December 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-11529) Expose WildFly metrics in /metrics endpoints

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFLY-11529?page=com.atlassian.jira.plugin... ] Jeff Mesnil updated WFLY-11529: ------------------------------- Affects Version/s: (was: 15.0.0.Beta1) > Expose WildFly metrics in /metrics endpoints > -------------------------------------------- > > Key: WFLY-11529 > URL: https://issues.jboss.org/browse/WFLY-11529 > Project: WildFly > Issue Type: Bug > Components: MP Metrics > Reporter: Jeff Mesnil > Assignee: Jeff Mesnil > Priority: Critical > > MicroProfile Metrics mandates that metrics names are unique and does not able to have multiple suppliers for the same metric with different labels. > Due to this restriction, the names of WildFly metrics are long and convoluted; e.g. `deployment/example.war/subsystem/undertow/servlet/org.example.MyServlet/request-count` > This type of names prevents any aggregation in Prometheus and is very different from the names configured in the imx-exporter for older WildFly versions (https://github.com/jboss-openshift/cct_module/pull/314) > Instead, the name of the metric should be "simple" (e.g. undertow_request_count) and the different supplies should provide labels: > {code} > undertow_request_count{deployment="foo.war", servlet="MyServletA"} 5.0 > undertow_request_count{deployment="foo.war", servlet="MyServletB"} 10.0 > {code} > In its current state the WildFly metrics are not usable and we should disable them until they are properly exposed in a correct state. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-709) MBeanAttributeInfo#isReadable and MBeanAttributeInfo#isWrittable return always true

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFCORE-709?page=com.atlassian.jira.plugin... ] Darran Lofthouse reassigned WFCORE-709: --------------------------------------- Assignee: (was: Kabir Khan) > MBeanAttributeInfo#isReadable and MBeanAttributeInfo#isWrittable return always true > ----------------------------------------------------------------------------------- > > Key: WFCORE-709 > URL: https://issues.jboss.org/browse/WFCORE-709 > Project: WildFly Core > Issue Type: Feature Request > Components: Management, Security > Reporter: Jakub Cechacek > Priority: Major > Labels: rbac-filed-by-qa > > According to javadoc [1] these methods should return boolean value based on whether this attribute can be read / written. However currently true is returned even though authenticated user can't perform read / write operation. > Note: As I am familiar with JMX spec only very briefly, it is possible that these methods are intended for something bit different. > [1] http://docs.oracle.com/javase/7/docs/api/javax/management/MBeanAttributeI... -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-11529) Expose WildFly metrics in /metrics endpoints

by Jeff Mesnil (Jira)

Jeff Mesnil created WFLY-11529: ---------------------------------- Summary: Expose WildFly metrics in /metrics endpoints Key: WFLY-11529 URL: https://issues.jboss.org/browse/WFLY-11529 Project: WildFly Issue Type: Bug Components: MP Metrics Affects Versions: 15.0.0.Beta1 Reporter: Jeff Mesnil Assignee: Jeff Mesnil Fix For: 15.0.0.Final MicroProfile Metrics mandates that metrics names are unique and does not able to have multiple suppliers for the same metric with different labels. Due to this restriction, the names of WildFly metrics are long and convoluted; e.g. `deployment/example.war/subsystem/undertow/servlet/org.example.MyServlet/request-count` This type of names prevents any aggregation in Prometheus and is very different from the names configured in the imx-exporter for older WildFly versions (https://github.com/jboss-openshift/cct_module/pull/314) Instead, the name of the metric should be "simple" (e.g. undertow_request_count) and the different supplies should provide labels: {code} undertow_request_count{deployment="foo.war", servlet="MyServletA"} 5.0 undertow_request_count{deployment="foo.war", servlet="MyServletB"} 10.0 {code} In its current state the WildFly metrics are not usable and we should disable them until they are properly exposed in a correct state. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-884) CLONE - vault script generates identical shared keys when adding multiple passwords in one session

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFLY-884?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved WFLY-884. ----------------------------------- Resolution: Won't Fix Marking as 'Won't Fix' as this is in relation to PicketBox which is deprecated. > CLONE - vault script generates identical shared keys when adding multiple passwords in one session > -------------------------------------------------------------------------------------------------- > > Key: WFLY-884 > URL: https://issues.jboss.org/browse/WFLY-884 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Tom Fonteyne > Assignee: Peter Skopek > Priority: Major > > Adding multiple passwords in a single interactive session with vault.sh generates duplicate Shared Keys -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-3789) Vault cannot be initialized with external password provided by CLASS

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFLY-3789?page=com.atlassian.jira.plugin.... ] Darran Lofthouse resolved WFLY-3789. ------------------------------------ Resolution: Won't Fix Marking as 'Won't Fix' as this is in relation to PicketBox which is deprecated. > Vault cannot be initialized with external password provided by CLASS > --------------------------------------------------------------------- > > Key: WFLY-3789 > URL: https://issues.jboss.org/browse/WFLY-3789 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Filip Bogyai > Assignee: Peter Skopek > Priority: Major > > When vault is configured to use external password obtained from CLASS, e.g. :{code:xml} <vault-option name="KEYSTORE_PASSWORD" value="{CLASS}org.jboss.security.plugins.TmpFilePassword:${java.io.tmpdir}/tmp.password"/> {code} > WildFly is unable to start, because of ClassNotFoundException: > {code} > 11:00:40,696 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: WFLYSRV0076: Error initializing vault -- org.jboss.as.server.services.security.VaultReaderException: WFLYSEC0017: Vault Reader Exception: > at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:88) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:75) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:657) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:498) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:299) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:294) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1072) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:375) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:297) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at org.jboss.as.server.ServerService.boot(ServerService.java:373) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at org.jboss.as.server.ServerService.boot(ServerService.java:348) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:259) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4] > at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55] > Caused by: org.jboss.as.server.services.security.VaultReaderException: WFLYSEC0017: Vault Reader Exception: > at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:99) [wildfly-security-9.0.0.Alpha1-SNAPSHOT.jar:9.0.0.Alpha1-SNAPSHOT] > at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:86) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4] > ... 12 more > Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.ClassNotFoundException: org.jboss.security.plugins.TmpFilePassword from [Module "org.jboss.as.controller:main" from local module loader @4be525ab > at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3] > at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:97) [wildfly-security-9.0.0.Alpha1-SNAPSHOT.jar:9.0.0.Alpha1-SNAPSHOT] > ... 13 more > Caused by: java.lang.ClassNotFoundException: org.jboss.security.plugins.TmpFilePassword from [Module "org.jboss.as.controller:main" from local module loader @4be525ab > at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:213) [jboss-modules.jar:1.3.3.Final] > at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:459) [jboss-modules.jar:1.3.3.Final] > at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:408) [jboss-modules.jar:1.3.3.Final] > at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:389) [jboss-modules.jar:1.3.3.Final] > at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:134) [jboss-modules.jar:1.3.3.Final] > at org.jboss.security.Util.invokePasswordClass(Util.java:174) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3] > at org.jboss.security.Util.loadPassword(Util.java:126) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3] > at org.picketbox.plugins.vault.PicketBoxSecurityVault.loadKeystorePassword(PicketBoxSecurityVault.java:343) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3] > at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:204) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3] > ... 14 more > {code} > External passwords for vault were introduces by RFE: SECURITY-831 -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5558) Redundant security-related XML schema files

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFLY-5558?page=com.atlassian.jira.plugin.... ] Darran Lofthouse resolved WFLY-5558. ------------------------------------ Assignee: Darran Lofthouse Resolution: Won't Do Marking as 'Won't Fix' as this is in relation to PicketBox which is deprecated. > Redundant security-related XML schema files > ------------------------------------------- > > Key: WFLY-5558 > URL: https://issues.jboss.org/browse/WFLY-5558 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 10.0.0.CR3 > Reporter: Martin Švehla > Assignee: Darran Lofthouse > Priority: Major > > There are several XML schemas in server's docs/schemas that are in my opinion redundant and should be removed: > * picketbox-security-domain-configuration_4_0.xsd - duplicates subsystem configuration in jboss-as-security_1_2.xsd > * security-config_*.xsd - 3 schemas for old deployable security configuration descriptor. These kinds of deployments are afaik not supported in EAP 7. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5894) Usage of context.getOriginalRootResource().navigate(pathAddress) should be reviewed in the picketlink subsystem

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFLY-5894?page=com.atlassian.jira.plugin.... ] Darran Lofthouse resolved WFLY-5894. ------------------------------------ Resolution: Won't Fix Marking as 'Won't Fix' as this is in relation to PicketLink which is deprecated. > Usage of context.getOriginalRootResource().navigate(pathAddress) should be reviewed in the picketlink subsystem > --------------------------------------------------------------------------------------------------------------- > > Key: WFLY-5894 > URL: https://issues.jboss.org/browse/WFLY-5894 > Project: WildFly > Issue Type: Task > Components: Security > Reporter: James Perkins > Assignee: Pedro Igor > Priority: Major > > There are 4 resource definitions that use the {{OperationContext.getOriginalRootResource()}} method. These could be fragile in a composite add/write operation as a {{NoSuchResourceException}} might be thrown during the {{Resource.navigate()}} method. > 1. {{org.wildfly.extension.picketlink.federation.model.idp.IdentityProviderResourceDefinition}} > 2. {{org.wildfly.extension.picketlink.federation.model.keystore.KeyStoreProviderResourceDefinition}} > 3. {{org.wildfly.extension.picketlink.federation.model.saml.SAMLResourceDefinition}} > 4. {{org.wildfly.extension.picketlink.federation.model.sp.ServiceProviderResourceDefinition}} -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6839) It is impossible configure KeyStore ValidatingAlias in picketlink-federation subsystem same as in picketlink.xml

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFLY-6839?page=com.atlassian.jira.plugin.... ] Darran Lofthouse resolved WFLY-6839. ------------------------------------ Resolution: Won't Fix Marking as 'Won't Fix' as this is in relation to PicketLink which is deprecated. > It is impossible configure KeyStore ValidatingAlias in picketlink-federation subsystem same as in picketlink.xml > ---------------------------------------------------------------------------------------------------------------- > > Key: WFLY-6839 > URL: https://issues.jboss.org/browse/WFLY-6839 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Pedro Igor > Priority: Major > > In picketlink.xml configuration file I can define multiple ValidatingAlias for same certificate alias. > {code} > <KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager"> > ... > ... > <ValidatingAlias Key="localhost" Value="servercert" /> > <ValidatingAlias Key="127.0.0.1" Value="servercert" /> > </KeyProvider> > {code} > But in subsystem configuration I cannot do this. > *Workaround* > You can clone your certificate in keystore under different alias and then add new validating alias with this value. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFLY-6905) Add log error message when Credential Store have set old vault JCEKS

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/WFLY-6905?page=com.atlassian.jira.plugin.... ] Darran Lofthouse reassigned WFLY-6905: -------------------------------------- Assignee: (was: Peter Skopek) > Add log error message when Credential Store have set old vault JCEKS > -------------------------------------------------------------------- > > Key: WFLY-6905 > URL: https://issues.jboss.org/browse/WFLY-6905 > Project: WildFly > Issue Type: Enhancement > Components: Security > Reporter: Hynek Švábek > Priority: Major > > Log error message when user use new Credential Store and configure it to use existing Vault JCEKS. > It can be nice give him some information about possibility to convert old Vault JCEKS to new Credential Store JCEKS. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4258) Intermittent failure in PropertiesAuthenticationDigestedTestCase.testBadUser

by Brian Stansberry (Jira)

Brian Stansberry created WFCORE-4258: ---------------------------------------- Summary: Intermittent failure in PropertiesAuthenticationDigestedTestCase.testBadUser Key: WFCORE-4258 URL: https://issues.jboss.org/browse/WFCORE-4258 Project: WildFly Core Issue Type: Bug Components: Security, Test Suite Reporter: Brian Stansberry Assignee: Darran Lofthouse https://ci.wildfly.org/viewLog.html?buildId=134022&buildTypeId=WildFlyCor... {code} java.lang.IllegalStateException: WFLYDM0043: No CallbackHandler available for mechanism DIGEST in realm TestRealm at org.jboss.as.domain.management.security.SecurityRealmService.getCallbackHandlerService(SecurityRealmService.java:565) at org.jboss.as.domain.management.security.SecurityRealmService.getAuthorizingCallbackHandler(SecurityRealmService.java:462) at org.jboss.as.domain.management.security.realms.PropertiesAuthenticationDigestedTestCase.testBadUser(PropertiesAuthenticationDigestedTestCase.java:125) {code} TeamCity shows 3 failures in the past month. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira December 2018