[JBoss JIRA] (WFLY-10240) WS scripts throws AccessControlException when secmgr is used
by R Searls (JIRA)
[ https://issues.jboss.org/browse/WFLY-10240?page=com.atlassian.jira.plugin... ]
R Searls commented on WFLY-10240:
---------------------------------
This is fixed by changes to wfly scripts by WFLY-10209, however that PR is being held until issues handling ps1 scripts is resolved. Once that PR is accepted this will be resolved.
> WS scripts throws AccessControlException when secmgr is used
> ------------------------------------------------------------
>
> Key: WFLY-10240
> URL: https://issues.jboss.org/browse/WFLY-10240
> Project: WildFly
> Issue Type: Bug
> Components: Scripts, Web Services
> Reporter: Marek Kopecký
> Assignee: R Searls
> Priority: Blocker
> Labels: blocker-WF14
>
> WS scripts throws AccessControlException when secmgr is used
> {noformat}
> [mkopecky@dhcp-10-40-5-128 bin]$ java -version
> openjdk version "1.8.0_162"
> OpenJDK Runtime Environment (build 1.8.0_162-b12)
> OpenJDK 64-Bit Server VM (build 25.162-b12, mixed mode)
> [mkopecky@dhcp-10-40-5-128 bin]$ ./wsconsume.sh -secmgr https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
> Could not find log4j.properties or log4j.xml configuration, logging to console.
> Loading FrontEnd jaxws ...
> Loading DataBinding jaxb ...
> wsdl2java -compile -exsh false -d /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp5146068 -verbose -classdir /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output -allowElementReferences https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
> wsdl2java - Apache CXF 3.2.4
> [mkopecky@dhcp-10-40-5-128 bin]$ export SECMGR=true
> [mkopecky@dhcp-10-40-5-128 bin]$ ./wsconsume.sh -secmgr https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
> Could not find log4j.properties or log4j.xml configuration, logging to console.
> Loading FrontEnd jaxws ...
> Loading DataBinding jaxb ...
> wsdl2java -compile -exsh false -d /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp4759967 -verbose -classdir /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output -allowElementReferences https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
> wsdl2java - Apache CXF 3.2.4
> JBWS024002: Failed to invoke org.apache.cxf.tools.wsdlto.WSDLToJava
> org.apache.cxf.tools.common.ToolException: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp4759967/org/openuri/_2004/_04/helloworld/EndpointInterface.java" "read")" in code source "(file:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.162-3.b12.fc26.x86_64/lib/tools.jar <no signer certificates>)" of "java.net.FactoryURLClassLoader@e4d2696")
> at org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.execute(WSDLToJavaContainer.java:420)
> at org.apache.cxf.tools.common.toolspec.ToolRunner.runTool(ToolRunner.java:105)
> at org.apache.cxf.tools.wsdlto.WSDLToJava.run(WSDLToJava.java:113)
> at org.jboss.wsf.stack.cxf.tools.CXFConsumerImpl.consume(CXFConsumerImpl.java:313)
> at org.jboss.ws.tools.cmd.WSConsume.importServices(WSConsume.java:298)
> at org.jboss.ws.tools.cmd.WSConsume.mainInternal(WSConsume.java:108)
> at org.jboss.ws.tools.cmd.WSConsume.main(WSConsume.java:96)
> at org.jboss.modules.Module.runMainMethod(Module.java:348)
> at org.jboss.modules.Module.run(Module.java:328)
> at org.jboss.modules.Main.main(Main.java:557)
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp4759967/org/openuri/_2004/_04/helloworld/EndpointInterface.java" "read")" in code source "(file:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.162-3.b12.fc26.x86_64/lib/tools.jar <no signer certificates>)" of "java.net.FactoryURLClassLoader@e4d2696")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:360)
> at java.io.File.isDirectory(File.java:844)
> at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:69)
> at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:64)
> at com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromFiles(JavacFileManager.java:785)
> at com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromStrings(JavacFileManager.java:185)
> at org.apache.cxf.common.util.Compiler.useJava6Compiler(Compiler.java:202)
> at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:141)
> at org.apache.cxf.tools.common.ClassUtils.compile(ClassUtils.java:123)
> at org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.processWsdl(WSDLToJavaContainer.java:303)
> at org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.execute(WSDLToJavaContainer.java:164)
> at org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.execute(WSDLToJavaContainer.java:412)
> ... 9 more
> [mkopecky@dhcp-10-40-5-128 bin]$
> {noformat}
> {noformat}
> [mkopecky@dhcp-10-40-5-128 bin]$ java -version
> openjdk version "1.8.0_162"
> OpenJDK Runtime Environment (build 1.8.0_162-b12)
> OpenJDK 64-Bit Server VM (build 25.162-b12, mixed mode)
> [mkopecky@dhcp-10-40-5-128 bin]$ ./wsprovide.sh -k -c ~/erase13/classes -o out org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
> Could not find log4j.properties or log4j.xml configuration, logging to console.
> java2ws -s /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -classdir /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -d /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -verbose -cp /home/mkopecky/erase13/classes/: -wrapperbean -createxsdimports org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
> java2ws - Apache CXF 3.2.4
> [mkopecky@dhcp-10-40-5-128 bin]$ export SECMGR=true
> [mkopecky@dhcp-10-40-5-128 bin]$ ./wsprovide.sh -k -c ~/erase13/classes -o out org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
> Could not find log4j.properties or log4j.xml configuration, logging to console.
> java2ws -s /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -classdir /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -d /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -verbose -cp /home/mkopecky/erase13/classes/: -wrapperbean -createxsdimports org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
> java2ws - Apache CXF 3.2.4
> java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out/org/jboss/as/testsuite/integration/scripts/test/tools/jaxws/EchoPlus1Response.java" "read")" in code source "(file:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.162-3.b12.fc26.x86_64/lib/tools.jar <no signer certificates>)" of "java.net.FactoryURLClassLoader@29876704")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:360)
> at java.io.File.isDirectory(File.java:844)
> at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:69)
> at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:64)
> at com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromFiles(JavacFileManager.java:785)
> at com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromStrings(JavacFileManager.java:185)
> at org.apache.cxf.common.util.Compiler.useJava6Compiler(Compiler.java:202)
> at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:141)
> at org.apache.cxf.tools.java2wsdl.generator.wsdl11.BeanGenerator.generateAndCompile(BeanGenerator.java:91)
> at org.apache.cxf.tools.java2wsdl.generator.wsdl11.BeanGenerator.generate(BeanGenerator.java:58)
> at org.apache.cxf.tools.java2wsdl.generator.wsdl11.BeanGenerator.generate(BeanGenerator.java:35)
> at org.apache.cxf.tools.java2wsdl.processor.JavaToWSDLProcessor.generate(JavaToWSDLProcessor.java:156)
> at org.apache.cxf.tools.java2wsdl.processor.JavaToWSDLProcessor.process(JavaToWSDLProcessor.java:118)
> at org.apache.cxf.tools.java2ws.JavaToWSContainer.processWSDL(JavaToWSContainer.java:110)
> at org.apache.cxf.tools.java2ws.JavaToWSContainer.execute(JavaToWSContainer.java:75)
> at org.apache.cxf.tools.common.toolspec.ToolRunner.runTool(ToolRunner.java:105)
> at org.apache.cxf.tools.common.toolspec.ToolRunner.runTool(ToolRunner.java:45)
> at org.apache.cxf.tools.java2ws.JavaToWS.run(JavaToWS.java:83)
> at org.jboss.wsf.stack.cxf.tools.CXFProviderImpl.provide(CXFProviderImpl.java:200)
> at org.jboss.wsf.stack.cxf.tools.CXFProviderImpl.provide(CXFProviderImpl.java:109)
> at org.jboss.ws.tools.cmd.WSProvide.generate(WSProvide.java:223)
> at org.jboss.ws.tools.cmd.WSProvide.main(WSProvide.java:89)
> at org.jboss.modules.Module.runMainMethod(Module.java:348)
> at org.jboss.modules.Module.run(Module.java:328)
> at org.jboss.modules.Main.main(Main.java:557)
> [mkopecky@dhcp-10-40-5-128 bin]$
> {noformat}
> Second example uses classes from classes.zip file attached in WFLY-10238
> cc: [~jbliznak]
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 1 month
[JBoss JIRA] (WFLY-9892) Upgrade org.apache.santuario.xmlsec to 2.1.1. caused regression in PicketLinkSTS
by Pedro Igor (JIRA)
[ https://issues.jboss.org/browse/WFLY-9892?page=com.atlassian.jira.plugin.... ]
Pedro Igor commented on WFLY-9892:
----------------------------------
[~sgilda], the workaround here discussed is all about removing any {{#13;}} from the string representation of a SAML assertion prior to passing it to a remote connection as a credential. No need to update xmlsec libraries.
If you look attachement {{ejb-security-picketlink.zip}} there is a class {{RemoteClient}}. In this class there is a line as follows:
{code}
properties.put("remote.connection.main.password", assertionString);
{code}
The variable {{assertionString}} is the string representation of a SAML assertion and users need to remove {{#13;}} before setting the string into the properties of a remote connection.
> Upgrade org.apache.santuario.xmlsec to 2.1.1. caused regression in PicketLinkSTS
> --------------------------------------------------------------------------------
>
> Key: WFLY-9892
> URL: https://issues.jboss.org/browse/WFLY-9892
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 12.0.0.Beta1
> Reporter: Ondrej Lukas
> Assignee: Pedro Igor
> Priority: Blocker
> Attachments: ejb-security-picketlink.zip, ejb-test.jar, picketlink-sts.war, sts-config.properties
>
>
> When token from PicketLink STS is issued and signed then it is not able to be used for authentication through Remoting in WildFly 12 (i.e. it cannot be set as {{remote.connection.main.password}} property which can be used in PicketLink {{org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule}}). It seems it is caused by upgrade of org.apache.santuario.xmlsec to version 2.1.1. [1]. When WILDFLY11_HOME/modules/system/layers/base/org/apache/santuario/xmlsec/main/xmlsec-2.0.8.jar is placed to WildFly 12 modules then it works correctly.
> We report it as a blocker since it is regression - application which works correctly on WildFly 11 stops to work on WildFly 12 - users are not able to authenticate through Remoting with signed tokens from PicketLink STS correctly.
> Remoting fails due to following exception:
> {code}
> java.lang.IllegalArgumentException: ELY05131: Invalid ASCII control "0xA"
> at org.wildfly.security.sasl.util.StringPrep.forbidAsciiControl(StringPrep.java:117)
> at org.wildfly.security.sasl.util.StringPrep.encode(StringPrep.java:295)
> at org.wildfly.security.sasl.util.StringPrep.encode(StringPrep.java:196)
> at org.wildfly.security.sasl.plain.PlainSaslClient.evaluateChallenge(PlainSaslClient.java:95)
> at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54)
> at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55)
> at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.lambda$handleEvent$1(ClientConnectionOpenListener.java:460)
> at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)
> at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374)
> at java.lang.Thread.run(Thread.java:748)
> {code}
> It is caused by different formating value of SignatureValue in assertion. In WildFly 11 SignatureValue looks like:
> {code}
> <dsig:SignatureValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">nFVkKrXTyYEQ9cwc9OOgySYebEtwzw4alVYP0viXzvqZAUAKtAXEBAfDB8xIOms78twlDdq79MiSvk8OrOdf126Kw/IR8JRn1fYyZ5tsIRcNoTXMgGaTqhrn/HKlLqqqHhVHrJURunqkSzTTxylA2AEPhEDD5Y7hS0W2ZZCeSvuri+PRDSTrRnuedz0yQuHQu1mZ0gjoEFbHh4Wkkn5Ac1R4gmewmmzPud+ZE6Ux4YpeHzQ8rAvZ4bDk6j+eQIRsSxFTLo5RSA3FWN8+lUNV/CSRqBPXsK7QxOaTdBgF+4NXWeExrNJ9SeVFcf9yelvReAtR2JNZ6DUY8u45KtXmLw==</dsig:SignatureValue>
> {code}
> In WildFly 12 it looks like (there are end of lines):
> {code}
> <dsig:SignatureValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">cUNpFJIZlLYrBDZtQSTDrq2K6PbnAHyg2qbx/D5FuB4XMjdQ5oxQjkMejLyelnA7s4GFusoLhahl
> qlTOT8UrOyxrR4yYAmJ/e5s+f4gys926+tbiraT/3/wG8wM/Lvcjvk5Ap69zODuRYpypsWfA4jrI
> 7TTBXVPGy8g4KUdnFviUiTuFTc2Ghgxp53AmUuLis/THyP28jE7+28//q8bi/bQrFwHC6tWX67+N
> K1duFCOcQ6IPIKeVrePZz55Ivgl+WWdkF6uYCz5IdMzurhzmeQ3K8DAMIxz/MG67VWJIOnuGNWF7
> nmdye5zd9AFcRsr1XadvZJCbGNfuc89AL5inCg==</dsig:SignatureValue>
> {code}
> [1] https://github.com/wildfly/wildfly/commit/536de514829f2187abf1126c8916a04...
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 1 month
[JBoss JIRA] (ELY-1589) elytron-client-1_1.xsd is invalid
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/ELY-1589?page=com.atlassian.jira.plugin.s... ]
Jan Kalina updated ELY-1589:
----------------------------
Description:
XSD validation of test-wildfly-config.xml in tests fails because of invalid XSD:
{noformat}Src-resolve: Cannot Resolve The Name 'resource-type' To A(n) 'simpleType Definition' Component.{noformat}
was:
XSD validation of test-wildfly-config.xml in tests fails because of invalid XSD:
Src-resolve: Cannot Resolve The Name 'resource-type' To A(n) 'simpleType Definition' Component.
> elytron-client-1_1.xsd is invalid
> ---------------------------------
>
> Key: ELY-1589
> URL: https://issues.jboss.org/browse/ELY-1589
> Project: WildFly Elytron
> Issue Type: Bug
> Components: XML
> Affects Versions: 1.3.2.Final
> Reporter: Jan Kalina
> Assignee: Jan Kalina
>
> XSD validation of test-wildfly-config.xml in tests fails because of invalid XSD:
> {noformat}Src-resolve: Cannot Resolve The Name 'resource-type' To A(n) 'simpleType Definition' Component.{noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 1 month
[JBoss JIRA] (ELY-1589) elytron-client-1_1.xsd is invalid
by Jan Kalina (JIRA)
Jan Kalina created ELY-1589:
-------------------------------
Summary: elytron-client-1_1.xsd is invalid
Key: ELY-1589
URL: https://issues.jboss.org/browse/ELY-1589
Project: WildFly Elytron
Issue Type: Bug
Components: XML
Affects Versions: 1.3.2.Final
Reporter: Jan Kalina
Assignee: Jan Kalina
XSD validation of test-wildfly-config.xml in tests fails because of invalid XSD:
Src-resolve: Cannot Resolve The Name 'resource-type' To A(n) 'simpleType Definition' Component.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 1 month
[JBoss JIRA] (DROOLS-2576) Unexpected rule fire by sharing From and pojo without hashCode/equals
by Tibor Zimányi (JIRA)
Tibor Zimányi created DROOLS-2576:
-------------------------------------
Summary: Unexpected rule fire by sharing From and pojo without hashCode/equals
Key: DROOLS-2576
URL: https://issues.jboss.org/browse/DROOLS-2576
Project: Drools
Issue Type: Bug
Components: core engine
Affects Versions: 7.7.0.Final
Reporter: Tibor Zimányi
Assignee: Mario Fusco
Under the conditions:
- "from" clause with multiple rules
- calling update()
- Pojo doesn't implement hashCode/equals (to be precise, only equals() seems to matter)
A rule is activated/fired unexpectedly.
Please see Unit test for details.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 1 month