[JBoss JIRA] (WFLY-10142) Some Naming tests fail with security manager with JDK 9
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFLY-10142?page=com.atlassian.jira.plugin... ]
Jan Kalina edited comment on WFLY-10142 at 6/4/18 5:21 AM:
-----------------------------------------------------------
After fixing the missing permission, there is following problem:
{code}
2018-06-04 10:07:10,283 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ldap-test/: javax.servlet.ServletException: javax.naming.InvalidNameException: WFNAM00007: Invalid URL scheme name "ldap"
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:75)
at javax.servlet.api@1.0.2.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.api@1.0.2.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
at io.undertow.core@2.0.9.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.core@2.0.9.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.base/java.lang.Thread.run(Thread.java:844)
Caused by: javax.naming.InvalidNameException: WFNAM00007: Invalid URL scheme name "ldap"
at org.wildfly.naming-client@1.0.9.Final//org.wildfly.naming.client.WildFlyRootContext.getProviderContext(WildFlyRootContext.java:808)
at org.wildfly.naming-client@1.0.9.Final//org.wildfly.naming.client.WildFlyRootContext.search(WildFlyRootContext.java:672)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.runSearch(LdapUrlTestServlet.java:111)
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:73)
... 45 more
{code}
There is problem with hostname in {{dirCtx.search(ldapUrl + "/dc=jboss,dc=org", ...)}} - works ok if I put only {{dirCtx.search("dc=jboss,dc=org", ...)}} here...
This is regression of WFLY-2319 - but only on JDK 9 with enabled security.manager!
Difference between JDK8 (working) and JDK9 (invalid URL scheme "ldap") behavior in WildFlyRootContext:
* JDK8: javax.naming.spi.NamingManager.getURLContext("ldap", environment) returns com.sun.jndi.url.ldap.ldapURLContext
* JDK9: javax.naming.spi.NamingManager.getURLContext("ldap", environment) returns null
was (Author: honza889):
After fixing the missing permission, there is following problem:
{code}
2018-06-04 10:07:10,283 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ldap-test/: javax.servlet.ServletException: javax.naming.InvalidNameException: WFNAM00007: Invalid URL scheme name "ldap"
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:75)
at javax.servlet.api@1.0.2.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.api@1.0.2.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
at io.undertow.core@2.0.9.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.core@2.0.9.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.base/java.lang.Thread.run(Thread.java:844)
Caused by: javax.naming.InvalidNameException: WFNAM00007: Invalid URL scheme name "ldap"
at org.wildfly.naming-client@1.0.9.Final//org.wildfly.naming.client.WildFlyRootContext.getProviderContext(WildFlyRootContext.java:808)
at org.wildfly.naming-client@1.0.9.Final//org.wildfly.naming.client.WildFlyRootContext.search(WildFlyRootContext.java:672)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.runSearch(LdapUrlTestServlet.java:111)
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:73)
... 45 more
{code}
There is problem with hostname in {{dirCtx.search(ldapUrl + "/dc=jboss,dc=org", ...)}} - works ok if I put only {{dirCtx.search("dc=jboss,dc=org", ...)}} here...
This is regression of WFLY-2319 - but only on JDK 9 with enabled security.manager!
> Some Naming tests fail with security manager with JDK 9
> -------------------------------------------------------
>
> Key: WFLY-10142
> URL: https://issues.jboss.org/browse/WFLY-10142
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite
> Affects Versions: 12.0.0.Final
> Reporter: Ondrej Lukas
> Assignee: Jan Kalina
> Labels: security-manager
>
> Tests
> * {{LdapUrlInSearchBaseTestCase}}
> * {{ExternalContextBindingTestCase}}
> fail with security manager because of missing permission {{"java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap"}}, with exception like:
> {code}
> ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /ldap-test/: javax.servlet.ServletException: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader [Root exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader")]
> at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:75)
> at javax.servlet.api//javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> at javax.servlet.api//javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:67)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
> at java.base/java.security.AccessController.doPrivileged(Native Method)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
> at java.base/java.lang.Thread.run(Thread.java:844)
> Caused by: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader [Root exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader")]
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:120)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.init(InitialContext.java:101)
> at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
> at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
> at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
> at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
> at java.naming/javax.naming.InitialContext.<init>(InitialContext.java:208)
> at java.naming/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
> at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.runSearch(LdapUrlTestServlet.java:109)
> at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:73)
> ... 45 more
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader")
> at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
> at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
> at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1534)
> at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPackageAccess(WildFlySecurityManager.java:491)
> at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:181)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:496)
> at java.base/java.lang.Class.forName0(Native Method)
> at java.base/java.lang.Class.forName(Class.java:375)
> at org.jboss.modules.JDKSpecific$1.loadClassLocal(JDKSpecific.java:115)
> at org.jboss.modules.Module.loadModuleClass(Module.java:717)
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:191)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
> at java.base/java.lang.Class.forName0(Native Method)
> at java.base/java.lang.Class.forName(Class.java:375)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:115)
> ... 56 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years
- 1
- 0
[JBoss JIRA] (DROOLS-2609) Implement decision table analysis as DMN validator extension
by Fedor Gavrilov (JIRA)
Fedor Gavrilov created DROOLS-2609:
--------------------------------------
Summary: Implement decision table analysis as DMN validator extension
Key: DROOLS-2609
URL: https://issues.jboss.org/browse/DROOLS-2609
Project: Drools
Issue Type: Enhancement
Reporter: Fedor Gavrilov
Assignee: Fedor Gavrilov
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years
- 1
- 0
[JBoss JIRA] (WFLY-10491) Fix wildfly-capabilities repository representation on GitHub
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/WFLY-10491?page=com.atlassian.jira.plugin... ]
Radoslav Husar closed WFLY-10491.
---------------------------------
Resolution: Done
> Fix wildfly-capabilities repository representation on GitHub
> ------------------------------------------------------------
>
> Key: WFLY-10491
> URL: https://issues.jboss.org/browse/WFLY-10491
> Project: WildFly
> Issue Type: Task
> Components: Documentation
> Reporter: Radoslav Husar
> Assignee: Radoslav Husar
> Priority: Trivial
>
> Currently, the https://github.com/wildfly/wildfly-capabilities repository says its "forked from bstansberry/wildfly-capabilities". The common practice and understanding in community is that the upstream repository is the one that is not forked from any other repository. Thus having the upstream repository not represented as upstream is confusing.
> To remedy this, with a method we used in the past, is to delete the bstansberry/wildfly-capabilities repository (and then fork from wildfly of course).
> The repo should have been *moved* to wildfly organization and not *forked*. This as a result has messed up all the previous forks, like https://github.com/rhusar/wildfly-capabilities which makes a poor usability from the UI, because it opens PRs against wrong repo by default.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years
- 1
- 0
[JBoss JIRA] (WFLY-10491) Fix wildfly-capabilities repository representation on GitHub
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/WFLY-10491?page=com.atlassian.jira.plugin... ]
Radoslav Husar commented on WFLY-10491:
---------------------------------------
[~brian.stansberry] Now that's hilarious! Not sure how to explain that -- but its fixed now after I applied the method too for my repo. Thanks for cooperation Brian.
> Fix wildfly-capabilities repository representation on GitHub
> ------------------------------------------------------------
>
> Key: WFLY-10491
> URL: https://issues.jboss.org/browse/WFLY-10491
> Project: WildFly
> Issue Type: Task
> Components: Documentation
> Reporter: Radoslav Husar
> Assignee: Radoslav Husar
> Priority: Trivial
>
> Currently, the https://github.com/wildfly/wildfly-capabilities repository says its "forked from bstansberry/wildfly-capabilities". The common practice and understanding in community is that the upstream repository is the one that is not forked from any other repository. Thus having the upstream repository not represented as upstream is confusing.
> To remedy this, with a method we used in the past, is to delete the bstansberry/wildfly-capabilities repository (and then fork from wildfly of course).
> The repo should have been *moved* to wildfly organization and not *forked*. This as a result has messed up all the previous forks, like https://github.com/rhusar/wildfly-capabilities which makes a poor usability from the UI, because it opens PRs against wrong repo by default.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years
- 1
- 0
[JBoss JIRA] (DROOLS-1663) Kie DMN doesn't support IMPORT decisions between DMN files
by Matteo Mortari (JIRA)
[ https://issues.jboss.org/browse/DROOLS-1663?page=com.atlassian.jira.plugi... ]
Matteo Mortari commented on DROOLS-1663:
----------------------------------------
Support for importing, (simple) Decisions from another model
https://github.com/kiegroup/drools/commit/8d589c571401b031b573e2875f98363...
> Kie DMN doesn't support IMPORT decisions between DMN files
> ----------------------------------------------------------
>
> Key: DROOLS-1663
> URL: https://issues.jboss.org/browse/DROOLS-1663
> Project: Drools
> Issue Type: Enhancement
> Components: dmn engine
> Reporter: Stylianos Koussouris
> Assignee: Matteo Mortari
> Attachments: IMG_2197.jpg, IMG_2198.jpg, IMG_2199.jpg, dmn import defaults.odt
>
>
> DMN Spec 1.1
> Page 40.
> import: Import [*] This attribute is used to import externally defined elements and
> make them available for use by elements in this Definitions.
> Section 6.3.3 Import metamodel
> The aim here is to be able to import one Decision defined in a separate DMN into another where it is used as a supporting decision and is referenced (RequiredDecision)
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years
- 1
- 0
[JBoss JIRA] (WFCORE-304) Enable user agent and address filters.
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-304?page=com.atlassian.jira.plugin... ]
Brian Stansberry commented on WFCORE-304:
-----------------------------------------
If we do this we should look into what can be done re address filters for the native interface as well.
A _possible_ place to do that is AbstractModelControllerOperationHandlerFactoryService.startReceiving(Channel) which, since it has the Channel, can get the Connection and hence the SocketAddress of the peer.
Limiting that to the ModelControllerClientOperationHandlerFactoryService subclass would limit the restriction normal end user clients.
Thinking about how to handle intra-domain traffic versus end user traffic is something to consider for the HTTP side as well.
> Enable user agent and address filters.
> --------------------------------------
>
> Key: WFCORE-304
> URL: https://issues.jboss.org/browse/WFCORE-304
> Project: WildFly Core
> Issue Type: Sub-task
> Components: Management
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
>
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years
- 1
- 0
[JBoss JIRA] (WFLY-10142) Some Naming tests fail with security manager with JDK 9
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFLY-10142?page=com.atlassian.jira.plugin... ]
Jan Kalina edited comment on WFLY-10142 at 6/4/18 4:31 AM:
-----------------------------------------------------------
After fixing the missing permission, there is following problem:
{code}
2018-06-04 10:07:10,283 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ldap-test/: javax.servlet.ServletException: javax.naming.InvalidNameException: WFNAM00007: Invalid URL scheme name "ldap"
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:75)
at javax.servlet.api@1.0.2.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.api@1.0.2.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
at io.undertow.core@2.0.9.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.core@2.0.9.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.base/java.lang.Thread.run(Thread.java:844)
Caused by: javax.naming.InvalidNameException: WFNAM00007: Invalid URL scheme name "ldap"
at org.wildfly.naming-client@1.0.9.Final//org.wildfly.naming.client.WildFlyRootContext.getProviderContext(WildFlyRootContext.java:808)
at org.wildfly.naming-client@1.0.9.Final//org.wildfly.naming.client.WildFlyRootContext.search(WildFlyRootContext.java:672)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.runSearch(LdapUrlTestServlet.java:111)
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:73)
... 45 more
{code}
There is problem with hostname in {{dirCtx.search(ldapUrl + "/dc=jboss,dc=org", ...)}} - works ok if I put only {{dirCtx.search("dc=jboss,dc=org", ...)}} here...
This is regression of WFLY-2319 - but only on JDK 9 with enabled security.manager!
was (Author: honza889):
After fixing the missing permission, there is following problem:
{code}
2018-06-04 10:07:10,283 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ldap-test/: javax.servlet.ServletException: javax.naming.InvalidNameException: WFNAM00007: Invalid URL scheme name "ldap"
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:75)
at javax.servlet.api@1.0.2.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.api@1.0.2.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
at io.undertow.core@2.0.9.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.core@2.0.9.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.base/java.lang.Thread.run(Thread.java:844)
Caused by: javax.naming.InvalidNameException: WFNAM00007: Invalid URL scheme name "ldap"
at org.wildfly.naming-client@1.0.9.Final//org.wildfly.naming.client.WildFlyRootContext.getProviderContext(WildFlyRootContext.java:808)
at org.wildfly.naming-client@1.0.9.Final//org.wildfly.naming.client.WildFlyRootContext.search(WildFlyRootContext.java:672)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.runSearch(LdapUrlTestServlet.java:111)
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:73)
... 45 more
{code}
There is problem with hostname in {{dirCtx.search(ldapUrl + "/dc=jboss,dc=org", ...)}} - works ok if I put only {{dirCtx.search("dc=jboss,dc=org", ...)}} here...
This is regression of WFLY-2319 (!)
> Some Naming tests fail with security manager with JDK 9
> -------------------------------------------------------
>
> Key: WFLY-10142
> URL: https://issues.jboss.org/browse/WFLY-10142
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite
> Affects Versions: 12.0.0.Final
> Reporter: Ondrej Lukas
> Assignee: Jan Kalina
> Labels: security-manager
>
> Tests
> * {{LdapUrlInSearchBaseTestCase}}
> * {{ExternalContextBindingTestCase}}
> fail with security manager because of missing permission {{"java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap"}}, with exception like:
> {code}
> ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /ldap-test/: javax.servlet.ServletException: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader [Root exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader")]
> at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:75)
> at javax.servlet.api//javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> at javax.servlet.api//javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:67)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
> at java.base/java.security.AccessController.doPrivileged(Native Method)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
> at java.base/java.lang.Thread.run(Thread.java:844)
> Caused by: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader [Root exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader")]
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:120)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.init(InitialContext.java:101)
> at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
> at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
> at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
> at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
> at java.naming/javax.naming.InitialContext.<init>(InitialContext.java:208)
> at java.naming/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
> at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.runSearch(LdapUrlTestServlet.java:109)
> at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:73)
> ... 45 more
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader")
> at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
> at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
> at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1534)
> at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPackageAccess(WildFlySecurityManager.java:491)
> at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:181)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:496)
> at java.base/java.lang.Class.forName0(Native Method)
> at java.base/java.lang.Class.forName(Class.java:375)
> at org.jboss.modules.JDKSpecific$1.loadClassLocal(JDKSpecific.java:115)
> at org.jboss.modules.Module.loadModuleClass(Module.java:717)
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:191)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
> at java.base/java.lang.Class.forName0(Native Method)
> at java.base/java.lang.Class.forName(Class.java:375)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:115)
> ... 56 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years
- 1
- 0
[JBoss JIRA] (WFLY-10481) EEConcurrencySuspendTestCase should check the suspend state
by Yeray Borges (JIRA)
[ https://issues.jboss.org/browse/WFLY-10481?page=com.atlassian.jira.plugin... ]
Yeray Borges updated WFLY-10481:
--------------------------------
Git Pull Request: https://github.com/wildfly/wildfly/pull/11305 (was: https://issues.jboss.org/browse/WFLY-10481)
> EEConcurrencySuspendTestCase should check the suspend state
> -----------------------------------------------------------
>
> Key: WFLY-10481
> URL: https://issues.jboss.org/browse/WFLY-10481
> Project: WildFly
> Issue Type: Task
> Components: Test Suite
> Reporter: Yeray Borges
> Assignee: Yeray Borges
> Priority: Minor
>
> This is a minor improvement for EEConcurrencySuspendTestCase, the test should check the server suspend state.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years
- 1
- 0
[JBoss JIRA] (WFLY-10142) Some Naming tests fail with security manager with JDK 9
by Jan Kalina (JIRA)
[ https://issues.jboss.org/browse/WFLY-10142?page=com.atlassian.jira.plugin... ]
Jan Kalina commented on WFLY-10142:
-----------------------------------
After fixing the missing permission, there is following problem:
{code}
2018-06-04 10:07:10,283 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /ldap-test/: javax.servlet.ServletException: javax.naming.InvalidNameException: WFNAM00007: Invalid URL scheme name "ldap"
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:75)
at javax.servlet.api@1.0.2.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
at javax.servlet.api@1.0.2.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.0.9.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.core@2.0.9.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at org.wildfly.extension.undertow@13.0.0.Beta2-SNAPSHOT//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1514)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at io.undertow.servlet@2.0.9.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
at io.undertow.core@2.0.9.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
at io.undertow.core@2.0.9.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.base/java.lang.Thread.run(Thread.java:844)
Caused by: javax.naming.InvalidNameException: WFNAM00007: Invalid URL scheme name "ldap"
at org.wildfly.naming-client@1.0.9.Final//org.wildfly.naming.client.WildFlyRootContext.getProviderContext(WildFlyRootContext.java:808)
at org.wildfly.naming-client@1.0.9.Final//org.wildfly.naming.client.WildFlyRootContext.search(WildFlyRootContext.java:672)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.runSearch(LdapUrlTestServlet.java:111)
at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:73)
... 45 more
{code}
There is problem with hostname in {{dirCtx.search(ldapUrl + "/dc=jboss,dc=org", ...)}} - works ok if I put only {{dirCtx.search("dc=jboss,dc=org", ...)}} here...
This is regression of WFLY-2319 (!)
> Some Naming tests fail with security manager with JDK 9
> -------------------------------------------------------
>
> Key: WFLY-10142
> URL: https://issues.jboss.org/browse/WFLY-10142
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite
> Affects Versions: 12.0.0.Final
> Reporter: Ondrej Lukas
> Assignee: Jan Kalina
> Labels: security-manager
>
> Tests
> * {{LdapUrlInSearchBaseTestCase}}
> * {{ExternalContextBindingTestCase}}
> fail with security manager because of missing permission {{"java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap"}}, with exception like:
> {code}
> ERROR [io.undertow.request] (default task-2) UT005023: Exception handling request to /ldap-test/: javax.servlet.ServletException: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader [Root exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader")]
> at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:75)
> at javax.servlet.api//javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> at javax.servlet.api//javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:67)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> at io.undertow.servlet//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
> at io.undertow.servlet//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> at io.undertow.servlet//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at org.wildfly.extension.undertow//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1526)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$1$1.run(ServletInitialHandler.java:110)
> at java.base/java.security.AccessController.doPrivileged(Native Method)
> at io.undertow.servlet//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:107)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
> at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
> at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
> at java.base/java.lang.Thread.run(Thread.java:844)
> Caused by: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader [Root exception is java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader")]
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:120)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.init(InitialContext.java:101)
> at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
> at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
> at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
> at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
> at java.naming/javax.naming.InitialContext.<init>(InitialContext.java:208)
> at java.naming/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
> at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.runSearch(LdapUrlTestServlet.java:109)
> at deployment.ldap-test.war//org.jboss.as.test.integration.naming.ldap.LdapUrlTestServlet.doGet(LdapUrlTestServlet.java:73)
> ... 45 more
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "accessClassInPackage.com.sun.jndi.ldap")" in code source "(vfs:/W:/workspace/eap-7x-as-testsuite-test-integ-windows-secman/be5b5ebd/testsuite/integration/basic/content/ldap-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.ldap-test.war" from Service Module Loader")
> at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
> at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
> at java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1534)
> at org.wildfly.security.elytron-private@1.2.4.Final-redhat-1//org.wildfly.security.manager.WildFlySecurityManager.checkPackageAccess(WildFlySecurityManager.java:491)
> at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:181)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:496)
> at java.base/java.lang.Class.forName0(Native Method)
> at java.base/java.lang.Class.forName(Class.java:375)
> at org.jboss.modules.JDKSpecific$1.loadClassLocal(JDKSpecific.java:115)
> at org.jboss.modules.Module.loadModuleClass(Module.java:717)
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:191)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
> at java.base/java.lang.Class.forName0(Native Method)
> at java.base/java.lang.Class.forName(Class.java:375)
> at org.jboss.as.naming//org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:115)
> ... 56 more
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years
- 1
- 0
[JBoss JIRA] (WFLY-10286) Consider to add secmgr options to CLI and JDR
by Jean-Francois Denise (JIRA)
[ https://issues.jboss.org/browse/WFLY-10286?page=com.atlassian.jira.plugin... ]
Jean-Francois Denise closed WFLY-10286.
---------------------------------------
Resolution: Rejected
It seems that there is no driver for this feature. I am closing it for now. [~mkopecky], feel free to re-open if you think we are missing something.
Thanks.
> Consider to add secmgr options to CLI and JDR
> ---------------------------------------------
>
> Key: WFLY-10286
> URL: https://issues.jboss.org/browse/WFLY-10286
> Project: WildFly
> Issue Type: Feature Request
> Components: CLI, Scripts
> Reporter: Marek Kopecký
> Assignee: Jean-Francois Denise
>
> Wildfly standalone/domain/appclient scripts allows two ways for start EAP with security manager:
> * -secmgr command line argument ({{./standalone.sh -secmgr}})
> ** This is described in documentation only in Configuration guide in "A.1. Server Runtime Arguments"
> * SECMGR=true env property
> ** This is not described in documentation at all.
> Does it make sence to add secmgr parameter to CLI script? CLI allows to start embedded server, and standalone.sh (non-embedded server) script has the secmgr option. Does it make sence to add secmgr parameter to the jdr script too? JDR tool uses embedded cli server too in some cases.
> Cc: [~eduda], [~mnovak])
> See [this my command|https://issues.jboss.org/browse/WFLY-10242?focusedCommentId=13561...]
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years
- 1
- 0