[JBoss JIRA] (WFLY-10420) Block non-SSL IIOP port when SSL transport is required
by Kabir Khan (JIRA)
Kabir Khan created WFLY-10420:
---------------------------------
Summary: Block non-SSL IIOP port when SSL transport is required
Key: WFLY-10420
URL: https://issues.jboss.org/browse/WFLY-10420
Project: WildFly
Issue Type: Feature Request
Reporter: Tomasz Adamski
Assignee: Tomasz Adamski
When iiop configuration indicates SSL is required client should not be able to connect without SSL.
For example, with
{noformat}
<transport-config confidentiality="required" trust-in-target="supported"/>
{noformat}
connecting to {{corbaloc:iiop:1.2@<url>:3528/JBoss/Naming/root}} should not be possible
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 1 month
[JBoss JIRA] (WFLY-10240) WS scripts throws AccessControlException when secmgr is used
by Kabir Khan (JIRA)
[ https://issues.jboss.org/browse/WFLY-10240?page=com.atlassian.jira.plugin... ]
Kabir Khan updated WFLY-10240:
------------------------------
Labels: blocker-WF14 (was: )
> WS scripts throws AccessControlException when secmgr is used
> ------------------------------------------------------------
>
> Key: WFLY-10240
> URL: https://issues.jboss.org/browse/WFLY-10240
> Project: WildFly
> Issue Type: Bug
> Components: Scripts, Web Services
> Reporter: Marek Kopecký
> Assignee: R Searls
> Priority: Blocker
> Labels: blocker-WF14
>
> WS scripts throws AccessControlException when secmgr is used
> {noformat}
> [mkopecky@dhcp-10-40-5-128 bin]$ java -version
> openjdk version "1.8.0_162"
> OpenJDK Runtime Environment (build 1.8.0_162-b12)
> OpenJDK 64-Bit Server VM (build 25.162-b12, mixed mode)
> [mkopecky@dhcp-10-40-5-128 bin]$ ./wsconsume.sh -secmgr https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
> Could not find log4j.properties or log4j.xml configuration, logging to console.
> Loading FrontEnd jaxws ...
> Loading DataBinding jaxb ...
> wsdl2java -compile -exsh false -d /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp5146068 -verbose -classdir /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output -allowElementReferences https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
> wsdl2java - Apache CXF 3.2.4
> [mkopecky@dhcp-10-40-5-128 bin]$ export SECMGR=true
> [mkopecky@dhcp-10-40-5-128 bin]$ ./wsconsume.sh -secmgr https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
> Could not find log4j.properties or log4j.xml configuration, logging to console.
> Loading FrontEnd jaxws ...
> Loading DataBinding jaxb ...
> wsdl2java -compile -exsh false -d /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp4759967 -verbose -classdir /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output -allowElementReferences https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
> wsdl2java - Apache CXF 3.2.4
> JBWS024002: Failed to invoke org.apache.cxf.tools.wsdlto.WSDLToJava
> org.apache.cxf.tools.common.ToolException: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp4759967/org/openuri/_2004/_04/helloworld/EndpointInterface.java" "read")" in code source "(file:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.162-3.b12.fc26.x86_64/lib/tools.jar <no signer certificates>)" of "java.net.FactoryURLClassLoader@e4d2696")
> at org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.execute(WSDLToJavaContainer.java:420)
> at org.apache.cxf.tools.common.toolspec.ToolRunner.runTool(ToolRunner.java:105)
> at org.apache.cxf.tools.wsdlto.WSDLToJava.run(WSDLToJava.java:113)
> at org.jboss.wsf.stack.cxf.tools.CXFConsumerImpl.consume(CXFConsumerImpl.java:313)
> at org.jboss.ws.tools.cmd.WSConsume.importServices(WSConsume.java:298)
> at org.jboss.ws.tools.cmd.WSConsume.mainInternal(WSConsume.java:108)
> at org.jboss.ws.tools.cmd.WSConsume.main(WSConsume.java:96)
> at org.jboss.modules.Module.runMainMethod(Module.java:348)
> at org.jboss.modules.Module.run(Module.java:328)
> at org.jboss.modules.Main.main(Main.java:557)
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp4759967/org/openuri/_2004/_04/helloworld/EndpointInterface.java" "read")" in code source "(file:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.162-3.b12.fc26.x86_64/lib/tools.jar <no signer certificates>)" of "java.net.FactoryURLClassLoader@e4d2696")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:360)
> at java.io.File.isDirectory(File.java:844)
> at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:69)
> at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:64)
> at com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromFiles(JavacFileManager.java:785)
> at com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromStrings(JavacFileManager.java:185)
> at org.apache.cxf.common.util.Compiler.useJava6Compiler(Compiler.java:202)
> at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:141)
> at org.apache.cxf.tools.common.ClassUtils.compile(ClassUtils.java:123)
> at org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.processWsdl(WSDLToJavaContainer.java:303)
> at org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.execute(WSDLToJavaContainer.java:164)
> at org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.execute(WSDLToJavaContainer.java:412)
> ... 9 more
> [mkopecky@dhcp-10-40-5-128 bin]$
> {noformat}
> {noformat}
> [mkopecky@dhcp-10-40-5-128 bin]$ java -version
> openjdk version "1.8.0_162"
> OpenJDK Runtime Environment (build 1.8.0_162-b12)
> OpenJDK 64-Bit Server VM (build 25.162-b12, mixed mode)
> [mkopecky@dhcp-10-40-5-128 bin]$ ./wsprovide.sh -k -c ~/erase13/classes -o out org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
> Could not find log4j.properties or log4j.xml configuration, logging to console.
> java2ws -s /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -classdir /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -d /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -verbose -cp /home/mkopecky/erase13/classes/: -wrapperbean -createxsdimports org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
> java2ws - Apache CXF 3.2.4
> [mkopecky@dhcp-10-40-5-128 bin]$ export SECMGR=true
> [mkopecky@dhcp-10-40-5-128 bin]$ ./wsprovide.sh -k -c ~/erase13/classes -o out org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
> Could not find log4j.properties or log4j.xml configuration, logging to console.
> java2ws -s /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -classdir /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -d /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -verbose -cp /home/mkopecky/erase13/classes/: -wrapperbean -createxsdimports org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
> java2ws - Apache CXF 3.2.4
> java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out/org/jboss/as/testsuite/integration/scripts/test/tools/jaxws/EchoPlus1Response.java" "read")" in code source "(file:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.162-3.b12.fc26.x86_64/lib/tools.jar <no signer certificates>)" of "java.net.FactoryURLClassLoader@29876704")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:360)
> at java.io.File.isDirectory(File.java:844)
> at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:69)
> at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:64)
> at com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromFiles(JavacFileManager.java:785)
> at com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromStrings(JavacFileManager.java:185)
> at org.apache.cxf.common.util.Compiler.useJava6Compiler(Compiler.java:202)
> at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:141)
> at org.apache.cxf.tools.java2wsdl.generator.wsdl11.BeanGenerator.generateAndCompile(BeanGenerator.java:91)
> at org.apache.cxf.tools.java2wsdl.generator.wsdl11.BeanGenerator.generate(BeanGenerator.java:58)
> at org.apache.cxf.tools.java2wsdl.generator.wsdl11.BeanGenerator.generate(BeanGenerator.java:35)
> at org.apache.cxf.tools.java2wsdl.processor.JavaToWSDLProcessor.generate(JavaToWSDLProcessor.java:156)
> at org.apache.cxf.tools.java2wsdl.processor.JavaToWSDLProcessor.process(JavaToWSDLProcessor.java:118)
> at org.apache.cxf.tools.java2ws.JavaToWSContainer.processWSDL(JavaToWSContainer.java:110)
> at org.apache.cxf.tools.java2ws.JavaToWSContainer.execute(JavaToWSContainer.java:75)
> at org.apache.cxf.tools.common.toolspec.ToolRunner.runTool(ToolRunner.java:105)
> at org.apache.cxf.tools.common.toolspec.ToolRunner.runTool(ToolRunner.java:45)
> at org.apache.cxf.tools.java2ws.JavaToWS.run(JavaToWS.java:83)
> at org.jboss.wsf.stack.cxf.tools.CXFProviderImpl.provide(CXFProviderImpl.java:200)
> at org.jboss.wsf.stack.cxf.tools.CXFProviderImpl.provide(CXFProviderImpl.java:109)
> at org.jboss.ws.tools.cmd.WSProvide.generate(WSProvide.java:223)
> at org.jboss.ws.tools.cmd.WSProvide.main(WSProvide.java:89)
> at org.jboss.modules.Module.runMainMethod(Module.java:348)
> at org.jboss.modules.Module.run(Module.java:328)
> at org.jboss.modules.Main.main(Main.java:557)
> [mkopecky@dhcp-10-40-5-128 bin]$
> {noformat}
> Second example uses classes from classes.zip file attached in WFLY-10238
> cc: [~jbliznak]
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 1 month
[JBoss JIRA] (WFLY-9978) resource adapter sometimes fails to start when it uses legacy security-domain
by Kabir Khan (JIRA)
[ https://issues.jboss.org/browse/WFLY-9978?page=com.atlassian.jira.plugin.... ]
Kabir Khan updated WFLY-9978:
-----------------------------
Labels: blocker-WF14 (was: )
> resource adapter sometimes fails to start when it uses legacy security-domain
> -----------------------------------------------------------------------------
>
> Key: WFLY-9978
> URL: https://issues.jboss.org/browse/WFLY-9978
> Project: WildFly
> Issue Type: Bug
> Components: JCA
> Affects Versions: 11.0.0.Final, 12.0.0.Final
> Environment: WildFly 11
> JBoss EAP 7.1.0
> Reporter: Martin Simka
> Assignee: Stefano Maestri
> Priority: Blocker
> Labels: blocker-WF14
> Attachments: bad.txt, good.txt, standalone.xml
>
>
> When resource adapter is configured with legacy security domain, it sometimes fails to start.
> Error:
> {noformat}
> 2018-03-07 16:04:34,300 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 62) MSC000001: Failed to start service jboss.ra.deployment."org.jboss.genericjms:main_generic-jms-ra": org.jboss.msc.service.StartException in service jboss.ra.deployment."org.jboss.genericjms:main_generic-jms-ra": WFLYJCA0046: Failed to start RA deployment [generic-jms-ra]
> at org.jboss.as.connector.services.resourceadapters.deployment.AbstractResourceAdapterDeploymentService$2.run(AbstractResourceAdapterDeploymentService.java:332)
> at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1349)
> at java.lang.Thread.run(Thread.java:748)
> at org.jboss.threads.JBossThread.run(JBossThread.java:485)
> Caused by: org.jboss.jca.deployers.common.DeployException: IJ020056: Deployment failed: file:/tmp/wildfly-13.0.0.Alpha1-SNAPSHOT/modules/system/layers/base/org/jboss/genericjms/main/
> at org.jboss.jca.deployers.common.AbstractResourceAdapterDeployer.createObjectsAndInjectValue(AbstractResourceAdapterDeployer.java:2064)
> at org.jboss.as.connector.services.resourceadapters.deployment.ResourceAdapterXmlDeploymentService$WildFlyRaXmlDeployer.doDeploy(ResourceAdapterXmlDeploymentService.java:173)
> at org.jboss.as.connector.services.resourceadapters.deployment.ResourceAdapterXmlDeploymentService.start(ResourceAdapterXmlDeploymentService.java:116)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1714)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1693)
> at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1540)
> at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.IllegalStateException
> at org.jboss.msc.value.InjectedValue.getValue(InjectedValue.java:47)
> at org.jboss.as.connector.services.resourceadapters.deployment.AbstractResourceAdapterDeploymentService$AbstractWildFlyRaDeployer.getSubjectFactory(AbstractResourceAdapterDeploymentService.java:635)
> at org.jboss.jca.deployers.common.AbstractResourceAdapterDeployer.createObjectsAndInjectValue(AbstractResourceAdapterDeployer.java:1666)
> ... 10 more
> {noformat}
> Full logs for good and bad start with enabled trace logging for {{org.jboss.as.connector}}, {{org.jboss.as.security}} and {{org.jboss.security}} are attached.
> Priority set to blocker because it seems to be regression against WildFly 10 (and JBoss EAP 7.0.0) where I wasn't able to reproduce this.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 1 month
[JBoss JIRA] (WFLY-10031) Scripts throws "illegal reflective access" warning on JDK9+
by Kabir Khan (JIRA)
[ https://issues.jboss.org/browse/WFLY-10031?page=com.atlassian.jira.plugin... ]
Kabir Khan updated WFLY-10031:
------------------------------
Labels: blocker-WF14 (was: )
> Scripts throws "illegal reflective access" warning on JDK9+
> -----------------------------------------------------------
>
> Key: WFLY-10031
> URL: https://issues.jboss.org/browse/WFLY-10031
> Project: WildFly
> Issue Type: Bug
> Components: Scripts, Security
> Reporter: Marek Kopecký
> Assignee: James Perkins
> Priority: Blocker
> Labels: blocker-WF14
>
> *Description of the issue:*
> Scripts throws "illegal reflective access" warning on JDK9/10/11.
> *How reproducible:*
> Always with JDK9, 10 and 11
> *Steps to Reproduce:*
> * ./jboss-cli.sh "echo test"
> * ./add-user.sh -u test4 -p Test123* -s
> * ./appclient.sh -v
> * ./wsconsume.sh
> * ./wsprovide.sh
> * ./domain.sh
> * ./standalone.sh
> *Actual results:*
> {noformat}
> [hudson@rhel7-large-9887 bin]$ java --version
> java 9.0.4
> Java(TM) SE Runtime Environment (build 9.0.4+11)
> Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode)
> [hudson@rhel7-large-9887 bin]$
> {noformat}
> {noformat}
> [hudson@rhel7-large-9887 bin]$ ./jboss-cli.sh "echo test"
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by org.jboss.logmanager.LogManager$2 (jar:file:/home/hudson/hudson_workspace/workspace/early-testing-scripts-unix/9774dccf/wildfly/modules/system/layers/base/org/jboss/logmanager/main/jboss-logmanager-2.0.9.Final.jar!/) to constructor java.util.logging.Level$KnownLevel(java.util.logging.Level)
> WARNING: Please consider reporting this to the maintainers of org.jboss.logmanager.LogManager$2
> WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
> WARNING: All illegal access operations will be denied in a future release
> test
> [hudson@rhel7-large-9887 bin]$
> {noformat}
> {noformat}
> [hudson@rhel7-large-9887 bin]$ ./add-user.sh -u test4 -p Test123* -s
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by org.jboss.logmanager.LogManager$2 (jar:file:/home/hudson/hudson_workspace/workspace/early-testing-scripts-unix/9774dccf/wildfly/modules/system/layers/base/org/jboss/logmanager/main/jboss-logmanager-2.0.9.Final.jar!/) to constructor java.util.logging.Level$KnownLevel(java.util.logging.Level)
> WARNING: Please consider reporting this to the maintainers of org.jboss.logmanager.LogManager$2
> WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
> WARNING: All illegal access operations will be denied in a future release
> [hudson@rhel7-large-9887 bin]$ cat ../standalone/configuration/mgmt-users.properties | tail -n 1
> test4=a95aa9d159b7afe0cc9d3795061551ad
> [hudson@rhel7-large-9887 bin]$
> {noformat}
> {noformat}
> [hudson@rhel7-large-9887 bin]$ ./appclient.sh -v
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by org.jboss.logmanager.LogManager$2 (jar:file:/home/hudson/hudson_workspace/workspace/early-testing-scripts-unix/9774dccf/wildfly/modules/system/layers/base/org/jboss/logmanager/main/jboss-logmanager-2.0.9.Final.jar!/) to constructor java.util.logging.Level$KnownLevel(java.util.logging.Level)
> WARNING: Please consider reporting this to the maintainers of org.jboss.logmanager.LogManager$2
> WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
> WARNING: All illegal access operations will be denied in a future release
> 06:11:52,205 INFO [org.jboss.modules] (main) JBoss Modules version 1.7.0.Final
> WildFly Full 13.0.0.Alpha1-SNAPSHOT (WildFly Core 4.0.0.Final)
> [hudson@rhel7-large-9887 bin]$
> {noformat}
> *Expected results:*
> No warnings
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 1 month
[JBoss JIRA] (WFLY-10091) GC logging is not working on Java 9
by Kabir Khan (JIRA)
[ https://issues.jboss.org/browse/WFLY-10091?page=com.atlassian.jira.plugin... ]
Kabir Khan updated WFLY-10091:
------------------------------
Labels: blocker-WF14 (was: )
> GC logging is not working on Java 9
> -----------------------------------
>
> Key: WFLY-10091
> URL: https://issues.jboss.org/browse/WFLY-10091
> Project: WildFly
> Issue Type: Bug
> Components: Scripts
> Reporter: Rostislav Svoboda
> Priority: Blocker
> Labels: blocker-WF14
>
> GC logging is not working on Java 9. This is related to the fact G1 GC is default and there are changes in configuration option.
> {code}
> GC_LOG="true" ./standalone.sh
> {code}
> Java 8:
> {code}
> JAVA_OPTS: -server -verbose:gc -Xloggc:"/Users/rsvoboda/TESTING/7.2.0.CD12.CR1/jboss-eap-7.2/standalone/log/gc.log"
> -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5
> -XX:GCLogFileSize=3M -XX:-TraceClassUnloading -Xms1303m -Xmx1303m -XX:MetaspaceSize=96M
> -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
> {code}
> Java 9:
> {code}
> JAVA_OPTS: -server -Xms1303m -Xmx1303m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m
> -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years, 1 month