[JBoss JIRA] (WFWIP-92) SNI - circular dependency causes server to crash
by Jan Stourac (JIRA)
[ https://issues.jboss.org/browse/WFWIP-92?page=com.atlassian.jira.plugin.s... ]
Jan Stourac updated WFWIP-92:
-----------------------------
Steps to Reproduce:
Note: {{application.keystore}} has to be present in standalone/configuration server directory
{code}
/subsystem=elytron/key-store=ks:add(credential-reference={clear-text=password},type=JKS,relative-to=jboss.server.config.dir,path=application.keystore)
/subsystem=elytron/key-manager=km:add(credential-reference={clear-text=password},key-store=ks)
/subsystem=elytron/server-ssl-context=srvSslCtx:add(key-manager=km)
/subsystem=elytron/server-ssl-sni-context=srvSniSslCtx:add(default-ssl-context=srvSslCtx)
batch
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=srvSniSslCtx)
run-batch
reload
/subsystem=elytron/server-ssl-sni-context=srvSniSslCtx/sni-mapping=server:add(ssl-context=srvSniSslCtx)
reload
{code}
was:
{code}
/subsystem=elytron/key-store=ks:add(credential-reference={clear-text=password},type=JKS,relative-to=jboss.server.config.dir,path=application.keystore)
/subsystem=elytron/key-manager=km:add(credential-reference={clear-text=password},key-store=ks)
/subsystem=elytron/server-ssl-context=srvSslCtx:add(key-manager=km)
/subsystem=elytron/server-ssl-sni-context=srvSniSslCtx:add(default-ssl-context=srvSslCtx)
/subsystem=elytron/server-ssl-sni-context=srvSniSslCtx/sni-mapping=server:add(ssl-context=srvSniSslCtx)
{code}
> SNI - circular dependency causes server to crash
> ------------------------------------------------
>
> Key: WFWIP-92
> URL: https://issues.jboss.org/browse/WFWIP-92
> Project: WildFly WIP
> Issue Type: Bug
> Environment: Wildfly build with undertow and wildfly-core modules build from following sources:
> * https://github.com/stuartwdouglas/undertow/tree/sni
> * https://github.com/stuartwdouglas/wildfly-core/tree/sni
> Reporter: Jan Stourac
> Assignee: Stuart Douglas
> Labels: SNI
>
> When I try to utilize recently added {{server-ssl-sni-context}} and put its reference again in the {{sni-mapping}}, after a server reload the server completely crash and one has to restore configuration manually:
> {code:title=command example}
> /subsystem=elytron/server-ssl-sni-context=srvSniSslCtx/sni-mapping=server:add(ssl-context=srvSniSslCtx)
> {code}
> {code:title=server.log output}
> 22:58:51,998 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 44) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("server-ssl-sni-context" => "srvSniSslCtx")
> ]): org.jboss.msc.service.CircularDependencyException: Container jboss-as has a circular dependency: [service org.wildfly.security.ssl-context.srvSniSslCtx]
> at org.jboss.msc.service.ServiceContainerImpl.detectCircularity(ServiceContainerImpl.java:803)
> at org.jboss.msc.service.ServiceContainerImpl.detectCircularity(ServiceContainerImpl.java:784)
> at org.jboss.msc.service.ServiceContainerImpl.install(ServiceContainerImpl.java:761)
> at org.jboss.msc.service.ServiceTargetImpl.install(ServiceTargetImpl.java:260)
> at org.jboss.msc.service.ServiceControllerImpl$ChildServiceTarget.install(ServiceControllerImpl.java:2056)
> at org.jboss.msc.service.ServiceTargetImpl.install(ServiceTargetImpl.java:260)
> at org.jboss.msc.service.ServiceControllerImpl$ChildServiceTarget.install(ServiceControllerImpl.java:2056)
> at org.jboss.msc.service.ObsoleteServiceBuilderImpl.install(ObsoleteServiceBuilderImpl.java:293)
> at org.jboss.as.controller.OperationContextImpl.installService(OperationContextImpl.java:2034)
> at org.jboss.as.controller.OperationContextImpl.access$600(OperationContextImpl.java:132)
> at org.jboss.as.controller.OperationContextImpl$2$1.installService(OperationContextImpl.java:761)
> at org.jboss.as.controller.OperationContextImpl$ContextServiceBuilder.install(OperationContextImpl.java:2165)
> at org.jboss.msc.service.DelegatingServiceBuilder.install(DelegatingServiceBuilder.java:104)
> at org.wildfly.extension.elytron.TrivialAddHandler.performRuntime(TrivialAddHandler.java:72)
> at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:159)
> at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
> at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
> at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
> at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:384)
> at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1349)
> at java.lang.Thread.run(Thread.java:748)
> at org.jboss.threads.JBossThread.run(JBossThread.java:485)
> {code}
> I understand that such configuration does not make sense, although it would be nice if we could detect this problem ahead to avoid server crush. Is it possible?
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFWIP-92) SNI - circular dependency causes server to crash
by Jan Stourac (JIRA)
Jan Stourac created WFWIP-92:
--------------------------------
Summary: SNI - circular dependency causes server to crash
Key: WFWIP-92
URL: https://issues.jboss.org/browse/WFWIP-92
Project: WildFly WIP
Issue Type: Bug
Environment: Wildfly build with undertow and wildfly-core modules build from following sources:
* https://github.com/stuartwdouglas/undertow/tree/sni
* https://github.com/stuartwdouglas/wildfly-core/tree/sni
Reporter: Jan Stourac
Assignee: Stuart Douglas
When I try to utilize recently added {{server-ssl-sni-context}} and put its reference again in the {{sni-mapping}}, after a server reload the server completely crash and one has to restore configuration manually:
{code:title=command example}
/subsystem=elytron/server-ssl-sni-context=srvSniSslCtx/sni-mapping=server:add(ssl-context=srvSniSslCtx)
{code}
{code:title=server.log output}
22:58:51,998 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 44) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "elytron"),
("server-ssl-sni-context" => "srvSniSslCtx")
]): org.jboss.msc.service.CircularDependencyException: Container jboss-as has a circular dependency: [service org.wildfly.security.ssl-context.srvSniSslCtx]
at org.jboss.msc.service.ServiceContainerImpl.detectCircularity(ServiceContainerImpl.java:803)
at org.jboss.msc.service.ServiceContainerImpl.detectCircularity(ServiceContainerImpl.java:784)
at org.jboss.msc.service.ServiceContainerImpl.install(ServiceContainerImpl.java:761)
at org.jboss.msc.service.ServiceTargetImpl.install(ServiceTargetImpl.java:260)
at org.jboss.msc.service.ServiceControllerImpl$ChildServiceTarget.install(ServiceControllerImpl.java:2056)
at org.jboss.msc.service.ServiceTargetImpl.install(ServiceTargetImpl.java:260)
at org.jboss.msc.service.ServiceControllerImpl$ChildServiceTarget.install(ServiceControllerImpl.java:2056)
at org.jboss.msc.service.ObsoleteServiceBuilderImpl.install(ObsoleteServiceBuilderImpl.java:293)
at org.jboss.as.controller.OperationContextImpl.installService(OperationContextImpl.java:2034)
at org.jboss.as.controller.OperationContextImpl.access$600(OperationContextImpl.java:132)
at org.jboss.as.controller.OperationContextImpl$2$1.installService(OperationContextImpl.java:761)
at org.jboss.as.controller.OperationContextImpl$ContextServiceBuilder.install(OperationContextImpl.java:2165)
at org.jboss.msc.service.DelegatingServiceBuilder.install(DelegatingServiceBuilder.java:104)
at org.wildfly.extension.elytron.TrivialAddHandler.performRuntime(TrivialAddHandler.java:72)
at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:159)
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999)
at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743)
at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467)
at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:384)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1349)
at java.lang.Thread.run(Thread.java:748)
at org.jboss.threads.JBossThread.run(JBossThread.java:485)
{code}
I understand that such configuration does not make sense, although it would be nice if we could detect this problem ahead to avoid server crush. Is it possible?
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFLY-10812) Some security tests fail on closed channel exception
by Richard Opalka (JIRA)
[ https://issues.jboss.org/browse/WFLY-10812?page=com.atlassian.jira.plugin... ]
Richard Opalka edited comment on WFLY-10812 at 8/8/18 4:12 PM:
---------------------------------------------------------------
I believe once SSL JDK11 issue is identified and fixed all these tests will start working.
was (Author: ropalka):
I believe once SSL JDK11 issue is identified and fixed all these will start working.
> Some security tests fail on closed channel exception
> ----------------------------------------------------
>
> Key: WFLY-10812
> URL: https://issues.jboss.org/browse/WFLY-10812
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite
> Reporter: Richard Opalka
> Assignee: Jan Kalina
> Priority: Blocker
> Fix For: 14.0.0.CR1
>
>
> With latest JDK11 (build 11-ea+25) the following tests fail due to closed channel exception: modified:
> * testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/security/loginmodules/LdapExtLikeAdvancedLdapLMTestCase.java
> * testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/security/loginmodules/LdapExtLoginModuleTestCase.java
> * testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/security/loginmodules/LdapLoginModuleTestCase.java
> * testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ssl/UndertowTwoWaySslNeedClientAuthTestCase.java
> * testsuite/integration/iiop/src/test/java/org/jboss/as/test/iiopssl/basic/IIOPSslInvocationTestCase.java
> * testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/security/OutboundLdapConnectionClientCertTestCase.java
> * testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/security/OutboundLdapConnectionTestCase.java
> * testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/web/ssl/CertificateRolesLoginModuleTestCase.java
> * testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/web/ssl/DatabaseCertLoginModuleTestCase.java
> * testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/web/ssl/HTTPSWebConnectorTestCase.java
> * testsuite/integration/ws/src/test/java/org/jboss/as/test/integration/ws/wsse/trust/WSTrustTestCase.java
> Is there a known SSL issue in JDK11? Could somebody from our security team investigate this issue?
> When these tests will start passing WF test suite will be passing 100% of tests on JDK11.
> Potential investigator from our security team may want to include this PR:
> https://github.com/wildfly/wildfly/pull/11499
> to fix known JDK11 issues.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFLY-10812) Some security tests fail on closed channel exception
by Richard Opalka (JIRA)
[ https://issues.jboss.org/browse/WFLY-10812?page=com.atlassian.jira.plugin... ]
Richard Opalka commented on WFLY-10812:
---------------------------------------
I believe once SSL JDK11 issue is identified and fixed all these will start working.
> Some security tests fail on closed channel exception
> ----------------------------------------------------
>
> Key: WFLY-10812
> URL: https://issues.jboss.org/browse/WFLY-10812
> Project: WildFly
> Issue Type: Bug
> Components: Test Suite
> Reporter: Richard Opalka
> Assignee: Jan Kalina
> Priority: Blocker
> Fix For: 14.0.0.CR1
>
>
> With latest JDK11 (build 11-ea+25) the following tests fail due to closed channel exception: modified:
> * testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/security/loginmodules/LdapExtLikeAdvancedLdapLMTestCase.java
> * testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/security/loginmodules/LdapExtLoginModuleTestCase.java
> * testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/security/loginmodules/LdapLoginModuleTestCase.java
> * testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ssl/UndertowTwoWaySslNeedClientAuthTestCase.java
> * testsuite/integration/iiop/src/test/java/org/jboss/as/test/iiopssl/basic/IIOPSslInvocationTestCase.java
> * testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/security/OutboundLdapConnectionClientCertTestCase.java
> * testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/security/OutboundLdapConnectionTestCase.java
> * testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/web/ssl/CertificateRolesLoginModuleTestCase.java
> * testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/web/ssl/DatabaseCertLoginModuleTestCase.java
> * testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/web/ssl/HTTPSWebConnectorTestCase.java
> * testsuite/integration/ws/src/test/java/org/jboss/as/test/integration/ws/wsse/trust/WSTrustTestCase.java
> Is there a known SSL issue in JDK11? Could somebody from our security team investigate this issue?
> When these tests will start passing WF test suite will be passing 100% of tests on JDK11.
> Potential investigator from our security team may want to include this PR:
> https://github.com/wildfly/wildfly/pull/11499
> to fix known JDK11 issues.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFCORE-4002) Some security tests fail on closed channel exception
by Richard Opalka (JIRA)
[ https://issues.jboss.org/browse/WFCORE-4002?page=com.atlassian.jira.plugi... ]
Richard Opalka commented on WFCORE-4002:
----------------------------------------
I believe once SSL JDK11 issue is identified and fixed all these tests will start working.
> Some security tests fail on closed channel exception
> ----------------------------------------------------
>
> Key: WFCORE-4002
> URL: https://issues.jboss.org/browse/WFCORE-4002
> Project: WildFly Core
> Issue Type: Bug
> Components: Security, Test Suite
> Affects Versions: 6.0.0.Alpha5
> Reporter: Richard Opalka
> Assignee: Jan Kalina
> Priority: Blocker
> Labels: jdk11
> Fix For: 6.0.0.Alpha6
>
>
> With latest JDK11 (build 11-ea+25) the following tests fail due to closed channel exception:
> * domain-management/src/test/java/org/jboss/as/domain/management/security/auditlog/AuditLogHandlerBootEnabledTestCase.java
> * testsuite/domain/src/test/java/org/jboss/as/test/integration/domain/HTTPSManagementInterfaceTestCase.java
> * testsuite/elytron/src/test/java/org/wildfly/test/integration/elytron/sasl/mgmt/KerberosNativeMgmtSaslTestCase.java
> * testsuite/elytron/src/test/java/org/wildfly/test/integration/elytron/sasl/mgmt/ScramPlusMgmtSaslTestCase.java
> * testsuite/manualmode/src/test/java/org/wildfly/core/test/standalone/mgmt/HTTPSManagementInterfaceTestCase.java
> Is there a known SSL issue in JDK11? Could somebody from our security team investigate this issue?
> When these tests will start passing WFCORE test suite will be passing 100% of tests on JDK11.
> Potential investigator from our security team may want to include this PR:
> https://github.com/wildfly/wildfly-core/pull/3420
> to fix known JDK11 issues.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFLY-10812) Some security tests fail on closed channel exception
by Richard Opalka (JIRA)
Richard Opalka created WFLY-10812:
-------------------------------------
Summary: Some security tests fail on closed channel exception
Key: WFLY-10812
URL: https://issues.jboss.org/browse/WFLY-10812
Project: WildFly
Issue Type: Bug
Components: Test Suite
Reporter: Richard Opalka
Assignee: Jan Kalina
Priority: Blocker
Fix For: 14.0.0.CR1
With latest JDK11 (build 11-ea+25) the following tests fail due to closed channel exception: modified:
* testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/security/loginmodules/LdapExtLikeAdvancedLdapLMTestCase.java
* testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/security/loginmodules/LdapExtLoginModuleTestCase.java
* testsuite/integration/basic/src/test/java/org/jboss/as/test/integration/security/loginmodules/LdapLoginModuleTestCase.java
* testsuite/integration/elytron/src/test/java/org/wildfly/test/integration/elytron/ssl/UndertowTwoWaySslNeedClientAuthTestCase.java
* testsuite/integration/iiop/src/test/java/org/jboss/as/test/iiopssl/basic/IIOPSslInvocationTestCase.java
* testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/security/OutboundLdapConnectionClientCertTestCase.java
* testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/security/OutboundLdapConnectionTestCase.java
* testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/web/ssl/CertificateRolesLoginModuleTestCase.java
* testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/web/ssl/DatabaseCertLoginModuleTestCase.java
* testsuite/integration/manualmode/src/test/java/org/jboss/as/test/manualmode/web/ssl/HTTPSWebConnectorTestCase.java
* testsuite/integration/ws/src/test/java/org/jboss/as/test/integration/ws/wsse/trust/WSTrustTestCase.java
Is there a known SSL issue in JDK11? Could somebody from our security team investigate this issue?
When these tests will start passing WF test suite will be passing 100% of tests on JDK11.
Potential investigator from our security team may want to include this PR:
https://github.com/wildfly/wildfly/pull/11499
to fix known JDK11 issues.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (DROOLS-2787) "Data Type" tree-grid table interactions.
by Michael Anstis (JIRA)
[ https://issues.jboss.org/browse/DROOLS-2787?page=com.atlassian.jira.plugi... ]
Michael Anstis commented on DROOLS-2787:
----------------------------------------
[~uxdlc] Sounds good to me.
> "Data Type" tree-grid table interactions.
> -----------------------------------------
>
> Key: DROOLS-2787
> URL: https://issues.jboss.org/browse/DROOLS-2787
> Project: Drools
> Issue Type: Story
> Components: DMN Editor
> Reporter: Liz Clayton
> Assignee: Liz Clayton
> Labels: UX, UXTeam, drools-tools
> Attachments: DROOLS-2738.bmpr, Manage1.png, Manage2.png, Screen Shot 2018-07-24 at 3.51.03 PM.png, Screen Shot 2018-07-27 at 11.48.34 AM.png, Screen Shot 2018-07-27 at 12.24.49 PM.png, Screen Shot 2018-07-27 at 12.27.13 PM.png, add_basic.png, treegrid.png, type_definitions.pdf
>
>
> *Background*
> Persona: Business analyst or Rules practitioner
> Use Cases:
> As a user I want to:
> * *Edit* the list of Data Types, using the appropriate type considering the DMN model (eg: in the age line, we need to select "Numeric" in the combobox.)
> * *Add* a new data type, which might be a nested or otherwise complex object as defined by the (ItemDefinition.)
> * *Remove* Data Types from the list of available selections.
> * be prevented from making selections that are not valid or would cause an error.
> * know that when I edit a data type the changes will be updated in the DMN model.
> Functional considerations/ pre conditions:
> * Outside of simple view/select, Data Types list (and options) will be presented as a tree-grid within a modal dialog. Discussed in detail within Epic subtask for the same.
> * Design needs to be consistent with Stunner and PF components, such as: https://www.patternfly.org/pattern-library/widgets/#treegrid-table
> Verification conditions:
> * Scrum team and PO review.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months