August 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (JBJCA-1347) NullPointerException in SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:441

by Stefano Maestri (JIRA)

[ https://issues.jboss.org/browse/JBJCA-1347?page=com.atlassian.jira.plugin... ] Stefano Maestri reassigned JBJCA-1347: -------------------------------------- Assignee: Flavia Rainone (was: Stefano Maestri) > NullPointerException in SemaphoreConcurrentLinkedDequeManagedConnectionPool.java:441 > ------------------------------------------------------------------------------------ > > Key: JBJCA-1347 > URL: https://issues.jboss.org/browse/JBJCA-1347 > Project: IronJacamar > Issue Type: Bug > Affects Versions: WildFly/IronJacamar 1.3.2.Final > Environment: CentOS 6 > Wildfly 10.0.0.Final (Iron Jacamar 1.3.2.Final) > PostgreSQL Server 9.5.5 > PostgreSQL JDBC driver 9.4.1208 and tried with 42.0.0 > Oracle Java version "1.8.0_112" > Java(TM) SE Runtime Environment (build 1.8.0_112-b15) > Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode) > Reporter: Brett Delle Grazie > Assignee: Flavia Rainone > > Using a PostgreSQL XA datasource with statistics enabled we get a NullPointerException if the connection fails temporarily. > With JDBC driver 9.4.1208 Wildfly never reconnects to the PostgreSQL server with the next request and Wildfly must be restarted. With JDBC driver 42.0.0 it does reconnect on next request. > If statistics are disabled, the NPE does not occur and both drivers reconnect on the next request as expected. > Specific location of NPE: > https://github.com/ironjacamar/ironjacamar/blob/ironjacamar-1.3.2.Final/c... > Note there is similar code on line 461 of the same class (in the exception handler) > Example configuration follows > With a PostgreSQL datasource configured in Wildfly as: > {code:xml} > <xa-datasource jndi-name="java:/DS.people" pool-name="DS.people" enabled="true" spy="true" statistics-enabled="true" use-java-context="true" use-ccm="true"> > <driver>postgresql</driver> > <xa-datasource-property name="ServerName">localhost</xa-datasource-property> > <xa-datasource-property name="PortNumber">5432</xa-datasource-property> > <xa-datasource-property name="DatabaseName">peopleviewstore</xa-datasource-property> > <xa-datasource-property name="ApplicationName">people</xa-datasource-property> > <xa-datasource-property name="assumeMinServerVersion">9.5</xa-datasource-property> > <xa-datasource-property name="connectTimeout">10</xa-datasource-property> > <xa-datasource-property name="currentSchema">public</xa-datasource-property> > <xa-datasource-property name="hostRecheckSeconds">10</xa-datasource-property> > <xa-datasource-property name="loginTimeout">10</xa-datasource-property> > <xa-datasource-property name="logUnclosedConnections">true</xa-datasource-property> > <xa-datasource-property name="socketTimeout">30</xa-datasource-property> > <xa-datasource-property name="targetServerType">master</xa-datasource-property> > <xa-datasource-property name="tcpKeepAlive">true</xa-datasource-property> > <xa-pool> > <min-pool-size>0</min-pool-size> > <initial-pool-size>0</initial-pool-size> > <max-pool-size>10</max-pool-size> > <allow-multiple-users>false</allow-multiple-users> > </xa-pool> > <timeout> > <xa-resource-timeout>0</xa-resource-timeout> > </timeout> > <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> > <statement> > <track-statements>true</track-statements> > </statement> > <security> > <user-name></user-name> > <password></password> > </security> > <validation> > <validate-on-match>true</validate-on-match> > <use-fast-fail>true</use-fast-fail> > <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter"/> > <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker"/> > </validation> > </xa-datasource> > {code} > And corresponding driver configuration: > {code:xml} > <driver name="postgresql" module="org.postgresql"> > <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class> > </driver> > {code} > we have deployed the JDBC driver as a module, module.xml looks like: > {code:xml} > <?xml version="1.0" ?> > <module xmlns="urn:jboss:module:1.3" name="org.postgresql" slot="main"> > <resources> > <resource-root path="postgresql-42.0.0.jar"/> > </resources> > <dependencies> > <module name="javax.api"/> > <module name="javax.transaction.api"/> > </dependencies> > </module> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (JBJCA-1309) Query timeout (set-tx-query-timeout) not applied within last second before transaction timeout

by Stefano Maestri (JIRA)

[ https://issues.jboss.org/browse/JBJCA-1309?page=com.atlassian.jira.plugin... ] Stefano Maestri reassigned JBJCA-1309: -------------------------------------- Assignee: Flavia Rainone (was: Jesper Pedersen) > Query timeout (set-tx-query-timeout) not applied within last second before transaction timeout > ---------------------------------------------------------------------------------------------- > > Key: JBJCA-1309 > URL: https://issues.jboss.org/browse/JBJCA-1309 > Project: IronJacamar > Issue Type: Bug > Components: JDBC > Affects Versions: 1.2.6.Final > Reporter: Piotr Findeisen > Assignee: Flavia Rainone > > When using {{<set-tx-query-timeout>true</set-tx-query-timeout}}, the query timeout is applied, unless less than 1 second remains until transaction timeout. > This is due to a typo in code converting transaction timeout (millis) into jdbc timeout (seconds). > Widlfy 9.0.2 uses IronJacama 1.2.5, so here's the code (https://github.com/ironjacamar/ironjacamar/blob/ironjacamar-1.2.5.Final/a...): > {code} > long result = timeout / 1000; > if ((result % 1000) != 0) // <------ the `timeout % 1000` was supposed to be > ++result; > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9185) NestedRemoteContextTestCase fails with security manager

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFLY-9185?page=com.atlassian.jira.plugin.... ] Hynek Švábek moved JBEAP-12555 to WFLY-9185: -------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-9185 (was: JBEAP-12555) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Test Suite (was: Test Suite) Affects Version/s: (was: 7.1.0.ER3) > NestedRemoteContextTestCase fails with security manager > ------------------------------------------------------- > > Key: WFLY-9185 > URL: https://issues.jboss.org/browse/WFLY-9185 > Project: WildFly > Issue Type: Bug > Components: Test Suite > Reporter: Hynek Švábek > Assignee: Tomaz Cerar > Labels: security-manager > > NestedRemoteContextTestCase fails with security manager > {code} > Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: > JBOSS-LOCAL-USER: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/hsvabek/securityworkspace/VERIFICATION/2017_08_02_BEAP-7584/jboss-eap-7.1.0.ER3-src/testsuite/integration/basic/target/jbossas/standalone/tmp/auth/local8043870012544300330.challenge" "read")" in code source "(vfs:/content/ejb.ear/web.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ejb.ear.web.war" from Service Module Loader") > at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:440) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242) > at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) > at org.xnio.nio.WorkerThread.run(WorkerThread.java:571) > at ...asynchronous invocation...(Unknown Source) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:542) > at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:508) > at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:83) > at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:56) > at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:459) > at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:405) > at org.wildfly.naming.client.remote.SingleRemoteNamingProvider.lambda$new$0(SingleRemoteNamingProvider.java:82) > at java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.naming.client.remote.SingleRemoteNamingProvider.getFuturePeerIdentity(SingleRemoteNamingProvider.java:117) > at org.wildfly.naming.client.remote.SingleRemoteNamingProvider.getPeerIdentity(SingleRemoteNamingProvider.java:106) > at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:65) > ... 51 more > Suppressed: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/hsvabek/securityworkspace/VERIFICATION/2017_08_02_BEAP-7584/jboss-eap-7.1.0.ER3-src/testsuite/integration/basic/target/jbossas/standalone/tmp/auth/local8043870012544300330.challenge" "read")" in code source "(vfs:/content/ejb.ear/web.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ejb.ear.web.war" from Service Module Loader") > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at java.lang.SecurityManager.checkRead(SecurityManager.java:888) > at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350) > at java.io.FileInputStream.<init>(FileInputStream.java:127) > at org.wildfly.security.sasl.localuser.LocalUserClient.evaluateMessage(LocalUserClient.java:93) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) > at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:59) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) > at java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:644) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:898) > ... 3 more > ... > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9184) MultipleClientRemoteJndiTestCase fails with security manager

by Hynek Švábek (JIRA)

Hynek Švábek created WFLY-9184: ---------------------------------- Summary: MultipleClientRemoteJndiTestCase fails with security manager Key: WFLY-9184 URL: https://issues.jboss.org/browse/WFLY-9184 Project: WildFly Issue Type: Bug Components: Test Suite Reporter: Hynek Švábek {code} Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: JBOSS-LOCAL-USER: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/hsvabek/securityworkspace/VERIFICATION/2017_08_02_BEAP-7584/jboss-eap-7.1.0.ER3-src/testsuite/integration/basic/target/jbossas/standalone/tmp/auth/local4252553253196379397.challenge" "read")" in code source "(vfs:/content/one.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.one.war" from Service Module Loader") at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:440) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) at org.xnio.nio.WorkerThread.run(WorkerThread.java:571) at ...asynchronous invocation...(Unknown Source) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:542) at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:508) at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:83) at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:56) at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:459) at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:405) at org.wildfly.naming.client.remote.SingleRemoteNamingProvider.lambda$new$0(SingleRemoteNamingProvider.java:82) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.naming.client.remote.SingleRemoteNamingProvider.getFuturePeerIdentity(SingleRemoteNamingProvider.java:117) at org.wildfly.naming.client.remote.SingleRemoteNamingProvider.getPeerIdentity(SingleRemoteNamingProvider.java:106) at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:65) ... 52 more Suppressed: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/hsvabek/securityworkspace/VERIFICATION/2017_08_02_BEAP-7584/jboss-eap-7.1.0.ER3-src/testsuite/integration/basic/target/jbossas/standalone/tmp/auth/local4252553253196379397.challenge" "read")" in code source "(vfs:/content/one.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.one.war" from Service Module Loader") at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:278) at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:350) at java.io.FileInputStream.<init>(FileInputStream.java:127) at org.wildfly.security.sasl.localuser.LocalUserClient.evaluateMessage(LocalUserClient.java:93) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:59) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:644) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:898) ... 3 more {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9183) Upgrade HAL to 2.9.13.Final

by Harald Pehl (JIRA)

[ https://issues.jboss.org/browse/WFLY-9183?page=com.atlassian.jira.plugin.... ] Harald Pehl updated WFLY-9183: ------------------------------ Fix Version/s: 11.0.0.CR1 (was: 11.0.0.Beta1) > Upgrade HAL to 2.9.13.Final > --------------------------- > > Key: WFLY-9183 > URL: https://issues.jboss.org/browse/WFLY-9183 > Project: WildFly > Issue Type: Component Upgrade > Components: Web Console > Reporter: Harald Pehl > Assignee: Harald Pehl > Fix For: 11.0.0.CR1 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9183) Upgrade HAL to 2.9.13.Final

by Harald Pehl (JIRA)

Harald Pehl created WFLY-9183: --------------------------------- Summary: Upgrade HAL to 2.9.13.Final Key: WFLY-9183 URL: https://issues.jboss.org/browse/WFLY-9183 Project: WildFly Issue Type: Component Upgrade Components: Web Console Reporter: Harald Pehl Assignee: Harald Pehl Fix For: 11.0.0.Beta1 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9182) ConcurrentModificationException during deployment

by Martin Kouba (JIRA)

[ https://issues.jboss.org/browse/WFLY-9182?page=com.atlassian.jira.plugin.... ] Martin Kouba moved JBEAP-12548 to WFLY-9182: -------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-9182 (was: JBEAP-12548) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: CDI / Weld (was: CDI / Weld) Affects Version/s: (was: 7.1.0.ER3) > ConcurrentModificationException during deployment > ------------------------------------------------- > > Key: WFLY-9182 > URL: https://issues.jboss.org/browse/WFLY-9182 > Project: WildFly > Issue Type: Bug > Components: CDI / Weld > Environment: RHEL6 x86_64 > IBM JDK 8 SR4 FP6 > Reporter: Martin Kouba > Assignee: Martin Kouba > > During our automated testing, this issue occured: > {code:java} > 20:29:41,817 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./contextRoot.UndertowDeploymentInfoService: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./contextRoot.UndertowDeploymentInfoService: Failed to start service > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) > at java.lang.Thread.run(Thread.java:785) > Caused by: java.util.ConcurrentModificationException > at java.util.HashMap$HashIterator.nextNode(HashMap.java:1448) > at java.util.HashMap$KeyIterator.next(HashMap.java:1472) > at org.jboss.weld.util.collections.Iterators$TransformingIterator.next(Iterators.java:142) > at org.jboss.weld.util.collections.Iterators$TransformingIterator.next(Iterators.java:142) > at org.jboss.weld.util.collections.Iterators$CombinedIterator.hasNext(Iterators.java:95) > at org.jboss.weld.util.collections.Iterators$CombinedIterator.hasNext(Iterators.java:94) > at org.jboss.weld.resolution.AbstractTypeSafeBeanResolver$1.computeValue(AbstractTypeSafeBeanResolver.java:151) > at org.jboss.weld.resolution.AbstractTypeSafeBeanResolver$1.computeValue(AbstractTypeSafeBeanResolver.java:146) > at org.jboss.weld.util.LazyValueHolder.get(LazyValueHolder.java:49) > at org.jboss.weld.resolution.AbstractTypeSafeBeanResolver.getBeans(AbstractTypeSafeBeanResolver.java:238) > at org.jboss.weld.resolution.AbstractTypeSafeBeanResolver.getAllBeans(AbstractTypeSafeBeanResolver.java:217) > at org.jboss.weld.resolution.TypeSafeResolver.findMatching(TypeSafeResolver.java:102) > at org.jboss.weld.resolution.TypeSafeResolver.access$000(TypeSafeResolver.java:41) > at org.jboss.weld.resolution.TypeSafeResolver$ResolvableToBeanCollection.apply(TypeSafeResolver.java:52) > at org.jboss.weld.resolution.TypeSafeResolver$ResolvableToBeanCollection.apply(TypeSafeResolver.java:43) > at org.jboss.weld.util.cache.ReentrantMapBackedComputingCache$1.apply(ReentrantMapBackedComputingCache.java:55) > at org.jboss.weld.util.cache.ReentrantMapBackedComputingCache$1.apply(ReentrantMapBackedComputingCache.java:51) > at org.jboss.weld.util.cache.ReentrantMapBackedComputingCache.getValue(ReentrantMapBackedComputingCache.java:64) > at org.jboss.weld.resolution.TypeSafeResolver.resolve(TypeSafeResolver.java:88) > at org.jboss.weld.manager.BeanManagerImpl.getBeans(BeanManagerImpl.java:557) > at org.jboss.as.weld.deployment.WeldClassIntrospector.getInjectionTarget(WeldClassIntrospector.java:77) > at org.jboss.as.weld.deployment.WeldClassIntrospector.createFactory(WeldClassIntrospector.java:57) > at org.jboss.as.ee.component.ComponentRegistry.createInstanceFactory(ComponentRegistry.java:76) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService.createServletConfig(UndertowDeploymentInfoService.java:726) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService.start(UndertowDeploymentInfoService.java:273) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) > ... 3 more > {code} > I wasn't able to reproduce it again yet. The issue occured only once on RHEL6 x86_64 with IBM JDK 8 SR4 FP6. > The scenario was to deploy EJB jar via Arquillian and do some testing. But deployment failed with above exception. Check full log and deployment jar in attachment. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9181) ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI

by shailendra singh (JIRA)

[ https://issues.jboss.org/browse/WFLY-9181?page=com.atlassian.jira.plugin.... ] shailendra singh commented on WFLY-9181: ---------------------------------------- Possible fix :- > ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI > ------------------------------------------------------------------------------- > > Key: WFLY-9181 > URL: https://issues.jboss.org/browse/WFLY-9181 > Project: WildFly > Issue Type: Bug > Components: CLI > Affects Versions: 11.0.0.Beta1 > Reporter: shailendra singh > Assignee: shailendra singh > > ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI > Like:- > 'Monitor' roles have permissions to remove messages from the queue. > {code:java} > [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove-messages() > { > "outcome" => "success", > "result" => 14 > } > [standalone@localhost:9990 /] > {code} > So even a read-only role ('Monitor') has access to :remove-messages. To show RBAC is enforced for other CLI operations: > {code:java} > [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove() > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0313: Unauthorized to execute operation 'remove' for resource '[ > (\"subsystem\" => \"messaging-activemq\"), > (\"server\" => \"default\"), > (\"jms-queue\" => \"DLQ\") > ]' -- \"WFLYCTL0332: Permission denied\"", > "rolled-back" => true > } > [standalone@localhost:9990 /] > {code} > Expectation:- > The permissions between the monitoring console (GUI) and the CLI should be in sync for flushing a JMS queue. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9181) ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI

by shailendra singh (JIRA)

[ https://issues.jboss.org/browse/WFLY-9181?page=com.atlassian.jira.plugin.... ] shailendra singh edited comment on WFLY-9181 at 8/4/17 2:26 AM: ---------------------------------------------------------------- Possible fix :- https://github.com/wildfly/wildfly/pull/10397 was (Author: rhn-support-shsingh): Possible fix :- > ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI > ------------------------------------------------------------------------------- > > Key: WFLY-9181 > URL: https://issues.jboss.org/browse/WFLY-9181 > Project: WildFly > Issue Type: Bug > Components: CLI > Affects Versions: 11.0.0.Beta1 > Reporter: shailendra singh > Assignee: shailendra singh > > ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI > Like:- > 'Monitor' roles have permissions to remove messages from the queue. > {code:java} > [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove-messages() > { > "outcome" => "success", > "result" => 14 > } > [standalone@localhost:9990 /] > {code} > So even a read-only role ('Monitor') has access to :remove-messages. To show RBAC is enforced for other CLI operations: > {code:java} > [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove() > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0313: Unauthorized to execute operation 'remove' for resource '[ > (\"subsystem\" => \"messaging-activemq\"), > (\"server\" => \"default\"), > (\"jms-queue\" => \"DLQ\") > ]' -- \"WFLYCTL0332: Permission denied\"", > "rolled-back" => true > } > [standalone@localhost:9990 /] > {code} > Expectation:- > The permissions between the monitoring console (GUI) and the CLI should be in sync for flushing a JMS queue. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9181) ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI

by shailendra singh (JIRA)

shailendra singh created WFLY-9181: -------------------------------------- Summary: ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI Key: WFLY-9181 URL: https://issues.jboss.org/browse/WFLY-9181 Project: WildFly Issue Type: Bug Components: CLI Affects Versions: 11.0.0.Beta1 Reporter: shailendra singh Assignee: shailendra singh ReadOnly user able to perform runtimeOnlly operations on JMS queues thorugh CLI Like:- 'Monitor' roles have permissions to remove messages from the queue. {code:java} [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove-messages() { "outcome" => "success", "result" => 14 } [standalone@localhost:9990 /] {code} So even a read-only role ('Monitor') has access to :remove-messages. To show RBAC is enforced for other CLI operations: {code:java} [standalone@localhost:9990 /] /subsystem=messaging-activemq/server=default/jms-queue=DLQ:remove() { "outcome" => "failed", "failure-description" => "WFLYCTL0313: Unauthorized to execute operation 'remove' for resource '[ (\"subsystem\" => \"messaging-activemq\"), (\"server\" => \"default\"), (\"jms-queue\" => \"DLQ\") ]' -- \"WFLYCTL0332: Permission denied\"", "rolled-back" => true } [standalone@localhost:9990 /] {code} Expectation:- The permissions between the monitoring console (GUI) and the CLI should be in sync for flushing a JMS queue. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 10 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2017