[JBoss JIRA] (WFCORE-3947) Support SSL Certificate revocation using OCSP
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/WFCORE-3947?page=com.atlassian.jira.plugi... ]
Darran Lofthouse updated WFCORE-3947:
-------------------------------------
Fix Version/s: (was: 3.x.x TBD)
> Support SSL Certificate revocation using OCSP
> ---------------------------------------------
>
> Key: WFCORE-3947
> URL: https://issues.jboss.org/browse/WFCORE-3947
> Project: WildFly Core
> Issue Type: Task
> Components: Security
> Affects Versions: 6.0.0.Alpha2
> Reporter: Jan Kalina
> Assignee: Martin Mazanek
> Priority: Critical
> Fix For: 8.0.0.Beta2
>
>
> - Provide undertow's client certificate revocation capability when undertow is used as a load balancer using OCSP.
> (CRL capability is provided in the earlier release as part of Elytron SSL Consolidation effort that this JIRA is cloned from)
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFLY-11123) Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/WFLY-11123?page=com.atlassian.jira.plugin... ]
Darran Lofthouse commented on WFLY-11123:
-----------------------------------------
Dropping to major, this method is presently available in the currently supported JVMs, additionally it fails safe if not.
> Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions
> -------------------------------------------------------------------------
>
> Key: WFLY-11123
> URL: https://issues.jboss.org/browse/WFLY-11123
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 14.0.1.Final
> Environment: Windows 7 x64. Java 11: OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11+28-201810022317, mixed mode)
> Reporter: Marco Del Percio
> Priority: Major
> Labels: Java11, access, elytron, illegal, reflective, wildfly
>
> After configuring HTTPS using the following guide: [Enable One-way SSL/TLS for Applications|http://docs.wildfly.org/14/WildFly_Elytron_Security.html#con...], configuration seems ok and server boots fine however an illegal reflective access warning comes up from jar within Elytron:
> {color:red}
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions (jar:file:/D:/wildfly-14.0.1.Final_FleetManager/modules/system/layers/base/org/wildfly/extension/elytron/main/wildfly-elytron-integration-6.0.2.Final.jar!/) to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()
> WARNING: Please consider reporting this to the maintainers of org.wildfly.extension.elytron.SSLDefinitions
> WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
> WARNING: All illegal access operations will be denied in a future release
> {color}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFCORE-3947) Support SSL Certificate revocation using OCSP
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/WFCORE-3947?page=com.atlassian.jira.plugi... ]
Darran Lofthouse reassigned WFCORE-3947:
----------------------------------------
Assignee: Martin Mazanek
> Support SSL Certificate revocation using OCSP
> ---------------------------------------------
>
> Key: WFCORE-3947
> URL: https://issues.jboss.org/browse/WFCORE-3947
> Project: WildFly Core
> Issue Type: Task
> Components: Security
> Affects Versions: 6.0.0.Alpha2
> Reporter: Jan Kalina
> Assignee: Martin Mazanek
> Priority: Critical
> Fix For: 8.0.0.Beta2
>
>
> - Provide undertow's client certificate revocation capability when undertow is used as a load balancer using OCSP.
> (CRL capability is provided in the earlier release as part of Elytron SSL Consolidation effort that this JIRA is cloned from)
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFLY-11123) Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/WFLY-11123?page=com.atlassian.jira.plugin... ]
Darran Lofthouse updated WFLY-11123:
------------------------------------
Priority: Major (was: Critical)
> Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions
> -------------------------------------------------------------------------
>
> Key: WFLY-11123
> URL: https://issues.jboss.org/browse/WFLY-11123
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 14.0.1.Final
> Environment: Windows 7 x64. Java 11: OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11+28-201810022317, mixed mode)
> Reporter: Marco Del Percio
> Priority: Major
> Labels: Java11, access, elytron, illegal, reflective, wildfly
>
> After configuring HTTPS using the following guide: [Enable One-way SSL/TLS for Applications|http://docs.wildfly.org/14/WildFly_Elytron_Security.html#con...], configuration seems ok and server boots fine however an illegal reflective access warning comes up from jar within Elytron:
> {color:red}
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions (jar:file:/D:/wildfly-14.0.1.Final_FleetManager/modules/system/layers/base/org/wildfly/extension/elytron/main/wildfly-elytron-integration-6.0.2.Final.jar!/) to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()
> WARNING: Please consider reporting this to the maintainers of org.wildfly.extension.elytron.SSLDefinitions
> WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
> WARNING: All illegal access operations will be denied in a future release
> {color}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFLY-9855) [JDK9+] org.jboss.security.negotiation.spnego package is exported by two jars
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/WFLY-9855?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse commented on WFLY-9855:
----------------------------------------
Dropping the priority as a deprecated component used within the application server only.
> [JDK9+] org.jboss.security.negotiation.spnego package is exported by two jars
> -----------------------------------------------------------------------------
>
> Key: WFLY-9855
> URL: https://issues.jboss.org/browse/WFLY-9855
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Tomaz Cerar
> Assignee: Tomas Hofman
> Priority: Major
>
> Currently if you have
> jboss-negotiation-spnego-3.0.4.Final and jboss-negotiation-extras-3.0.4.Final.jar
> on your module path, jvm complains as both jars export package org.jboss.security.negotiation.spnego
> which violates the modules contract where only one module (jar) can provide single package.
> example error that jvm prints
> {noformat}
> Error: Modules jboss.negotiation.extras and jboss.negotiation.spnego export package org.jboss.security.negotiation.spnego to module wildfly.clustering.common
> {noformat}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFLY-9855) [JDK9+] org.jboss.security.negotiation.spnego package is exported by two jars
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/WFLY-9855?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse updated WFLY-9855:
-----------------------------------
Priority: Major (was: Critical)
> [JDK9+] org.jboss.security.negotiation.spnego package is exported by two jars
> -----------------------------------------------------------------------------
>
> Key: WFLY-9855
> URL: https://issues.jboss.org/browse/WFLY-9855
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Tomaz Cerar
> Assignee: Tomas Hofman
> Priority: Major
>
> Currently if you have
> jboss-negotiation-spnego-3.0.4.Final and jboss-negotiation-extras-3.0.4.Final.jar
> on your module path, jvm complains as both jars export package org.jboss.security.negotiation.spnego
> which violates the modules contract where only one module (jar) can provide single package.
> example error that jvm prints
> {noformat}
> Error: Modules jboss.negotiation.extras and jboss.negotiation.spnego export package org.jboss.security.negotiation.spnego to module wildfly.clustering.common
> {noformat}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFLY-11510) EarOpenTracingWithWeldProbeTestCase fails with node0/1 set
by Nikoleta Žiaková (Jira)
[ https://issues.jboss.org/browse/WFLY-11510?page=com.atlassian.jira.plugin... ]
Nikoleta Žiaková commented on WFLY-11510:
-----------------------------------------
[~manovotn], [~okotek], you are right, setting {{-Dorg.jboss.weld.probe.allowRemoteAddress=${node0}}} solves the issue. node0 is set to 127.0.0.1 by default, which is also the default value of {{org.jboss.weld.probe.allowRemoteAddress}}, so the test was working in CI where node0 is not overridden.
I suggest setting the Weld config option in [testsuite/pom.xml|https://github.com/wildfly/wildfly/blob/master/testsuit...].
> EarOpenTracingWithWeldProbeTestCase fails with node0/1 set
> ----------------------------------------------------------
>
> Key: WFLY-11510
> URL: https://issues.jboss.org/browse/WFLY-11510
> Project: WildFly
> Issue Type: Bug
> Components: MP OpenTracing, Test Suite
> Affects Versions: 16.0.0.Beta1
> Reporter: Ondrej Kotek
> Assignee: Nikoleta Žiaková
> Priority: Major
>
> {{org.jboss.as.test.integration.microprofile.opentracing.EarOpenTracingWithWeldProbeTestCase}} fails with {{node0}} and {{node1}} set:
> {noformat}
> WARN [org.jboss.weld.probe.Probe] (default task-1) PROBE-000017: Access to /ServiceOne/service-endpoint/app denied for <my IP>
> WARN [org.jboss.weld.probe.Probe] (default task-1) PROBE-000017: Access to /ServiceOne/service-endpoint/app denied for <my IP>
> ...
> java.lang.AssertionError: expected:<200> but was:<403>
> at org.junit.Assert.fail(Assert.java:88)
> at org.junit.Assert.failNotEquals(Assert.java:834)
> at org.junit.Assert.assertEquals(Assert.java:645)
> at org.junit.Assert.assertEquals(Assert.java:631)
> at org.jboss.as.test.integration.microprofile.opentracing.AbstractEarOpenTracingTestCase.testHttpInvokation(AbstractEarOpenTracingTestCase.java:67)
> at org.jboss.as.test.integration.microprofile.opentracing.AbstractEarOpenTracingTestCase.testEarServicesUseDifferentTracersAfterReload(AbstractEarOpenTracingTestCase.java:59)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ...
> {noformat}
> Maybe access from remote IP addresses is blocked in development mode.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (DROOLS-3039) [DMN Designer] Item definition change doesn't make designer dirty
by Guilherme Carreiro (Jira)
[ https://issues.jboss.org/browse/DROOLS-3039?page=com.atlassian.jira.plugi... ]
Guilherme Carreiro updated DROOLS-3039:
---------------------------------------
Sprint: 2018 Week 51-01
> [DMN Designer] Item definition change doesn't make designer dirty
> -----------------------------------------------------------------
>
> Key: DROOLS-3039
> URL: https://issues.jboss.org/browse/DROOLS-3039
> Project: Drools
> Issue Type: Bug
> Components: DMN Editor
> Affects Versions: 7.12.0.Final
> Reporter: Jozef Marko
> Assignee: Guilherme Carreiro
> Priority: Minor
> Labels: drools-tools
>
> Changes in item definition definitions don't make the designer dirty. User can then can easily overlook he should save changes before closing the designer.
> h2. Acceptance test
> Check editor is dirty:
> - Definitions moved
> - Definitions declared
> - Definitions removed
> - Definitions edited
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months