May 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-9892) Upgrade org.apache.santuario.xmlsec to 2.1.1. caused regression in PicketLinkSTS

by Sande Gilda (JIRA)

[ https://issues.jboss.org/browse/WFLY-9892?page=com.atlassian.jira.plugin.... ] Sande Gilda commented on WFLY-9892: ----------------------------------- [~kabirkhan]: I have added [~emmartins] since he is the engineering lead for the quickstarts and is more familiar with the engineering impact. [~emmartins]: Should we create a Wildfly quickstart JIRA for this one? [~kabirkhan] and [~pcraveiro]: It sounds like I need to create an issue for the 7.2 Migration Guide for this. Do you agree? > Upgrade org.apache.santuario.xmlsec to 2.1.1. caused regression in PicketLinkSTS > -------------------------------------------------------------------------------- > > Key: WFLY-9892 > URL: https://issues.jboss.org/browse/WFLY-9892 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 12.0.0.Beta1 > Reporter: Ondrej Lukas > Assignee: Pedro Igor > Priority: Blocker > Attachments: ejb-security-picketlink.zip, ejb-test.jar, picketlink-sts.war, sts-config.properties > > > When token from PicketLink STS is issued and signed then it is not able to be used for authentication through Remoting in WildFly 12 (i.e. it cannot be set as {{remote.connection.main.password}} property which can be used in PicketLink {{org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule}}). It seems it is caused by upgrade of org.apache.santuario.xmlsec to version 2.1.1. [1]. When WILDFLY11_HOME/modules/system/layers/base/org/apache/santuario/xmlsec/main/xmlsec-2.0.8.jar is placed to WildFly 12 modules then it works correctly. > We report it as a blocker since it is regression - application which works correctly on WildFly 11 stops to work on WildFly 12 - users are not able to authenticate through Remoting with signed tokens from PicketLink STS correctly. > Remoting fails due to following exception: > {code} > java.lang.IllegalArgumentException: ELY05131: Invalid ASCII control "0xA" > at org.wildfly.security.sasl.util.StringPrep.forbidAsciiControl(StringPrep.java:117) > at org.wildfly.security.sasl.util.StringPrep.encode(StringPrep.java:295) > at org.wildfly.security.sasl.util.StringPrep.encode(StringPrep.java:196) > at org.wildfly.security.sasl.plain.PlainSaslClient.evaluateChallenge(PlainSaslClient.java:95) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) > at java.security.AccessController.doPrivileged(Native Method) > at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) > at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.lambda$handleEvent$1(ClientConnectionOpenListener.java:460) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) > at java.lang.Thread.run(Thread.java:748) > {code} > It is caused by different formating value of SignatureValue in assertion. In WildFly 11 SignatureValue looks like: > {code} > <dsig:SignatureValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">nFVkKrXTyYEQ9cwc9OOgySYebEtwzw4alVYP0viXzvqZAUAKtAXEBAfDB8xIOms78twlDdq79MiSvk8OrOdf126Kw/IR8JRn1fYyZ5tsIRcNoTXMgGaTqhrn/HKlLqqqHhVHrJURunqkSzTTxylA2AEPhEDD5Y7hS0W2ZZCeSvuri+PRDSTrRnuedz0yQuHQu1mZ0gjoEFbHh4Wkkn5Ac1R4gmewmmzPud+ZE6Ux4YpeHzQ8rAvZ4bDk6j+eQIRsSxFTLo5RSA3FWN8+lUNV/CSRqBPXsK7QxOaTdBgF+4NXWeExrNJ9SeVFcf9yelvReAtR2JNZ6DUY8u45KtXmLw==</dsig:SignatureValue> > {code} > In WildFly 12 it looks like (there are end of lines): > {code} > <dsig:SignatureValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">cUNpFJIZlLYrBDZtQSTDrq2K6PbnAHyg2qbx/D5FuB4XMjdQ5oxQjkMejLyelnA7s4GFusoLhahl > qlTOT8UrOyxrR4yYAmJ/e5s+f4gys926+tbiraT/3/wG8wM/Lvcjvk5Ap69zODuRYpypsWfA4jrI > 7TTBXVPGy8g4KUdnFviUiTuFTc2Ghgxp53AmUuLis/THyP28jE7+28//q8bi/bQrFwHC6tWX67+N > K1duFCOcQ6IPIKeVrePZz55Ivgl+WWdkF6uYCz5IdMzurhzmeQ3K8DAMIxz/MG67VWJIOnuGNWF7 > nmdye5zd9AFcRsr1XadvZJCbGNfuc89AL5inCg==</dsig:SignatureValue> > {code} > [1] https://github.com/wildfly/wildfly/commit/536de514829f2187abf1126c8916a04... -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3896) Wrong description of custom-formatter resource's attributes

by Pavel Jelinek (JIRA)

Pavel Jelinek created WFCORE-3896: ------------------------------------- Summary: Wrong description of custom-formatter resource's attributes Key: WFCORE-3896 URL: https://issues.jboss.org/browse/WFCORE-3896 Project: WildFly Core Issue Type: Bug Components: Logging Reporter: Pavel Jelinek Assignee: James Perkins Description of custom-formatter's attributes seems to be copy-pasted from custom-handler: {code} "attributes" => { "class" => { "type" => STRING, "description" => "The logging handler class to be used.", ... }, "module" => { "type" => STRING, "description" => "The module that the logging handler depends on.", ... }, "properties" => { "type" => OBJECT, "description" => "Defines the properties used for the logging handler. All properties must be accessible via a setter method.", ... } } {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-260) Create Reservation on BAGL Lab

by Guilherme Baufaker Rêgo (JIRA)

[ https://issues.jboss.org/browse/SWSQE-260?page=com.atlassian.jira.plugin.... ] Guilherme Baufaker Rêgo closed SWSQE-260. ----------------------------------------- > Create Reservation on BAGL Lab > ------------------------------ > > Key: SWSQE-260 > URL: https://issues.jboss.org/browse/SWSQE-260 > Project: Kiali QE > Issue Type: Sub-task > Reporter: Guilherme Baufaker Rêgo > Assignee: Guilherme Baufaker Rêgo > > Create reservation ticket on Red Hat BAGL lab -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-260) Create Reservation on BAGL Lab

by Guilherme Baufaker Rêgo (JIRA)

[ https://issues.jboss.org/browse/SWSQE-260?page=com.atlassian.jira.plugin.... ] Guilherme Baufaker Rêgo resolved SWSQE-260. ------------------------------------------- Resolution: Done Ticket created https://engineering.redhat.com/rt/Ticket/Display.html?id=472049 > Create Reservation on BAGL Lab > ------------------------------ > > Key: SWSQE-260 > URL: https://issues.jboss.org/browse/SWSQE-260 > Project: Kiali QE > Issue Type: Sub-task > Reporter: Guilherme Baufaker Rêgo > Assignee: Guilherme Baufaker Rêgo > > Create reservation ticket on Red Hat BAGL lab -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-260) Create Reservation on BAGL Lab

by Guilherme Baufaker Rêgo (JIRA)

[ https://issues.jboss.org/browse/SWSQE-260?page=com.atlassian.jira.plugin.... ] Guilherme Baufaker Rêgo updated SWSQE-260: ------------------------------------------ Description: Create reservation ticket on Red Hat BAGL lab (was: Create reservation ticket on BAGL lab) > Create Reservation on BAGL Lab > ------------------------------ > > Key: SWSQE-260 > URL: https://issues.jboss.org/browse/SWSQE-260 > Project: Kiali QE > Issue Type: Sub-task > Reporter: Guilherme Baufaker Rêgo > Assignee: Guilherme Baufaker Rêgo > > Create reservation ticket on Red Hat BAGL lab -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1587) X500 principal [CN=client] was not decoded - no values of attribute [2.5.4.3]

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1587?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1587: ------------------------------ Attachment: client.asn1 > X500 principal [CN=client] was not decoded - no values of attribute [2.5.4.3] > ----------------------------------------------------------------------------- > > Key: ELY-1587 > URL: https://issues.jboss.org/browse/ELY-1587 > Project: WildFly Elytron > Issue Type: Bug > Components: Certificate Authority, X.500 > Affects Versions: 1.3.2.Final > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Critical > Fix For: 1.4.0.CR1 > > Attachments: client.asn1, client.cer > > > Debugging revealed certificate use {{utf8String}} representation whereas Elytron is expecting {{printableString}} > In rfc 5280 [1] chapter 4.1.2.4. Issuer there is specified value of subject/issuer can be of 5 types > {code} > DirectoryString ::= CHOICE { > teletexString TeletexString (SIZE (1..MAX)), > printableString PrintableString (SIZE (1..MAX)), > universalString UniversalString (SIZE (1..MAX)), > utf8String UTF8String (SIZE (1..MAX)), > bmpString BMPString (SIZE (1..MAX)) } > {code} > However Elytron X500 principal decoder [2] can handle only 2 of them PRINTABLE_STRING_TYPE and IA5_STRING_TYPE (not sure which type of rfc does that match) [2] > Definitely missing {{utf8String}} (my case). Also revise for backward compatibility {{teletexString}}, {{bmpString}} and {{universalString}} > [1] https://www.ietf.org/rfc/rfc5280.txt > [2] https://github.com/wildfly-security/wildfly-elytron/blob/32ff7c17965b3eca... -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-260) Create Reservation on BAGL Lab

by Guilherme Baufaker Rêgo (JIRA)

[ https://issues.jboss.org/browse/SWSQE-260?page=com.atlassian.jira.plugin.... ] Guilherme Baufaker Rêgo updated SWSQE-260: ------------------------------------------ Description: Create reservation ticket on BAGL lab > Create Reservation on BAGL Lab > ------------------------------ > > Key: SWSQE-260 > URL: https://issues.jboss.org/browse/SWSQE-260 > Project: Kiali QE > Issue Type: Sub-task > Reporter: Guilherme Baufaker Rêgo > Assignee: Guilherme Baufaker Rêgo > > Create reservation ticket on BAGL lab -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1587) X500 principal [CN=client] was not decoded - no values of attribute [2.5.4.3]

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1587?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1587: ------------------------------ Attachment: client.cer > X500 principal [CN=client] was not decoded - no values of attribute [2.5.4.3] > ----------------------------------------------------------------------------- > > Key: ELY-1587 > URL: https://issues.jboss.org/browse/ELY-1587 > Project: WildFly Elytron > Issue Type: Bug > Components: Certificate Authority, X.500 > Affects Versions: 1.3.2.Final > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Critical > Fix For: 1.4.0.CR1 > > Attachments: client.cer > > > Debugging revealed certificate use {{utf8String}} representation whereas Elytron is expecting {{printableString}} > In rfc 5280 [1] chapter 4.1.2.4. Issuer there is specified value of subject/issuer can be of 5 types > {code} > DirectoryString ::= CHOICE { > teletexString TeletexString (SIZE (1..MAX)), > printableString PrintableString (SIZE (1..MAX)), > universalString UniversalString (SIZE (1..MAX)), > utf8String UTF8String (SIZE (1..MAX)), > bmpString BMPString (SIZE (1..MAX)) } > {code} > However Elytron X500 principal decoder [2] can handle only 2 of them PRINTABLE_STRING_TYPE and IA5_STRING_TYPE (not sure which type of rfc does that match) [2] > Definitely missing {{utf8String}} (my case). Also revise for backward compatibility {{teletexString}}, {{bmpString}} and {{universalString}} > [1] https://www.ietf.org/rfc/rfc5280.txt > [2] https://github.com/wildfly-security/wildfly-elytron/blob/32ff7c17965b3eca... -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-10230) Premature end of file if PathParam and PUT/POST are used together

by Marek Kopecký (JIRA)

[ https://issues.jboss.org/browse/WFLY-10230?page=com.atlassian.jira.plugin... ] Marek Kopecký updated WFLY-10230: --------------------------------- Steps to Reproduce: * Create a simple JAXB object. * Create a REST endpoint with a @PUT, @PathParam, and the JAXB object * Execute the endpoint with a client and get "Premature end of file". * Remove @PathParam so that just the JAXB object is present. * JAXB unmarsal is successful. was: Create a simple JAXB object. Create a REST endpoint with a @PUT, @PathParam, and the JAXB object Execute the endpoint with a client and get "Premature end of file". Remove @PathParam so that just the JAXB object is present. JAXB unmarsal is successful. > Premature end of file if PathParam and PUT/POST are used together > ----------------------------------------------------------------- > > Key: WFLY-10230 > URL: https://issues.jboss.org/browse/WFLY-10230 > Project: WildFly > Issue Type: Bug > Components: REST > Affects Versions: 11.0.0.Final > Reporter: Ray Ramos > Assignee: Marek Marusic > > The below fails with "Premature End of File". It is a PUT with a PathParam and a JAXB serializeable entity. > {code:java} > @PUT > @Path("{tenant}") > @Consumes(MediaType.APPLICATION_XML) > public void upsert(@PathParam("tenant") String tenant, DataTransferModel model) > {code} > {noformat} > 2:58:03,715 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-2) RESTEASY002005: Failed executing PUT /gateway/tenant: org.jboss.resteasy.plugins.providers.jaxb.JAXBUnmarshalException: javax.xml.bind.UnmarshalException > - with linked exception: > [org.xml.sax.SAXParseException; Premature end of file.] > at org.jboss.resteasy.plugins.providers.jaxb.AbstractJAXBProvider.readFrom(AbstractJAXBProvider.java:136) > at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.readFrom(AbstractReaderInterceptorContext.java:66) > at org.jboss.resteasy.core.interception.ServerReaderInterceptorContext.readFrom(ServerReaderInterceptorContext.java:61) > at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:56) > at org.jboss.resteasy.security.doseta.DigitalVerificationInterceptor.aroundReadFrom(DigitalVerificationInterceptor.java:36) > at org.jboss.resteasy.core.interception.AbstractReaderInterceptorContext.proceed(AbstractReaderInterceptorContext.java:59) > at org.jboss.resteasy.core.MessageBodyParameterInjector.inject(MessageBodyParameterInjector.java:151) > at org.jboss.resteasy.core.MethodInjectorImpl.injectArguments(MethodInjectorImpl.java:92) > at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:115) > at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) > at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) > at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) > at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) > at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) > at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) > at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) > at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) > {noformat} > However, if you remove the PathParam, it works. > {code:java} > @PUT > @Path("tenant") > @Consumes(MediaType.APPLICATION_XML) > public void upsert(DataTransferModel model) > {code} > I tried swapping the order of the parameters and I get a "Stream Closed" exception instead. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-1587) X500 principal [CN=client] was not decoded - no values of attribute [2.5.4.3]

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1587?page=com.atlassian.jira.plugin.s... ] Jan Kalina reassigned ELY-1587: ------------------------------- Assignee: Jan Kalina > X500 principal [CN=client] was not decoded - no values of attribute [2.5.4.3] > ----------------------------------------------------------------------------- > > Key: ELY-1587 > URL: https://issues.jboss.org/browse/ELY-1587 > Project: WildFly Elytron > Issue Type: Bug > Components: Certificate Authority, X.500 > Affects Versions: 1.3.2.Final > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Critical > Fix For: 1.4.0.CR1 > > > Debugging revealed certificate use {{utf8String}} representation whereas Elytron is expecting {{printableString}} > In rfc 5280 [1] chapter 4.1.2.4. Issuer there is specified value of subject/issuer can be of 5 types > {code} > DirectoryString ::= CHOICE { > teletexString TeletexString (SIZE (1..MAX)), > printableString PrintableString (SIZE (1..MAX)), > universalString UniversalString (SIZE (1..MAX)), > utf8String UTF8String (SIZE (1..MAX)), > bmpString BMPString (SIZE (1..MAX)) } > {code} > However Elytron X500 principal decoder [2] can handle only 2 of them PRINTABLE_STRING_TYPE and IA5_STRING_TYPE (not sure which type of rfc does that match) [2] > Definitely missing {{utf8String}} (my case). Also revise for backward compatibility {{teletexString}}, {{bmpString}} and {{universalString}} > [1] https://www.ietf.org/rfc/rfc5280.txt > [2] https://github.com/wildfly-security/wildfly-elytron/blob/32ff7c17965b3eca... -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2018