[JBoss JIRA] (WFLY-11123) Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions
by Marco Del Percio (Jira)
Marco Del Percio created WFLY-11123:
---------------------------------------
Summary: Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions
Key: WFLY-11123
URL: https://issues.jboss.org/browse/WFLY-11123
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 14.0.1.Final
Environment: Windows 7 x64. Java 11: OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11+28-201810022317, mixed mode)
Reporter: Marco Del Percio
Assignee: Darran Lofthouse
After configuring HTTPS using the following guide: [Enable One-way SSL/TLS for Applications|http://docs.wildfly.org/14/WildFly_Elytron_Security.html#con...], configuration seems ok and server boots fine however an illegal reflective access warning comes up from jar within Elytron:
{color:red}
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions (jar:file:/D:/wildfly-14.0.1.Final_FleetManager/modules/system/layers/base/org/wildfly/extension/elytron/main/wildfly-elytron-integration-6.0.2.Final.jar!/) to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()
WARNING: Please consider reporting this to the maintainers of org.wildfly.extension.elytron.SSLDefinitions
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
{color}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 7 months
[JBoss JIRA] (ELY-1690) JDK11 unknow cipher suites
by Martin Choma (Jira)
Martin Choma created ELY-1690:
---------------------------------
Summary: JDK11 unknow cipher suites
Key: ELY-1690
URL: https://issues.jboss.org/browse/ELY-1690
Project: WildFly Elytron
Issue Type: Bug
Components: SSL
Affects Versions: 1.7.0.CR2
Reporter: Martin Choma
I have compared jdk supported ciphersuites with Elytron Mechanism Database. Here are cipher suites which does not match:
* TLS_AES_128_GCM_SHA256
* TLS_AES_256_GCM_SHA384
* TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Especially first two seems important as are mentioned in TLS 1.3 rfc [1]
[1] https://tools.ietf.org/html/draft-ietf-tls-tls13-28
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 7 months
[JBoss JIRA] (DROOLS-3080) SpreadsheetCompiler generates wrong LHS order
by Mario Fusco (Jira)
[ https://issues.jboss.org/browse/DROOLS-3080?page=com.atlassian.jira.plugi... ]
Mario Fusco updated DROOLS-3080:
--------------------------------
Sprint: 2018 Week 39-41
> SpreadsheetCompiler generates wrong LHS order
> ---------------------------------------------
>
> Key: DROOLS-3080
> URL: https://issues.jboss.org/browse/DROOLS-3080
> Project: Drools
> Issue Type: Bug
> Components: core engine
> Affects Versions: 7.12.0.Final
> Reporter: Toshiya Kobayashi
> Assignee: Mario Fusco
> Priority: Major
> Labels: support
> Attachments: LhsOrder.xls
>
>
> When a Spreadsheet (xls) has CONDITION columns like:
> - The first column doesn't have Fact (e.g. accumulate(...))
> - The second column has Fact (e.g. $p:Person(...))
> (See attached LhsOrder.xls)
> , SpreadsheetCompiler generates a DRL with inverse order in LHS.
> {noformat}
> rule "LhsOrder_11"
> when
> $p:Person(name == "John", age == $max)
> accumulate(Person(name == "John", $a : age); $max:max($a))
> then
> System.out.println("hello, " + $p.getName());
> end
> {noformat}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 7 months
[JBoss JIRA] (WFCORE-4152) HC cannot connect to DC after lost connect with error "WFLYCTL0332: Permission denied\"
by Yeray Borges (Jira)
[ https://issues.jboss.org/browse/WFCORE-4152?page=com.atlassian.jira.plugi... ]
Yeray Borges updated WFCORE-4152:
---------------------------------
Steps to Reproduce:
What we need to reproduce the issue is a domain mode environment with a master and slave where the slave is using an RBAC user for its authentication. We have to have a reconnection with a model out of sync, that can be achieved setting the DC in admin-only mode, executing a management operation that affects to the HC or the Servers, bringing back the DC. The HC is unable to connect in that scenario.
# Create a management user which will be used for DC / HC authentication
./bin/add-user.sh -u admin -p admin -ds
# Edit host-slave.xml and :
#* Replace the existing secret the for ManagementRealm security with the one generated for the user admin
#* Add the attribute username="admin" in the domain-controller/remote endpoint
# Start the DC: bin/domain.sh --host-config=host-master.xml
# Start the HC: bin/domain.sh --host-config=host-slave.xml -Djboss.domain.master.address=127.0.0.1 -Djboss.management.native.port=19999 -Djboss.domain.base.dir=slave
# Enable RBAC for the user 'admin':
{noformat}
/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
/core-service=management/access=authorization/role-mapping=SuperUser/include=ManagementRealm:add(name=admin,type=USER)
{noformat}
# Remove the local authentication:
{noformat}
/host=master/core-service=management/security-realm=ManagementRealm/authentication=local:remove
/host=slave/core-service=management/security-realm=ManagementRealm/authentication=local:remove
{noformat}
# Restart HC and DC
# Reload the DC in admin-only mode
{noformat}
reload --host=master --admin-only
{noformat}
# Change the domain model, for example modifying the jvm configuration used in a server group
{noformat}
/server-group=main-server-group/jvm=default:write-attribute(name=heap-size, value=500m)
{noformat}
# Reload the DC
{noformat}
reload --host=master --admin-only
{noformat}
These messages are shown in the DC:
{noformat}
[Host Controller] 13:07:17,931 INFO [org.jboss.as.protocol] (management I/O-2) WFLYPRT0057: cancelled task by interrupting thread Thread[Host Controller Service Threads - 13,5,Host Controller Service Threads]
{noformat}
These messages are shown in the HC:
{noformat}
13:21:05,009 ERROR [org.jboss.as.host.controller] (Host Controller Service Threads - 9) WFLYHC0143: Failed to apply domain-wide configuration from master host controller. Operation outcome: failed. Failure description "WFLYCTL0313: Unauthorized to execute operation 'server-set-restart-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
13:21:05,012 WARN [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0146: Could not discover master using discovery option StaticDiscovery{protocol=remote,host=127.0.0.1,port=9999}. Error was: 1-$-
13:21:05,012 WARN [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0147: No domain controller discovery options remain.
13:21:06,015 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0150: Trying to reconnect to master host controller.
{noformat}
These messages in the server-one:
{noformat}
13:21:04,829 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 67) WFLYCTL0013: Operation ("server-set-reload-required") failed - address: ([]) - failure description: "WFLYCTL0313: Unauthorized to execute operation 'server-set-reload-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
13:21:05,006 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 67) WFLYCTL0013: Operation ("server-set-restart-required") failed - address: ([]) - failure description: "WFLYCTL0313: Unauthorized to execute operation 'server-set-restart-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
{noformat}
was:
What we need to reproduce the issue is a domain mode environment with a master and slave where the slave is using an RBAC user for its authentication. We have to have a reconnection with a model out of sync, that can be archieved putting the DC in
# Create a management user which will be used for DC / HC authentication
./bin/add-user.sh -u admin -p admin -g management -ds
# Edit host-slave.xml and :
#* Replace the existing secret the for ManagementRealm security with the one generated for the user admin
#* Add the attribute username="admin" in the domain-controller/remote endpoint
# Start the DC: bin/domain.sh --host-config=host-master.xml
# Start the HC: bin/domain.sh --host-config=host-slave.xml -Djboss.domain.master.address=127.0.0.1 -Djboss.management.native.port=19999 -Djboss.domain.base.dir=slave
# Enable RBAC for the user 'admin':
{noformat}
/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
/core-service=management/access=authorization/role-mapping=SuperUser/include=ManagementRealm:add(name=admin,type=USER)
{noformat}
# Restart HC
# This step is not required if you are using a different machine for DC and HC. In a single, it allow us to to force the uses of EXTENAL authentication mchanism instead of JBOSS-LOCAL-AUTH. Configure SSL for the Management interface.
# Restart DC and HC
# Force a disconnection of the HC stopping the process
{noformat}
ps -fea | grep 'host-slave' | grep 'Host Controller' | awk '{print $2}' | xargs kill -STOP
{noformat}
# After some seconds this error is displayed in th DC log:
{noformat}
[Host Controller] 13:04:53,840 WARN [org.jboss.as.domain.controller] (management task-6) WFLYHC0030: Connection to remote host "slave" closed unexpectedly
{noformat}
# Change the domain model, for example modifying the jvm configuration used in a server group
{noformat}
/server-group=main-server-group/jvm=default:write-attribute(name=heap-size, value=500m)
{noformat}
# Send the continue signal to the HC process
{noformat}
ps -fea | grep 'host-slave' | grep 'Host Controller' | awk '{print $2}' | xargs kill -CONT
{noformat}
These messages are shown in the DC:
{noformat}
[Host Controller] 13:07:17,931 INFO [org.jboss.as.protocol] (management I/O-2) WFLYPRT0057: cancelled task by interrupting thread Thread[Host Controller Service Threads - 13,5,Host Controller Service Threads]
{noformat}
These messages are shown in the HC:
{noformat}
13:21:05,009 ERROR [org.jboss.as.host.controller] (Host Controller Service Threads - 9) WFLYHC0143: Failed to apply domain-wide configuration from master host controller. Operation outcome: failed. Failure description "WFLYCTL0313: Unauthorized to execute operation 'server-set-restart-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
13:21:05,012 WARN [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0146: Could not discover master using discovery option StaticDiscovery{protocol=remote,host=127.0.0.1,port=9999}. Error was: 1-$-
13:21:05,012 WARN [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0147: No domain controller discovery options remain.
13:21:06,015 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0150: Trying to reconnect to master host controller.
{noformat}
These messages in the server-one:
{noformat}
13:21:04,829 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 67) WFLYCTL0013: Operation ("server-set-reload-required") failed - address: ([]) - failure description: "WFLYCTL0313: Unauthorized to execute operation 'server-set-reload-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
13:21:05,006 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 67) WFLYCTL0013: Operation ("server-set-restart-required") failed - address: ([]) - failure description: "WFLYCTL0313: Unauthorized to execute operation 'server-set-restart-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
{noformat}
*Note about reproduced steps in wildfly-core*
The previous steps are valid to reproduce the issue if the HC connects to DC using remote protocol. In newer versions, we use by default remote+http for such connection, and it is more difficult to reproduce the bug using an HC process halt. To reproduce with the same steps, we should use remote protocol or we can simulate a DC and HC models out of sync, for example, we can stop the DC, change manually the heap size of the default JVM in a server-group and start the DC again. When the HC tries to reconnect, it will try to sync the domain model, and the issue will be reproduced.
> HC cannot connect to DC after lost connect with error "WFLYCTL0332: Permission denied\"
> ---------------------------------------------------------------------------------------
>
> Key: WFCORE-4152
> URL: https://issues.jboss.org/browse/WFCORE-4152
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Environment: -- EAP 7.1.2 Domain mode
> Reporter: Yeray Borges
> Assignee: Yeray Borges
> Priority: Major
>
> Customer has domain mode, they have the following enabled
> - RBAC
> - Management realm with ssl and ldap
> When HC is disconnected from the DC due to bad GC performance, it then cannot connect to the DC with the following errors
> 2018-08-15 04:30:19,035 WARN [org.jboss.as.host.controller] (management task-3) WFLYHC0015: Connection to remote host-controller closed. Trying to reconnect.
> 2018-08-15 04:30:19,036 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 149) WFLYHC0150: Trying to reconnect to master host controller.
> 2018-08-15 04:30:21,006 ERROR [org.jboss.as.host.controller] (Host Controller Service Threads - 151) WFLYHC0143: Failed to apply domain-wide configuration from master host controller. Operation outcome: failed. Failure description "WFLYCTL0313: Unauthorized to execute operation 'server-set-reload-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
> due to this , We are not able to restart any JVMs in this domain. The only way we could recover was to restart all DC/HC & JVMs. I have collected the logs and config files for DC/HC/JVM and I am uploading it to the case. Please review and let us know what is the root cause of this issue and what can be done to prevent it.
> There is a management operation is requires reload in the log.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 7 months
[JBoss JIRA] (WFCORE-4152) HC cannot connect to DC after lost connect with error "WFLYCTL0332: Permission denied\"
by Yeray Borges (Jira)
[ https://issues.jboss.org/browse/WFCORE-4152?page=com.atlassian.jira.plugi... ]
Yeray Borges updated WFCORE-4152:
---------------------------------
Steps to Reproduce:
What we need to reproduce the issue is a domain mode environment with a master and slave where the slave is using an RBAC user for its authentication. We have to have a reconnection with a model out of sync, that can be archieved putting the DC in
# Create a management user which will be used for DC / HC authentication
./bin/add-user.sh -u admin -p admin -g management -ds
# Edit host-slave.xml and :
#* Replace the existing secret the for ManagementRealm security with the one generated for the user admin
#* Add the attribute username="admin" in the domain-controller/remote endpoint
# Start the DC: bin/domain.sh --host-config=host-master.xml
# Start the HC: bin/domain.sh --host-config=host-slave.xml -Djboss.domain.master.address=127.0.0.1 -Djboss.management.native.port=19999 -Djboss.domain.base.dir=slave
# Enable RBAC for the user 'admin':
{noformat}
/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
/core-service=management/access=authorization/role-mapping=SuperUser/include=ManagementRealm:add(name=admin,type=USER)
{noformat}
# Restart HC
# This step is not required if you are using a different machine for DC and HC. In a single, it allow us to to force the uses of EXTENAL authentication mchanism instead of JBOSS-LOCAL-AUTH. Configure SSL for the Management interface.
# Restart DC and HC
# Force a disconnection of the HC stopping the process
{noformat}
ps -fea | grep 'host-slave' | grep 'Host Controller' | awk '{print $2}' | xargs kill -STOP
{noformat}
# After some seconds this error is displayed in th DC log:
{noformat}
[Host Controller] 13:04:53,840 WARN [org.jboss.as.domain.controller] (management task-6) WFLYHC0030: Connection to remote host "slave" closed unexpectedly
{noformat}
# Change the domain model, for example modifying the jvm configuration used in a server group
{noformat}
/server-group=main-server-group/jvm=default:write-attribute(name=heap-size, value=500m)
{noformat}
# Send the continue signal to the HC process
{noformat}
ps -fea | grep 'host-slave' | grep 'Host Controller' | awk '{print $2}' | xargs kill -CONT
{noformat}
These messages are shown in the DC:
{noformat}
[Host Controller] 13:07:17,931 INFO [org.jboss.as.protocol] (management I/O-2) WFLYPRT0057: cancelled task by interrupting thread Thread[Host Controller Service Threads - 13,5,Host Controller Service Threads]
{noformat}
These messages are shown in the HC:
{noformat}
13:21:05,009 ERROR [org.jboss.as.host.controller] (Host Controller Service Threads - 9) WFLYHC0143: Failed to apply domain-wide configuration from master host controller. Operation outcome: failed. Failure description "WFLYCTL0313: Unauthorized to execute operation 'server-set-restart-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
13:21:05,012 WARN [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0146: Could not discover master using discovery option StaticDiscovery{protocol=remote,host=127.0.0.1,port=9999}. Error was: 1-$-
13:21:05,012 WARN [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0147: No domain controller discovery options remain.
13:21:06,015 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0150: Trying to reconnect to master host controller.
{noformat}
These messages in the server-one:
{noformat}
13:21:04,829 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 67) WFLYCTL0013: Operation ("server-set-reload-required") failed - address: ([]) - failure description: "WFLYCTL0313: Unauthorized to execute operation 'server-set-reload-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
13:21:05,006 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 67) WFLYCTL0013: Operation ("server-set-restart-required") failed - address: ([]) - failure description: "WFLYCTL0313: Unauthorized to execute operation 'server-set-restart-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
{noformat}
*Note about reproduced steps in wildfly-core*
The previous steps are valid to reproduce the issue if the HC connects to DC using remote protocol. In newer versions, we use by default remote+http for such connection, and it is more difficult to reproduce the bug using an HC process halt. To reproduce with the same steps, we should use remote protocol or we can simulate a DC and HC models out of sync, for example, we can stop the DC, change manually the heap size of the default JVM in a server-group and start the DC again. When the HC tries to reconnect, it will try to sync the domain model, and the issue will be reproduced.
was:
Attached to the issue there are domain and slave configurations that can be used to reproduce. Steps are described here:
# Create a management user which will be used for DC / HC authentication
./bin/add-user.sh -u admin -p admin -g management -ds
# Edit host-slave.xml and :
#* Replace the existing secret the for ManagementRealm security with the one generated for the user admin
#* Add the attribute username="admin" in the domain-controller/remote endpoint
# Start the DC: bin/domain.sh --host-config=host-master.xml
# Start the HC: bin/domain.sh --host-config=host-slave.xml -Djboss.domain.master.address=127.0.0.1 -Djboss.management.native.port=19999 -Djboss.domain.base.dir=slave
# Enable RBAC for the user 'admin':
{noformat}
/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
/core-service=management/access=authorization/role-mapping=SuperUser/include=ManagementRealm:add(name=admin,type=USER)
{noformat}
# Restart HC
# This step is not required if you are using a different machine for DC and HC. In a single, it allow us to to force the uses of EXTENAL authentication mchanism instead of JBOSS-LOCAL-AUTH. Configure SSL for the Management interface.
# Restart DC and HC
# Force a disconnection of the HC stopping the process
{noformat}
ps -fea | grep 'host-slave' | grep 'Host Controller' | awk '{print $2}' | xargs kill -STOP
{noformat}
# After some seconds this error is displayed in th DC log:
{noformat}
[Host Controller] 13:04:53,840 WARN [org.jboss.as.domain.controller] (management task-6) WFLYHC0030: Connection to remote host "slave" closed unexpectedly
{noformat}
# Change the domain model, for example modifying the jvm configuration used in a server group
{noformat}
/server-group=main-server-group/jvm=default:write-attribute(name=heap-size, value=500m)
{noformat}
# Send the continue signal to the HC process
{noformat}
ps -fea | grep 'host-slave' | grep 'Host Controller' | awk '{print $2}' | xargs kill -CONT
{noformat}
These messages are shown in the DC:
{noformat}
[Host Controller] 13:07:17,931 INFO [org.jboss.as.protocol] (management I/O-2) WFLYPRT0057: cancelled task by interrupting thread Thread[Host Controller Service Threads - 13,5,Host Controller Service Threads]
{noformat}
These messages are shown in the HC:
{noformat}
13:21:05,009 ERROR [org.jboss.as.host.controller] (Host Controller Service Threads - 9) WFLYHC0143: Failed to apply domain-wide configuration from master host controller. Operation outcome: failed. Failure description "WFLYCTL0313: Unauthorized to execute operation 'server-set-restart-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
13:21:05,012 WARN [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0146: Could not discover master using discovery option StaticDiscovery{protocol=remote,host=127.0.0.1,port=9999}. Error was: 1-$-
13:21:05,012 WARN [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0147: No domain controller discovery options remain.
13:21:06,015 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 3) WFLYHC0150: Trying to reconnect to master host controller.
{noformat}
These messages in the server-one:
{noformat}
13:21:04,829 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 67) WFLYCTL0013: Operation ("server-set-reload-required") failed - address: ([]) - failure description: "WFLYCTL0313: Unauthorized to execute operation 'server-set-reload-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
13:21:05,006 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 67) WFLYCTL0013: Operation ("server-set-restart-required") failed - address: ([]) - failure description: "WFLYCTL0313: Unauthorized to execute operation 'server-set-restart-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
{noformat}
*Note about reproduced steps in wildfly-core*
The previous steps are valid to reproduce the issue if the HC connects to DC using remote protocol. In newer versions, we use by default remote+http for such connection, and it is more difficult to reproduce the bug using an HC process halt. To reproduce with the same steps, we should use remote protocol or we can simulate a DC and HC models out of sync, for example, we can stop the DC, change manually the heap size of the default JVM in a server-group and start the DC again. When the HC tries to reconnect, it will try to sync the domain model, and the issue will be reproduced.
> HC cannot connect to DC after lost connect with error "WFLYCTL0332: Permission denied\"
> ---------------------------------------------------------------------------------------
>
> Key: WFCORE-4152
> URL: https://issues.jboss.org/browse/WFCORE-4152
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Environment: -- EAP 7.1.2 Domain mode
> Reporter: Yeray Borges
> Assignee: Yeray Borges
> Priority: Major
>
> Customer has domain mode, they have the following enabled
> - RBAC
> - Management realm with ssl and ldap
> When HC is disconnected from the DC due to bad GC performance, it then cannot connect to the DC with the following errors
> 2018-08-15 04:30:19,035 WARN [org.jboss.as.host.controller] (management task-3) WFLYHC0015: Connection to remote host-controller closed. Trying to reconnect.
> 2018-08-15 04:30:19,036 INFO [org.jboss.as.host.controller] (Host Controller Service Threads - 149) WFLYHC0150: Trying to reconnect to master host controller.
> 2018-08-15 04:30:21,006 ERROR [org.jboss.as.host.controller] (Host Controller Service Threads - 151) WFLYHC0143: Failed to apply domain-wide configuration from master host controller. Operation outcome: failed. Failure description "WFLYCTL0313: Unauthorized to execute operation 'server-set-reload-required' for resource '[]' -- \"WFLYCTL0332: Permission denied\""
> due to this , We are not able to restart any JVMs in this domain. The only way we could recover was to restart all DC/HC & JVMs. I have collected the logs and config files for DC/HC/JVM and I am uploading it to the case. Please review and let us know what is the root cause of this issue and what can be done to prevent it.
> There is a management operation is requires reload in the log.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 7 months
[JBoss JIRA] (WFLY-10336) MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
by Rostislav Svoboda (Jira)
[ https://issues.jboss.org/browse/WFLY-10336?page=com.atlassian.jira.plugin... ]
Rostislav Svoboda commented on WFLY-10336:
------------------------------------------
Are you using latest IBM JDK ?
> MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
> -----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-10336
> URL: https://issues.jboss.org/browse/WFLY-10336
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite, Web Services
> Environment: {noformat}
> Java(TM) SE Runtime Environment (build 8.0.5.11 - pxa6480sr5fp11-20180326_01(SR5 FP11))
> IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64 Compressed References 20180309_380776 (JIT enabled, AOT enabled)
> OpenJ9 - 49fcaf39
> OMR - 5cbbadf
> IBM - 4453dac)
> JCL - 20180319_01 based on Oracle jdk8u161-b12
> {noformat}
> Reporter: Petr Kremensky
> Assignee: Jan Blizňák
> Priority: Major
>
> There are test failures running the WildFly Test Suite: Integration - WS on IBM jdk.
> {noformat}
> wildfly/testsuite/integration/ws] $ mvn clean install
> ...
> [INFO]
> [INFO] Results:
> [INFO]
> [ERROR] Errors:
> [ERROR] EJBSignTestCase.signedRequest:86 » SOAPFault MustUnderstand headers: [{http://...
> [ERROR] SignTestCase.signedRequest:88 » SOAPFault MustUnderstand headers: [{http://doc...
> [ERROR] EJBSignEncryptMultipleClientsTestCase.encryptedAndSignedRequestFromAlice:90 » SOAPFault
> [ERROR] EJBSignEncryptMultipleClientsTestCase.encryptedAndSignedRequestFromJohn:102 » SOAPFault
> [ERROR] EJBSignEncryptTestCase.encryptedAndSignedRequest:88 » SOAPFault MustUnderstand...
> [ERROR] SignEncryptMultipleClientsTestCase.encryptedAndSignedRequestFromAlice:91 » SOAPFault
> [ERROR] SignEncryptMultipleClientsTestCase.encryptedAndSignedRequestFromJohn:103 » SOAPFault
> [ERROR] SignEncryptTestCase.encryptedAndSignedRequest:90 » SOAPFault MustUnderstand he...
> [ERROR] WSTrustTestCase.test:318 » SOAPFault MustUnderstand headers: [{http://docs.oas...
> [ERROR] WSTrustTestCase.testActAs:441 » SOAPFault MustUnderstand headers: [{http://doc...
> [ERROR] WSTrustTestCase.testBearer:541 » SOAPFault MustUnderstand headers: [{http://do...
> [ERROR] WSTrustTestCase.testHolderOfKey:491 » SOAPFault MustUnderstand headers: [{http...
> [ERROR] WSTrustTestCase.testNoClientCallback:383 » SOAPFault MustUnderstand headers: [...
> [ERROR] WSTrustTestCase.testNoSignatureUsername:414 » SOAPFault MustUnderstand headers...
> [ERROR] WSTrustTestCase.testOnBehalfOf:468 » SOAPFault MustUnderstand headers: [{http:...
> [ERROR] WSTrustTestCase.testPicketLink:518 » SOAPFault MustUnderstand headers: [{http:...
> [ERROR] WSTrustTestCase.testUsingEPR:350 » SOAPFault MustUnderstand headers: [{http://...
> [INFO]
> [ERROR] Tests run: 119, Failures: 0, Errors: 17, Skipped: 0
> {noformat}
> *Caused by*
> {noformat}
> Caused by: org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
> at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:87)
> at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:53)
> at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:42)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:112)
> at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:70)
> at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:35)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:827)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1695)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1572)
> at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1373)
> at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:673)
> at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
> at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:533)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:442)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:343)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:296)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
> ... 129 more
> {noformat}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 7 months
[JBoss JIRA] (WFLY-11121) CI - Master linux JDK 11 job - compilation fails - forked embedded process has failed
by Kabir Khan (Jira)
[ https://issues.jboss.org/browse/WFLY-11121?page=com.atlassian.jira.plugin... ]
Kabir Khan reassigned WFLY-11121:
---------------------------------
Assignee: Alexey Loubyansky (was: Jason Greene)
> CI - Master linux JDK 11 job - compilation fails - forked embedded process has failed
> --------------------------------------------------------------------------------------
>
> Key: WFLY-11121
> URL: https://issues.jboss.org/browse/WFLY-11121
> Project: WildFly
> Issue Type: Bug
> Reporter: Rostislav Svoboda
> Assignee: Alexey Loubyansky
> Priority: Blocker
> Labels: Java11
>
> Compilation of Master linux JDK 11 job fails - forked embedded process has failed.
> https://ci.wildfly.org/viewType.html?buildTypeId=WF_MasterLinuxJdk11
> {code}
> [Step 2/3] [ERROR] Failed to execute goal org.wildfly.galleon-plugins:wildfly-galleon-maven-plugin:
> 2.0.0.Final:generate-feature-specs (feature-spec-build) on project wildfly-servlet-galleon-pack:
> Feature spec generator failed: Forked embedded process has failed -> [Help 1]
> {code}
> My local machine runs are passing for me, using {{java version "11" 2018-09-25 (build 11+28)}}
> This fail can be related to VMs setup on TeamCity, another option can be galleon related issue.
> CCing also [~aloubyansky]
> We need to have valid Java 11 runs on upstream to guard proper functionality of WildFly.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 7 months
[JBoss JIRA] (DROOLS-3079) kie-server DMN evaluate Decision Service only
by Matteo Mortari (Jira)
[ https://issues.jboss.org/browse/DROOLS-3079?page=com.atlassian.jira.plugi... ]
Matteo Mortari updated DROOLS-3079:
-----------------------------------
Description:
Missing the kie-server analogous of the local DMNRuntime API
i.e.: provide the kie-server side remote equivalent of `DMNRuntime#evaluateDecisionService(DMNModel model, DMNContext context, String decisionServiceName)`
was:Missing the kie-server analogous of the local DMNRuntime API
> kie-server DMN evaluate Decision Service only
> ---------------------------------------------
>
> Key: DROOLS-3079
> URL: https://issues.jboss.org/browse/DROOLS-3079
> Project: Drools
> Issue Type: Enhancement
> Components: dmn engine, kie server
> Reporter: Matteo Mortari
> Assignee: Matteo Mortari
> Priority: Major
>
> Missing the kie-server analogous of the local DMNRuntime API
> i.e.: provide the kie-server side remote equivalent of `DMNRuntime#evaluateDecisionService(DMNModel model, DMNContext context, String decisionServiceName)`
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 7 months