August 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-9181) ReadOnly user able to perform runtimeOnly operations on JMS queues and Topic thorugh CLI

by shailendra singh (JIRA)

[ https://issues.jboss.org/browse/WFLY-9181?page=com.atlassian.jira.plugin.... ] shailendra singh updated WFLY-9181: ----------------------------------- Description: ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI Like:- 'Monitor' roles have permissions to remove messages from the queue. {code:java} [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove-messages() { "outcome" => "success", "result" => 14 } [standalone@localhost:9990 /] {code} Also drop-all-subscriptions on a topic. {code:java} [[standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-topic=testTopic:drop-all-subscriptions() { "outcome" => "success", "result" => undefined } [standalone@localhost:9990 /] {code} So even a read-only role ('Monitor') has access to :remove-messages. To show RBAC is enforced for other CLI operations: {code:java} [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove() { "outcome" => "failed", "failure-description" => "WFLYCTL0313: Unauthorized to execute operation 'remove' for resource '[ (\"subsystem\" => \"messaging-activemq\"), (\"server\" => \"default\"), (\"jms-queue\" => \"DLQ\") ]' -- \"WFLYCTL0332: Permission denied\"", "rolled-back" => true } [standalone@localhost:9990 /] {code} Expectation:- The permissions between the monitoring console (GUI) and the CLI should be in sync for flushing a JMS queue. was: ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI Like:- 'Monitor' roles have permissions to remove messages from the queue. {code:java} [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove-messages() { "outcome" => "success", "result" => 14 } [standalone@localhost:9990 /] {code} So even a read-only role ('Monitor') has access to :remove-messages. To show RBAC is enforced for other CLI operations: {code:java} [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove() { "outcome" => "failed", "failure-description" => "WFLYCTL0313: Unauthorized to execute operation 'remove' for resource '[ (\"subsystem\" => \"messaging-activemq\"), (\"server\" => \"default\"), (\"jms-queue\" => \"DLQ\") ]' -- \"WFLYCTL0332: Permission denied\"", "rolled-back" => true } [standalone@localhost:9990 /] {code} Expectation:- The permissions between the monitoring console (GUI) and the CLI should be in sync for flushing a JMS queue. > ReadOnly user able to perform runtimeOnly operations on JMS queues and Topic thorugh CLI > ---------------------------------------------------------------------------------------- > > Key: WFLY-9181 > URL: https://issues.jboss.org/browse/WFLY-9181 > Project: WildFly > Issue Type: Bug > Components: CLI, JMS > Affects Versions: 11.0.0.Beta1 > Reporter: shailendra singh > Assignee: shailendra singh > > ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI > Like:- > 'Monitor' roles have permissions to remove messages from the queue. > {code:java} > [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove-messages() > { > "outcome" => "success", > "result" => 14 > } > [standalone@localhost:9990 /] > {code} > Also drop-all-subscriptions on a topic. > {code:java} > [[standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-topic=testTopic:drop-all-subscriptions() > { > "outcome" => "success", > "result" => undefined > } > [standalone@localhost:9990 /] > {code} > So even a read-only role ('Monitor') has access to :remove-messages. To show RBAC is enforced for other CLI operations: > {code:java} > [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove() > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0313: Unauthorized to execute operation 'remove' for resource '[ > (\"subsystem\" => \"messaging-activemq\"), > (\"server\" => \"default\"), > (\"jms-queue\" => \"DLQ\") > ]' -- \"WFLYCTL0332: Permission denied\"", > "rolled-back" => true > } > [standalone@localhost:9990 /] > {code} > Expectation:- > The permissions between the monitoring console (GUI) and the CLI should be in sync for flushing a JMS queue. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9181) ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI

by shailendra singh (JIRA)

[ https://issues.jboss.org/browse/WFLY-9181?page=com.atlassian.jira.plugin.... ] shailendra singh commented on WFLY-9181: ---------------------------------------- This also needs to be done for Topic. {code:java} [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-topic=testTopic:drop-all-subscriptions() { "outcome" => "success", "result" => undefined } {code} > ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI > ------------------------------------------------------------------------------- > > Key: WFLY-9181 > URL: https://issues.jboss.org/browse/WFLY-9181 > Project: WildFly > Issue Type: Bug > Components: CLI, JMS > Affects Versions: 11.0.0.Beta1 > Reporter: shailendra singh > Assignee: shailendra singh > > ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI > Like:- > 'Monitor' roles have permissions to remove messages from the queue. > {code:java} > [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove-messages() > { > "outcome" => "success", > "result" => 14 > } > [standalone@localhost:9990 /] > {code} > So even a read-only role ('Monitor') has access to :remove-messages. To show RBAC is enforced for other CLI operations: > {code:java} > [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove() > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0313: Unauthorized to execute operation 'remove' for resource '[ > (\"subsystem\" => \"messaging-activemq\"), > (\"server\" => \"default\"), > (\"jms-queue\" => \"DLQ\") > ]' -- \"WFLYCTL0332: Permission denied\"", > "rolled-back" => true > } > [standalone@localhost:9990 /] > {code} > Expectation:- > The permissions between the monitoring console (GUI) and the CLI should be in sync for flushing a JMS queue. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9181) ReadOnly user able to perform runtimeOnly operations on JMS queues and Topic thorugh CLI

by shailendra singh (JIRA)

[ https://issues.jboss.org/browse/WFLY-9181?page=com.atlassian.jira.plugin.... ] shailendra singh updated WFLY-9181: ----------------------------------- Summary: ReadOnly user able to perform runtimeOnly operations on JMS queues and Topic thorugh CLI (was: ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI) > ReadOnly user able to perform runtimeOnly operations on JMS queues and Topic thorugh CLI > ---------------------------------------------------------------------------------------- > > Key: WFLY-9181 > URL: https://issues.jboss.org/browse/WFLY-9181 > Project: WildFly > Issue Type: Bug > Components: CLI, JMS > Affects Versions: 11.0.0.Beta1 > Reporter: shailendra singh > Assignee: shailendra singh > > ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI > Like:- > 'Monitor' roles have permissions to remove messages from the queue. > {code:java} > [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove-messages() > { > "outcome" => "success", > "result" => 14 > } > [standalone@localhost:9990 /] > {code} > So even a read-only role ('Monitor') has access to :remove-messages. To show RBAC is enforced for other CLI operations: > {code:java} > [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove() > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0313: Unauthorized to execute operation 'remove' for resource '[ > (\"subsystem\" => \"messaging-activemq\"), > (\"server\" => \"default\"), > (\"jms-queue\" => \"DLQ\") > ]' -- \"WFLYCTL0332: Permission denied\"", > "rolled-back" => true > } > [standalone@localhost:9990 /] > {code} > Expectation:- > The permissions between the monitoring console (GUI) and the CLI should be in sync for flushing a JMS queue. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9209) Patch needed for WF 10.1.0.Final for CVE-2016-4970

by John Hovell (JIRA)

John Hovell created WFLY-9209: --------------------------------- Summary: Patch needed for WF 10.1.0.Final for CVE-2016-4970 Key: WFLY-9209 URL: https://issues.jboss.org/browse/WFLY-9209 Project: WildFly Issue Type: Bug Affects Versions: 10.1.0.Final Reporter: John Hovell Assignee: Jason Greene Several 3rd party security scanners we use flag Wildfly 10.1.0.Final as containing the following DoS vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2016-4970 I have found a Redhat errata and bugzilla but neither references Wildfly specifically nor does CVE-2016-4970 turn up on a search here in Jira. https://access.redhat.com/security/cve/cve-2016-4970 https://bugzilla.redhat.com/show_bug.cgi?id=1343616 I am trying to understand if Wildfly team believes WF 10.1.0 is vulnerable and if so if it should be patched. I understand that WF 11 has an upgraded version of Netty which is not vulnerable to this CVE, but it is still in beta and security patches shouldn't need a major version upgrade. I am also trying to understand the official channel that the Wildfly project uses to track security errata as a search for "CVE" here only turns up ~3 other issues. Are the above Redhat links the place to look? And if so should Wildfly be marked as not affected, or why do they only refer to very very old versions of JBoss? I'd still be confused however how WF wouldn't be affected as it seems to contain wildfly/modules/system/layers/base/io/netty/main/netty-all-4.0.33.Final.jar which does not appear to be back-ported with a fix. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2209) Members leaving the cluster

by Swathi Kumar (JIRA)

Swathi Kumar created JGRP-2209: ---------------------------------- Summary: Members leaving the cluster Key: JGRP-2209 URL: https://issues.jboss.org/browse/JGRP-2209 Project: JGroups Issue Type: Bug Affects Versions: 3.0 Environment: Linux Reporter: Swathi Kumar Assignee: Bela Ban We recently upgraded the jgroups jars from version 2_5_2/jgroups-all.jar to 3_4_0/jgroups-3.4.0.Alpha2.jar. With the upgrade we see our clusters are not stable. The members leave the cluster for short duration of time (say around 5-6m) and join back on their own. We initially suspected it to be a network issue and we involved the network team to investiate further. But after reviewing the network logs, it is very much evident that the network has no role to play in members leaving the cluster. The boxes on which the nodes/members are running are healthy and fine and the network is very fast and healthy too. We are not able to determine the root cause for the members leaving the clusters. Please note, we have multiple clusters configured (round about 5-6) and we are experiencing the same problem on all the clusters. We request you to kindly help us in resolving this issue. We have the below jgroups config properties in our application to create 3 channels (for security reasons have used a dummy host name here) :- jgroups_cluster.property_string=TCP(bind_addr=host_name_A;bind_port=34061):TCPPING(initial_hosts=host_name_A[34061],host_name_A[44061],host_name_A[54061];port_range=1;timeout=5000;num_initial_members=2):MERGE2(min_interval=3000;max_interval=5000):FD_ALL(interval=5000;timeout=20000):FD(timeout=5000;max_tries=48):VERIFY_SUSPECT(timeout=1500):pbcast.NAKACK(retransmit_timeout=100,200,300,600,1200,2400,4800;discard_delivered_msgs=true):pbcast.STABLE(stability_delay=1000;desired_avg_gossip=20000;max_bytes=0):pbcast.GMS(print_local_addr=true;join_timeout=5000) jgroups_cluster.distribution_property_string=TCP(bind_port= 34060;thread_pool_rejection_policy=run):TCPPING(initial_hosts=host_name_A[34060],host_name_A[44060],host_name_A[54060];port_range=1;timeout=5000;num_initial_members=2):MERGE2(min_interval=3000;max_interval=5000):FD_SOCK:FD(timeout=5000;max_tries=48):VERIFY_SUSPECT(timeout=1500):pbcast.NAKACK(retransmit_timeout=3000;discard_delivered_msgs=true):pbcast.STABLE(stability_delay=1000;desired_avg_gossip=20000;max_bytes=0):pbcast.GMS(join_timeout=5000;print_local_addr=true) jgroups_cluster.lock.protocolStack=TCP(bind_addr=host_name_A;bind_port=34062:TCPPING(initial_hosts=host_name_A[34062],host_name_A[44062],host_name_A[54062];port_range=1;timeout=5000;num_initial_members=2):MERGE2(min_interval=3000;max_interval=5000):FD_ALL(interval=5000;timeout=20000):FD(timeout=5000;max_tries=48):VERIFY_SUSPECT(timeout=1500):pbcast.NAKACK(retransmit_timeout=100,200,300,600,1200,2400,4800;discard_delivered_msgs=true):pbcast.STABLE(stability_delay=1000;desired_avg_gossip=20000;max_bytes=0):pbcast.GMS(print_local_addr=true;join_timeout=5000) Please let us know if you need any logs from our end. Kindly consider this on priority as our business is at stake with this issue happening on a daily basis. Many thanks in advance. Regards Swathi BN (IBM) -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9195) Quickstart guide: helloworld is not working

by Tomaz Cerar (JIRA)

[ https://issues.jboss.org/browse/WFLY-9195?page=com.atlassian.jira.plugin.... ] Tomaz Cerar resolved WFLY-9195. ------------------------------- Fix Version/s: 11.0.0.Beta1 Resolution: Done I have released Beta1 of quickstarts, that can be found at https://github.com/wildfly/quickstart/releases/tag/11.0.0.Beta1 you can either use the tag from git directly or grab pre built zip with quickstarts. > Quickstart guide: helloworld is not working > ------------------------------------------- > > Key: WFLY-9195 > URL: https://issues.jboss.org/browse/WFLY-9195 > Project: WildFly > Issue Type: Bug > Components: Quickstarts > Affects Versions: 11.0.0.Beta1 > Reporter: Julien Dore > Assignee: Tomaz Cerar > Priority: Minor > Fix For: 11.0.0.Beta1 > > > I'm following the [quickstart guide|https://github.com/wildfly/quickstart/blob/10.x/guide/HelloworldQui...] and i have downloaded the quickstart-11.x. > With my wildfly server running i'm launching (from quickstart-11.x/helloworld): > {code:java} > package wildfly:deploy > {code} > as describe in the doc but this fail with the following stack: > {code:java} > [ERROR] No plugin found for prefix 'wildfly' in the current project and in the plugin groups [org.apache.maven.plugins, org.codehaus.mojo] available from the repositories [local (C:\Users\PC\.m2\repository), jboss-enterprise-maven-repository (https://maven.repository.redhat.com/ga/), jboss-enterprise-maven-repository-ea (https://maven.repository.redhat.com/earlyaccess/all/), jboss-public-repository-group (https://repository.jboss.org/nexus/content/groups/public/), central (https://repo.maven.apache.org/maven2)] -> [Help 1] > {code} > Adding the following code in pom.xml solve the issue: > {code:java} > <plugin> > <groupId>org.wildfly.plugins</groupId> > <artifactId>wildfly-maven-plugin</artifactId> > <version>1.1.0.Final</version> > </plugin> > {code} > Note that the application is then accessible at _http://localhost:8080/helloworld/HelloWorld_ and not _http://localhost:8080/wildfly-helloworld/HelloWorld_ as written in the documentation. > Note also that these links are not working: > * Installing and starting the JBoss server on Linux, Unix or Mac OS X > * Installing and starting the JBoss server on Windows -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9035) TransactionAttribute annotation is inherited from interface which not according to the spec

by RH Bugzilla Integration (JIRA)

[ https://issues.jboss.org/browse/WFLY-9035?page=com.atlassian.jira.plugin.... ] RH Bugzilla Integration commented on WFLY-9035: ----------------------------------------------- Radovan STANCEL <rstancel(a)redhat.com> changed the Status of [bug 1466909|https://bugzilla.redhat.com/show_bug.cgi?id=1466909] from NEW to ASSIGNED > TransactionAttribute annotation is inherited from interface which not according to the spec > ------------------------------------------------------------------------------------------- > > Key: WFLY-9035 > URL: https://issues.jboss.org/browse/WFLY-9035 > Project: WildFly > Issue Type: Bug > Components: EJB > Affects Versions: 10.1.0.Final, 11.0.0.Alpha1 > Reporter: Wolf-Dieter Fink > Assignee: Radovan Stancel > Labels: transaction > > The annotation @TransactionAttribute is inherited from the business interface which is not according to the EJB specification. > Any annotation on the bean's implemenation class or deployment descriptor is overridden if the Interface is annotated with @TransactionAttribute > The EJB 3.2 specification chapter 8.3.7 says > "For a session bean written to the EJB 3.x client view API, the transaction attributes are speci- > fied for those methods of the session bean class that correspond to the bean’s business inter- > face" > Also the Javadoc for TransactionAttribute (http://docs.oracle.com/javaee/7/api/javax/ejb/TransactionAttribute.html) mention the bean class only. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3137) Server stops when creating new elytron policy with wrong default-policy value

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3137?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-3137: ------------------------------------- Security: (was: Security Issue) > Server stops when creating new elytron policy with wrong default-policy value > ----------------------------------------------------------------------------- > > Key: WFCORE-3137 > URL: https://issues.jboss.org/browse/WFCORE-3137 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta30 > Reporter: Ilia Vassilev > Assignee: Ilia Vassilev > Priority: Blocker > Fix For: 3.0.0.CR1 > > > When creating new elytron policy with wrong default-policy, either using web console or CLI, the server stops immediately after reload. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9208) LocalUserClient fails SASL authentication if a security manager is used

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFLY-9208?page=com.atlassian.jira.plugin.... ] Jan Kalina reassigned WFLY-9208: -------------------------------- Assignee: Jan Kalina > LocalUserClient fails SASL authentication if a security manager is used > ----------------------------------------------------------------------- > > Key: WFLY-9208 > URL: https://issues.jboss.org/browse/WFLY-9208 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: James Perkins > Assignee: Jan Kalina > Priority: Blocker > > I've set this as a blocker because I think it should at least be looked at. Any test in the WildFly testsuite run under Arquillian that uses an injected {{ManagementClient}} will have this issue. > I made an attempt to look at what the issue may be, but I wasn't quite sure what the correct fix is. It seemed like in some cases the {{PrivilegedSaslClient}} was being used, but in others the {{LocalUserClient}} was not wrapped resulting in a security exception. > Here's an example stack trace from a test ran with the security manager enabled: > {code} > Running org.jboss.as.test.integration.batch.deployment.JobControlTestCase > Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 58.979 sec <<< FAILURE! - in org.jboss.as.test.integration.batch.deployment.JobControlTestCase > testStart(org.jboss.as.test.integration.batch.deployment.JobControlTestCase) Time elapsed: 58.848 sec <<< ERROR! > java.io.IOException: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9990. The connection failed > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75) > at org.jboss.as.test.integration.batch.deployment.JobControlTestCase.executeOperation(JobControlTestCase.java:278) > at org.jboss.as.test.integration.batch.deployment.JobControlTestCase.testStart(JobControlTestCase.java:94) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) > at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) > at org.jboss.arquillian.junit.Arquillian$8$1.invoke(Arquillian.java:374) > at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:145) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:116) > at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67) > at org.jboss.arquillian.container.test.impl.execution.ContainerTestExecuter.execute(ContainerTestExecuter.java:38) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81) > at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:145) > at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:136) > at org.jboss.arquillian.junit.Arquillian$8.evaluate(Arquillian.java:367) > at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:245) > at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:426) > at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:54) > at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:259) > at org.jboss.arquillian.junit.Arquillian$7$1.invoke(Arquillian.java:319) > at org.jboss.arquillian.container.test.impl.execution.BeforeLifecycleEventExecuter.on(BeforeLifecycleEventExecuter.java:35) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81) > at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:145) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:116) > at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.fireCustomLifecycle(EventTestRunnerAdaptor.java:159) > at org.jboss.arquillian.junit.Arquillian$7.evaluate(Arquillian.java:312) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) > at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) > at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) > at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:204) > at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:426) > at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:54) > at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:218) > at org.junit.runners.ParentRunner.run(ParentRunner.java:363) > at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:166) > at org.junit.runner.JUnitCore.run(JUnitCore.java:137) > at org.junit.runner.JUnitCore.run(JUnitCore.java:115) > at org.jboss.arquillian.junit.container.JUnitTestRunner.execute(JUnitTestRunner.java:66) > at org.jboss.arquillian.protocol.jmx.JMXTestRunner.doRunTestMethod(JMXTestRunner.java:180) > at org.jboss.as.arquillian.service.ArquillianService$ExtendedJMXTestRunner.doRunTestMethod(ArquillianService.java:200) > at org.jboss.arquillian.protocol.jmx.JMXTestRunner.runTestMethodInternal(JMXTestRunner.java:162) > at org.jboss.arquillian.protocol.jmx.JMXTestRunner.runTestMethod(JMXTestRunner.java:141) > at org.jboss.as.arquillian.service.ArquillianService$ExtendedJMXTestRunner.runTestMethod(ArquillianService.java:176) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:71) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:275) > at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:112) > at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:46) > at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:237) > at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:138) > at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:252) > at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) > at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) > at org.jboss.as.jmx.PluggableMBeanServerImpl$TcclMBeanServer.invoke(PluggableMBeanServerImpl.java:1475) > at org.jboss.as.jmx.PluggableMBeanServerImpl.invoke(PluggableMBeanServerImpl.java:724) > at org.jboss.as.jmx.BlockingNotificationMBeanServer.invoke(BlockingNotificationMBeanServer.java:168) > at org.jboss.as.jmx.AuthorizingMBeanServer.invoke(AuthorizingMBeanServer.java:258) > at org.jboss.remotingjmx.protocol.v2.ServerProxy$InvokeHandler.handle(ServerProxy.java:950) > at org.jboss.remotingjmx.protocol.v2.ServerCommon$MessageReciever$1$1.run(ServerCommon.java:153) > at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor$1.run(ServerInterceptorFactory.java:71) > at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor$1.run(ServerInterceptorFactory.java:66) > at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:287) > at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:244) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225) > at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor.handleEvent(ServerInterceptorFactory.java:66) > at org.jboss.remotingjmx.protocol.v2.ServerCommon$MessageReciever$1.run(ServerCommon.java:149) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9990. The connection failed > at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:126) > at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259) > at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70) > at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:162) > at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:146) > at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:60) > at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135) > at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147) > ... 148 more > Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: > JBOSS-LOCAL-USER: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jperkins/projects/jboss/wildfly/wildfly/testsuite/integration/basic/target/jbossas/standalone/tmp/auth/local2457028630597193860.challenge" "read")" in code source "(vfs:/content/test-batch.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-batch.war" from Service Module Loader") > DIGEST-MD5: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication > at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:400) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:571) > at ...asynchronous invocation...(Unknown Source) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:542) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:504) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:492) > at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:194) > at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:118) > ... 158 more > Suppressed: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jperkins/projects/jboss/wildfly/wildfly/testsuite/integration/basic/target/jbossas/standalone/tmp/auth/local2457028630597193860.challenge" "read")" in code source "(vfs:/content/test-batch.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-batch.war" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350) > at java.io.FileInputStream.<init>(FileInputStream.java:127) > at org.wildfly.security.sasl.localuser.LocalUserClient.evaluateMessage(LocalUserClient.java:93) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) > at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:59) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) > at java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:644) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:898) > ... 3 more > Suppressed: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:730) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:572) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:571) > {code} > The easy fix was something like https://github.com/wildfly-security/wildfly-elytron/commit/1a6505e97b88f3.... However I really don't think this is correct. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9208) LocalUserClient fails SASL authentication if a security manager is used

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFLY-9208?page=com.atlassian.jira.plugin.... ] Jan Kalina moved ELY-1317 to WFLY-9208: --------------------------------------- Project: WildFly (was: WildFly Elytron) Key: WFLY-9208 (was: ELY-1317) Component/s: Security (was: SASL) Fix Version/s: (was: 1.1.0.CR5) > LocalUserClient fails SASL authentication if a security manager is used > ----------------------------------------------------------------------- > > Key: WFLY-9208 > URL: https://issues.jboss.org/browse/WFLY-9208 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: James Perkins > Priority: Blocker > > I've set this as a blocker because I think it should at least be looked at. Any test in the WildFly testsuite run under Arquillian that uses an injected {{ManagementClient}} will have this issue. > I made an attempt to look at what the issue may be, but I wasn't quite sure what the correct fix is. It seemed like in some cases the {{PrivilegedSaslClient}} was being used, but in others the {{LocalUserClient}} was not wrapped resulting in a security exception. > Here's an example stack trace from a test ran with the security manager enabled: > {code} > Running org.jboss.as.test.integration.batch.deployment.JobControlTestCase > Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 58.979 sec <<< FAILURE! - in org.jboss.as.test.integration.batch.deployment.JobControlTestCase > testStart(org.jboss.as.test.integration.batch.deployment.JobControlTestCase) Time elapsed: 58.848 sec <<< ERROR! > java.io.IOException: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9990. The connection failed > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75) > at org.jboss.as.test.integration.batch.deployment.JobControlTestCase.executeOperation(JobControlTestCase.java:278) > at org.jboss.as.test.integration.batch.deployment.JobControlTestCase.testStart(JobControlTestCase.java:94) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) > at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) > at org.jboss.arquillian.junit.Arquillian$8$1.invoke(Arquillian.java:374) > at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:145) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:116) > at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67) > at org.jboss.arquillian.container.test.impl.execution.ContainerTestExecuter.execute(ContainerTestExecuter.java:38) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81) > at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:145) > at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:136) > at org.jboss.arquillian.junit.Arquillian$8.evaluate(Arquillian.java:367) > at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:245) > at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:426) > at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:54) > at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:259) > at org.jboss.arquillian.junit.Arquillian$7$1.invoke(Arquillian.java:319) > at org.jboss.arquillian.container.test.impl.execution.BeforeLifecycleEventExecuter.on(BeforeLifecycleEventExecuter.java:35) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81) > at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94) > at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:145) > at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:116) > at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.fireCustomLifecycle(EventTestRunnerAdaptor.java:159) > at org.jboss.arquillian.junit.Arquillian$7.evaluate(Arquillian.java:312) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) > at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) > at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) > at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:204) > at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:426) > at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:54) > at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:218) > at org.junit.runners.ParentRunner.run(ParentRunner.java:363) > at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:166) > at org.junit.runner.JUnitCore.run(JUnitCore.java:137) > at org.junit.runner.JUnitCore.run(JUnitCore.java:115) > at org.jboss.arquillian.junit.container.JUnitTestRunner.execute(JUnitTestRunner.java:66) > at org.jboss.arquillian.protocol.jmx.JMXTestRunner.doRunTestMethod(JMXTestRunner.java:180) > at org.jboss.as.arquillian.service.ArquillianService$ExtendedJMXTestRunner.doRunTestMethod(ArquillianService.java:200) > at org.jboss.arquillian.protocol.jmx.JMXTestRunner.runTestMethodInternal(JMXTestRunner.java:162) > at org.jboss.arquillian.protocol.jmx.JMXTestRunner.runTestMethod(JMXTestRunner.java:141) > at org.jboss.as.arquillian.service.ArquillianService$ExtendedJMXTestRunner.runTestMethod(ArquillianService.java:176) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:71) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:275) > at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:112) > at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:46) > at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:237) > at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:138) > at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:252) > at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) > at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) > at org.jboss.as.jmx.PluggableMBeanServerImpl$TcclMBeanServer.invoke(PluggableMBeanServerImpl.java:1475) > at org.jboss.as.jmx.PluggableMBeanServerImpl.invoke(PluggableMBeanServerImpl.java:724) > at org.jboss.as.jmx.BlockingNotificationMBeanServer.invoke(BlockingNotificationMBeanServer.java:168) > at org.jboss.as.jmx.AuthorizingMBeanServer.invoke(AuthorizingMBeanServer.java:258) > at org.jboss.remotingjmx.protocol.v2.ServerProxy$InvokeHandler.handle(ServerProxy.java:950) > at org.jboss.remotingjmx.protocol.v2.ServerCommon$MessageReciever$1$1.run(ServerCommon.java:153) > at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor$1.run(ServerInterceptorFactory.java:71) > at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor$1.run(ServerInterceptorFactory.java:66) > at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:287) > at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:244) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225) > at org.jboss.as.jmx.ServerInterceptorFactory$Interceptor.handleEvent(ServerInterceptorFactory.java:66) > at org.jboss.remotingjmx.protocol.v2.ServerCommon$MessageReciever$1.run(ServerCommon.java:149) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9990. The connection failed > at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:126) > at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259) > at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70) > at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:162) > at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:146) > at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:60) > at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135) > at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147) > ... 148 more > Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: > JBOSS-LOCAL-USER: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jperkins/projects/jboss/wildfly/wildfly/testsuite/integration/basic/target/jbossas/standalone/tmp/auth/local2457028630597193860.challenge" "read")" in code source "(vfs:/content/test-batch.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-batch.war" from Service Module Loader") > DIGEST-MD5: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication > at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:400) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:571) > at ...asynchronous invocation...(Unknown Source) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:542) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:504) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:492) > at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:194) > at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:118) > ... 158 more > Suppressed: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/jperkins/projects/jboss/wildfly/wildfly/testsuite/integration/basic/target/jbossas/standalone/tmp/auth/local2457028630597193860.challenge" "read")" in code source "(vfs:/content/test-batch.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.test-batch.war" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350) > at java.io.FileInputStream.<init>(FileInputStream.java:127) > at org.wildfly.security.sasl.localuser.LocalUserClient.evaluateMessage(LocalUserClient.java:93) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) > at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:59) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) > at java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:644) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:898) > ... 3 more > Suppressed: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:730) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:572) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:571) > {code} > The easy fix was something like https://github.com/wildfly-security/wildfly-elytron/commit/1a6505e97b88f3.... However I really don't think this is correct. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2017