[JBoss JIRA] (DROOLS-1781) Investigate possible replacement of findbugs-maven-plugin with spotbugs-maven-plugin
by Michael Biarnes Kiefer (Jira)
[ https://issues.jboss.org/browse/DROOLS-1781?page=com.atlassian.jira.plugi... ]
Michael Biarnes Kiefer reassigned DROOLS-1781:
----------------------------------------------
Assignee: Michael Biarnes Kiefer (was: Marek Novotny)
> Investigate possible replacement of findbugs-maven-plugin with spotbugs-maven-plugin
> ------------------------------------------------------------------------------------
>
> Key: DROOLS-1781
> URL: https://issues.jboss.org/browse/DROOLS-1781
> Project: Drools
> Issue Type: Task
> Components: build
> Affects Versions: 7.4.1.Final
> Reporter: Petr Široký
> Assignee: Michael Biarnes Kiefer
> Priority: Major
> Labels: java9
>
> SpotBugs is a successor of FingBugs and as such uses different groupId + artifactId for maven plugin. It should also be compatible with Java 9 (at least in the latest versions). We need to investigate it the switch is painless and if so, do it. Otherwise we need to figure out what the blockers are and slowly start to fix them as FindBugs itself won't bet any more updates it seems and so won't be Java 9 compatible.
> *How to migrate*
> * Replace
> {code}
> <groupId>org.codehaus.mojo</groupId>
> <artifactId>findbugs-maven-plugin</artifactId>
> {code}
> by
> {code}
> <groupId>com.github.spotbugs</groupId>
> <artifactId>spotbugs-maven-plugin</artifactId>
> {code}
> * Look for all "findbugs" and replace it by "spotbugs"
> ** Except for anything related to the findbugs annotations dependency that some dependencies drag in or exclude. Leave that one alone!
> ** For example, change findbugs-check -> spotbugs-check, ...
> * Merge this PR if it hasn't been merged already: https://github.com/kiegroup/optaplanner-wb/pull/320
> * Then you only need to adjust the following repo's: build-boostrap, drools, optaplanner and kie-wb-distributions.
> ** See https://github.com/search?q=org%3Akiegroup+findbugs-maven-plugin&type=Code
> ** Ignore contributed experiments, that repo is dead
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months
[JBoss JIRA] (WFLY-11364) Test JpaDsRestartTestCase fails with security manager
by Bartosz Baranowski (Jira)
[ https://issues.jboss.org/browse/WFLY-11364?page=com.atlassian.jira.plugin... ]
Bartosz Baranowski reassigned WFLY-11364:
-----------------------------------------
Assignee: Bartosz Baranowski
> Test JpaDsRestartTestCase fails with security manager
> -----------------------------------------------------
>
> Key: WFLY-11364
> URL: https://issues.jboss.org/browse/WFLY-11364
> Project: WildFly
> Issue Type: Bug
> Components: JPA / Hibernate, Test Suite
> Affects Versions: 15.0.0.Beta1
> Reporter: Martin Choma
> Assignee: Bartosz Baranowski
> Priority: Major
> Labels: security-manager
>
> {noformat}
> org.jboss.as.test.integration.jpa.dsrestart (1)
> JpaDsRestartTestCase.testRestartDataSource
> {noformat}
> {noformat}
> java.security.AccessControlException: WFSM000001: Permission check failed (permission "("org.jboss.as.controller.security.ControllerPermission" "canAccessModelController")" in code source "(vfs:/content/dsrestartjpa.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.dsrestartjpa.war" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> at org.jboss.as.controller.AbstractControllerService.getValue(AbstractControllerService.java:621)
> at org.jboss.as.controller.AbstractControllerService.getValue(AbstractControllerService.java:77)
> at org.jboss.msc.service.ServiceControllerImpl.getValue(ServiceControllerImpl.java:1110)
> at org.jboss.as.test.integration.jpa.dsrestart.JpaDsRestartTestCase.toggleDataSource(JpaDsRestartTestCase.java:102)
> at org.jboss.as.test.integration.jpa.dsrestart.JpaDsRestartTestCase.testRestartDataSource(JpaDsRestartTestCase.java:86)
> ...
> {noformat}
> It looks to me as valid requirement for code running in container using ModelController to have granted permission to do so. In this case code is test running in container. Not sure how permission can be granted in that case.
> [1] https://ci.wildfly.org/viewLog.html?buildId=128138&buildTypeId=WF_MasterS...
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months
[JBoss JIRA] (WFLY-11501) DynamicJaspiTestCase fails with security manager
by Ondrej Kotek (Jira)
[ https://issues.jboss.org/browse/WFLY-11501?page=com.atlassian.jira.plugin... ]
Ondrej Kotek updated WFLY-11501:
--------------------------------
Steps to Reproduce:
{{cd testsuite/integration/elytron}}
{{mvn clean test -Dtest=DynamicJaspiTestCase -Dsecurity.manager}}
was:
{{cd elytron}}
{{mvn clean test -Dtest=DynamicJaspiTestCase -Dsecurity.manager}}
> DynamicJaspiTestCase fails with security manager
> ------------------------------------------------
>
> Key: WFLY-11501
> URL: https://issues.jboss.org/browse/WFLY-11501
> Project: WildFly
> Issue Type: Bug
> Components: Security, Test Suite
> Affects Versions: 16.0.0.Beta1
> Reporter: Ondrej Kotek
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 16.0.0.Beta1
>
>
> {{org.wildfly.test.integration.elytron.jaspi.DynamicJaspiTestCase#testCalls}} fails with security manager due to missing permissions:
> {noformat}
> ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ConfiguredJaspiTestCase/: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.security.SecurityPermission" "getFactory")" in code source "(vfs:/content/ConfiguredJaspiTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ConfiguredJaspiTestCase.war" from Service Module Loader")
> at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> at javax.security.auth.message.api@1.0.2.Final//javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:210)
> at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.auth.jaspi.JaspiConfigurationBuilder.register(JaspiConfigurationBuilder.java:106)
> at deployment.ConfiguredJaspiTestCase.war//org.wildfly.test.integration.elytron.jaspi.JaspiTestServlet.doGet(JaspiTestServlet.java:62)
> at javax.servlet.api@1.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:686)
> at javax.servlet.api@1.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
> at io.opentracing.contrib.opentracing-jaxrs2//io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:55)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.security.elytron-web.undertow-server@1.3.0.Final//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68)
> at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103)
> at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
> at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73)
> at org.wildfly.security.elytron-web.undertow-server@1.3.0.Final//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.core@2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.core@2.0.15.Final//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
> at io.undertow.core@2.0.15.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
> at io.undertow.core@2.0.15.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at org.wildfly.security.elytron-web.undertow-server-servlet@1.3.0.Final//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
> at io.undertow.core@2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow@16.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.core@2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow@16.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.core@2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow@16.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
> at org.wildfly.extension.undertow@16.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
> at org.wildfly.extension.undertow@16.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
> at org.wildfly.extension.undertow@16.0.0.Beta1-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
> at java.base/java.security.AccessController.doPrivileged(Native Method)
> at io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
> at io.undertow.core@2.0.15.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
> at io.undertow.core@2.0.15.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
> at org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
> at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
> at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
> at java.base/java.lang.Thread.run(Thread.java:834)
> {noformat}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months
[JBoss JIRA] (WFLY-11510) EarOpenTracingWithWeldProbeTestCase fails with node0/1 set
by Ondrej Kotek (Jira)
[ https://issues.jboss.org/browse/WFLY-11510?page=com.atlassian.jira.plugin... ]
Ondrej Kotek commented on WFLY-11510:
-------------------------------------
[~nziakova], a local verification should be enough. The fix works for me, thank you.
> EarOpenTracingWithWeldProbeTestCase fails with node0/1 set
> ----------------------------------------------------------
>
> Key: WFLY-11510
> URL: https://issues.jboss.org/browse/WFLY-11510
> Project: WildFly
> Issue Type: Bug
> Components: MP OpenTracing, Test Suite
> Affects Versions: 16.0.0.Beta1
> Reporter: Ondrej Kotek
> Assignee: Nikoleta Žiaková
> Priority: Major
>
> {{org.jboss.as.test.integration.microprofile.opentracing.EarOpenTracingWithWeldProbeTestCase}} fails with {{node0}} and {{node1}} set:
> {noformat}
> WARN [org.jboss.weld.probe.Probe] (default task-1) PROBE-000017: Access to /ServiceOne/service-endpoint/app denied for <my IP>
> WARN [org.jboss.weld.probe.Probe] (default task-1) PROBE-000017: Access to /ServiceOne/service-endpoint/app denied for <my IP>
> ...
> java.lang.AssertionError: expected:<200> but was:<403>
> at org.junit.Assert.fail(Assert.java:88)
> at org.junit.Assert.failNotEquals(Assert.java:834)
> at org.junit.Assert.assertEquals(Assert.java:645)
> at org.junit.Assert.assertEquals(Assert.java:631)
> at org.jboss.as.test.integration.microprofile.opentracing.AbstractEarOpenTracingTestCase.testHttpInvokation(AbstractEarOpenTracingTestCase.java:67)
> at org.jboss.as.test.integration.microprofile.opentracing.AbstractEarOpenTracingTestCase.testEarServicesUseDifferentTracersAfterReload(AbstractEarOpenTracingTestCase.java:59)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ...
> {noformat}
> Maybe access from remote IP addresses is blocked in development mode.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months
[JBoss JIRA] (WFLY-8431) Race conditions in JASPIC registration code
by István Tóth (Jira)
[ https://issues.jboss.org/browse/WFLY-8431?page=com.atlassian.jira.plugin.... ]
István Tóth commented on WFLY-8431:
-----------------------------------
I have rebased it.
Should I open a ticket for it, or is the PR enough ?
> Race conditions in JASPIC registration code
> -------------------------------------------
>
> Key: WFLY-8431
> URL: https://issues.jboss.org/browse/WFLY-8431
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.1.0.Final
> Environment: Centos 7 x86_64, with the included Java 8 environment
> Reporter: István Tóth
> Assignee: Darran Lofthouse
> Priority: Major
> Attachments: GetFactoryTestCase.java
>
>
> javax.security.auth.message.config.AuthConfigFactory and
> org.jboss.security.auth.message.config.JBossAuthConfigFactory
> have race conditions.
> 1. javax.security.auth.message.config.AuthConfigFactory#getFactory() has a race condition. The checking and creation of the _factory object is not atomic.
> I think the best and simplest solution would be to simply make the getFactory() method synchronized. (The same method in the Glassfish implmentation is synchronized)
> 2. The keyTo*Map fields of the org.jboss.security.auth.message.config.JBossAuthConfigFactory are not thread safe.
> Nearly all methods of this class manipulate these, without any synchronization.
> In this case I believe that changing those from HashMaps to ConcurrentHashMaps should be enough to avoid the worst of the races, while incurring a negligible performance penalty.
> The methods that modify the maps should also be made synchronized, or rewritten to use the
> atomic ConcurrentHashMaps operations.
> A possible workaround is to add a synchronized(AuthConfigFactory.class) block around the JASPIC initialization code, where the JBossAuthConfigFactory methods are called. Of course this only works if every webapp on the server can be modified this way.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months
[JBoss JIRA] (DROOLS-1781) Investigate possible replacement of findbugs-maven-plugin with spotbugs-maven-plugin
by Marek Novotny (Jira)
[ https://issues.jboss.org/browse/DROOLS-1781?page=com.atlassian.jira.plugi... ]
Marek Novotny reassigned DROOLS-1781:
-------------------------------------
Assignee: Marek Novotny
> Investigate possible replacement of findbugs-maven-plugin with spotbugs-maven-plugin
> ------------------------------------------------------------------------------------
>
> Key: DROOLS-1781
> URL: https://issues.jboss.org/browse/DROOLS-1781
> Project: Drools
> Issue Type: Task
> Components: build
> Affects Versions: 7.4.1.Final
> Reporter: Petr Široký
> Assignee: Marek Novotny
> Priority: Major
> Labels: java9
>
> SpotBugs is a successor of FingBugs and as such uses different groupId + artifactId for maven plugin. It should also be compatible with Java 9 (at least in the latest versions). We need to investigate it the switch is painless and if so, do it. Otherwise we need to figure out what the blockers are and slowly start to fix them as FindBugs itself won't bet any more updates it seems and so won't be Java 9 compatible.
> *How to migrate*
> * Replace
> {code}
> <groupId>org.codehaus.mojo</groupId>
> <artifactId>findbugs-maven-plugin</artifactId>
> {code}
> by
> {code}
> <groupId>com.github.spotbugs</groupId>
> <artifactId>spotbugs-maven-plugin</artifactId>
> {code}
> * Look for all "findbugs" and replace it by "spotbugs"
> ** Except for anything related to the findbugs annotations dependency that some dependencies drag in or exclude. Leave that one alone!
> ** For example, change findbugs-check -> spotbugs-check, ...
> * Merge this PR if it hasn't been merged already: https://github.com/kiegroup/optaplanner-wb/pull/320
> * Then you only need to adjust the following repo's: build-boostrap, drools, optaplanner and kie-wb-distributions.
> ** See https://github.com/search?q=org%3Akiegroup+findbugs-maven-plugin&type=Code
> ** Ignore contributed experiments, that repo is dead
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months