathak (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3147?page=com.atlassian.jira.plugi... ] Girish Pathak commented on WFCORE-3147: --------------------------------------- Hi Martin, I have uploaded sample war, which is having issue with OSGI, can you please have a look , please let me know if you need more information. > Getting org.osgi.framework.AdminPermission check failed with security manager > ----------------------------------------------------------------------------- > > Key: WFCORE-3147 > URL: https://issues.jboss.org/browse/WFCORE-3147 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta30 > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Trivial > Attachments: sampleApp.war > > > Despite permission is granted in standalone.xml > {code} > <minimum-set> > <permission class="org.osgi.framework.AdminPermission" name="(id=0)" actions="context"/> > </minimum-set> > {code} > During deployment there is exception > {code} > java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.osgi.framework.AdminPermission" "(id=0)" "context")" in code source "(vfs:/content/myapp.war/WEB-INF/lib/org.eclipse.equinox.servletbridge_1.2.100.v20120209-2014.jar > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3173) (7.0.z) Upgrade log4j-jboss-logmanager from 1.1.2.Final-redhat-2 to 1.1.4.Final-redhat-1

by Tomas Hofman (JIRA)

Tomas Hofman created WFCORE-3173: ------------------------------------ Summary: (7.0.z) Upgrade log4j-jboss-logmanager from 1.1.2.Final-redhat-2 to 1.1.4.Final-redhat-1 Key: WFCORE-3173 URL: https://issues.jboss.org/browse/WFCORE-3173 Project: WildFly Core Issue Type: Component Upgrade Components: Logging Reporter: Tomas Hofman Assignee: James Perkins -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1322) Found multiple secret keys sharing same CKA_LABEL

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1322?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved ELY-1322. ----------------------------------- Fix Version/s: 1.2.0.Beta1 1.1.0.CR5 Resolution: Done > Found multiple secret keys sharing same CKA_LABEL > ------------------------------------------------- > > Key: ELY-1322 > URL: https://issues.jboss.org/browse/ELY-1322 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Affects Versions: 1.1.0.CR3 > Reporter: Peter Skopek > Assignee: Peter Skopek > Priority: Blocker > Labels: eap7.1-rfe-failure > Fix For: 1.2.0.Beta1, 1.1.0.CR5 > > > When multiple PKCS11 keystores are configured in domain [1][2]. And PKCS11 store contains secret key. Then this exception is thrown on startup intermittently (but very often, cca 50%). > {code:server.log} > [Host Controller] 10:15:05,526 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.key-store.oneWayKS: org.jboss.msc.service.StartException in service org.wildfly.security.key-store.oneWayKS: WFLYELY00004: Unable to start the service. > [Host Controller] at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:146) > [Host Controller] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) > [Host Controller] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) > [Host Controller] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > [Host Controller] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > [Host Controller] at java.lang.Thread.run(Thread.java:745) > [Host Controller] Caused by: java.io.IOException: load failed > [Host Controller] at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:763) > [Host Controller] at java.security.KeyStore.load(KeyStore.java:1445) > [Host Controller] at org.wildfly.security.keystore.AtomicLoadKeyStoreSpi.engineLoad(AtomicLoadKeyStoreSpi.java:55) > [Host Controller] at java.security.KeyStore.load(KeyStore.java:1445) > [Host Controller] at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:137) > [Host Controller] ... 5 more > [Host Controller] Caused by: java.security.KeyStoreException: invalid KeyStore state: found multiple secret keys sharing same CKA_LABEL [my-key] > [Host Controller] at sun.security.pkcs11.P11KeyStore.mapLabels(P11KeyStore.java:2408) > [Host Controller] at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:755) > [Host Controller] ... 9 more > {code} > Storing secret key into PKCS11 store is necessary for FIPS Credential store implementation. > {code:java|title=sun.security.pkcs11.P11KeyStore.java} > for (long handle : handles) { > attrs = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CKA_LABEL) }; > token.p11.C_GetAttributeValue(session.id(), handle, attrs); > if (attrs[0].pValue != null) { > // there is a CKA_LABEL > String cka_label = new String(attrs[0].getCharArray()); > if (sKeyMap.get(cka_label) == null) { > sKeyMap.put(cka_label, new AliasInfo(cka_label)); > } else { > throw new KeyStoreException("invalid KeyStore state: " + > "found multiple secret keys sharing same " + > "CKA_LABEL [" + > cka_label + > "]"); > } > } > } > {code} > It seems to me problem will be PKCS11 store (system wide) is loaded concurrently multiple times and therefore sometimes JDK check triggers false positive alarm [3]. > [1] https://gitlab.mw.lab.eng.bos.redhat.com/jbossqe-eap/tests-security/blob/... > [2] https://gitlab.mw.lab.eng.bos.redhat.com/jbossqe-eap/tests-security/blob/... > [3] http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3147) Getting org.osgi.framework.AdminPermission check failed with security manager

by Girish Pathak (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3147?page=com.atlassian.jira.plugi... ] Girish Pathak updated WFCORE-3147: ---------------------------------- Attachment: sampleApp.war > Getting org.osgi.framework.AdminPermission check failed with security manager > ----------------------------------------------------------------------------- > > Key: WFCORE-3147 > URL: https://issues.jboss.org/browse/WFCORE-3147 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta30 > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Trivial > Attachments: sampleApp.war > > > Despite permission is granted in standalone.xml > {code} > <minimum-set> > <permission class="org.osgi.framework.AdminPermission" name="(id=0)" actions="context"/> > </minimum-set> > {code} > During deployment there is exception > {code} > java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.osgi.framework.AdminPermission" "(id=0)" "context")" in code source "(vfs:/content/myapp.war/WEB-INF/lib/org.eclipse.equinox.servletbridge_1.2.100.v20120209-2014.jar > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1312) Further Scoping and Caching Enhancements to the SpnegoAuthenticationMechanism

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1312?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1312: ---------------------------------- Fix Version/s: 1.2.0.Beta1 > Further Scoping and Caching Enhancements to the SpnegoAuthenticationMechanism > ----------------------------------------------------------------------------- > > Key: ELY-1312 > URL: https://issues.jboss.org/browse/ELY-1312 > Project: WildFly Elytron > Issue Type: Enhancement > Components: HTTP > Environment: # > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 1.1.0.CR5, 1.2.0.Beta1 > > > Currently the SpnegoAuthenticationMechanism caches against the connection scope and uses the cached GssContext to recreate the identity. > We should consider the following: - > # Using the same cached identity mechanism as is used by FORM authentication. > # Adding configuration to specify which scope to cache against. > # Add an option to disable caching entirely, this would need to take into account cases where continuation is required as that would become unsupported. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1315) KeyStoreCredentialStore not using writeLock when it should be used

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1315?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1315: ---------------------------------- Fix Version/s: 1.2.0.Beta1 > KeyStoreCredentialStore not using writeLock when it should be used > ------------------------------------------------------------------ > > Key: ELY-1315 > URL: https://issues.jboss.org/browse/ELY-1315 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Affects Versions: 1.1.0.CR4 > Reporter: Peter Skopek > Assignee: Peter Skopek > Priority: Blocker > Fix For: 1.1.0.CR5, 1.2.0.Beta1 > > > KeyStoreCredentialStore not using writeLock when it should be used. > method lockForWrite() is using readWriteLock.readLock() but has to use readWriteLock.writeLock(). This can cause more writers to perform write operations. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1153) Elytron: problem with Maven dependencies

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1153?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved ELY-1153. ----------------------------------- Fix Version/s: 1.2.0.Beta1 1.1.0.CR5 Resolution: Done > Elytron: problem with Maven dependencies > ---------------------------------------- > > Key: ELY-1153 > URL: https://issues.jboss.org/browse/ELY-1153 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.CR4 > Reporter: Josef Cacek > Assignee: Tomaz Cerar > Priority: Critical > Fix For: 1.2.0.Beta1, 1.1.0.CR5 > > > Majority of Elytron Maven dependencies have scope {{provided}}. It means they are not included when Elytron is used as a project dependency (e.g. together with EJB) and compilation fails. > We need either to make them {{compile}} scoped or provide an additional Elytron BOM package so users have a simple way for Elytron usage. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1313) Alias from dependent credential store is not avalaible on server start

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1313?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1313: ---------------------------------- Fix Version/s: 1.2.0.Beta1 > Alias from dependent credential store is not avalaible on server start > ---------------------------------------------------------------------- > > Key: ELY-1313 > URL: https://issues.jboss.org/browse/ELY-1313 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Affects Versions: 1.1.0.CR2 > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Critical > Fix For: 1.1.0.CR5, 1.2.0.Beta1 > > > *This is backport of ELY-1308* > BouncyCastle external CredentialStore fail to store secret: > {code} > KeyStoreCredentialStore: flushing failed: java.lang.NullPointerException > at org.bouncycastle.jcajce.provider.BaseCipher.engineGetParameters(Unknown Source) > at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1020) > at javax.crypto.Cipher.init(Cipher.java:1245) > at javax.crypto.Cipher.init(Cipher.java:1186) > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore$ExternalStorage.saveSecretKey(KeyStoreCredentialStore.java:1299) > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore$ExternalStorage.store(KeyStoreCredentialStore.java:1283) > at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.flush(KeyStoreCredentialStore.java:779) > at org.wildfly.security.credential.store.CredentialStore.flush(CredentialStore.java:364) > at org.wildfly.extension.elytron.CredentialStoreResourceDefinition.storeSecret(CredentialStoreResourceDefinition.java:517) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1311) Translate password before obtaining clear password spec

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1311?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1311: ---------------------------------- Fix Version/s: 1.2.0.Beta1 1.1.0.CR5 (was: 1.1.0.CR6) > Translate password before obtaining clear password spec > ------------------------------------------------------- > > Key: ELY-1311 > URL: https://issues.jboss.org/browse/ELY-1311 > Project: WildFly Elytron > Issue Type: Bug > Components: API / SPI > Affects Versions: 1.1.0.CR4 > Reporter: Pedro Igor > Assignee: Pedro Igor > Fix For: 1.1.0.CR5, 1.2.0.Beta1 > > > In some situations we are creating {{RawClearPassword}} where ideally we should create concrete {{ClearPassword}} instances. > The main issue we need to fix is credential propagation where only concrete {{ClearPassowrd}} instances are supposed to be used. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2017