[JBoss JIRA] (DROOLS-2787) "Data Type" tree-grid table interactions.
by Liz Clayton (JIRA)
[ https://issues.jboss.org/browse/DROOLS-2787?page=com.atlassian.jira.plugi... ]
Liz Clayton commented on DROOLS-2787:
-------------------------------------
[~manstis] Thanks, and now with revised "Constraints" and "Collections": https://redhat.invisionapp.com/share/B7NEEUSV539 :)
> "Data Type" tree-grid table interactions.
> -----------------------------------------
>
> Key: DROOLS-2787
> URL: https://issues.jboss.org/browse/DROOLS-2787
> Project: Drools
> Issue Type: Story
> Components: DMN Editor
> Reporter: Liz Clayton
> Assignee: Liz Clayton
> Labels: UX, UXTeam, drools-tools
> Attachments: DROOLS-2738.bmpr, Manage1.png, Manage2.png, Screen Shot 2018-07-24 at 3.51.03 PM.png, Screen Shot 2018-07-27 at 11.48.34 AM.png, Screen Shot 2018-07-27 at 12.24.49 PM.png, Screen Shot 2018-07-27 at 12.27.13 PM.png, add_basic.png, treegrid.png, type_definitions.pdf
>
>
> *Background*
> Persona: Business analyst or Rules practitioner
> Use Cases:
> As a user I want to:
> * *Edit* the list of Data Types, using the appropriate type considering the DMN model (eg: in the age line, we need to select "Numeric" in the combobox.)
> * *Add* a new data type, which might be a nested or otherwise complex object as defined by the (ItemDefinition.)
> * *Remove* Data Types from the list of available selections.
> * be prevented from making selections that are not valid or would cause an error.
> * know that when I edit a data type the changes will be updated in the DMN model.
> Functional considerations/ pre conditions:
> * Outside of simple view/select, Data Types list (and options) will be presented as a tree-grid within a modal dialog. Discussed in detail within Epic subtask for the same.
> * Design needs to be consistent with Stunner and PF components, such as: https://www.patternfly.org/pattern-library/widgets/#treegrid-table
> Verification conditions:
> * Scrum team and PO review.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFLY-10776) Java 9: Illegal reflective access
by Kabir Khan (JIRA)
[ https://issues.jboss.org/browse/WFLY-10776?page=com.atlassian.jira.plugin... ]
Kabir Khan resolved WFLY-10776.
-------------------------------
Fix Version/s: 14.0.0.CR1
Resolution: Done
Although WildFly core 6.0.0.Alpha6 which contains the xnio upgrade https://issues.jboss.org/browse/WFCORE-4003 to fix this has not been included in full yet, it will be so I am resolving this one.
> Java 9: Illegal reflective access
> ---------------------------------
>
> Key: WFLY-10776
> URL: https://issues.jboss.org/browse/WFLY-10776
> Project: WildFly
> Issue Type: Bug
> Components: Management
> Environment: Fedora 26, x86_64
> {code}
> $ java -version
> openjdk version "9.0.1"
> OpenJDK Runtime Environment (build 9.0.1+11)
> OpenJDK 64-Bit Server VM (build 9.0.1+11, mixed mode)
> {code}
> Reporter: Marek Kopecký
> Assignee: Stefan Guilhen
> Fix For: 14.0.0.CR1
>
>
> I can see following warnings when I start EAP7.1.0.GA server with JDK9:
> {code}
> WARNING: Illegal reflective access by org.wildfly.security.manager.GetAccessibleDeclaredFieldAction (jar:file:/tmp/CR4/jboss-eap-7.1/modules/system/layers/base/org/wildfly/security/elytron-private/main/wildfly-elytron-1.1.7.Final-redhat-1.jar!/) to field java.security.AccessControlContext.context
> WARNING: Illegal reflective access by org.jboss.threads.ThreadLocalResetter$1 (jar:file:/tmp/CR4/jboss-eap-7.1/modules/system/layers/base/org/jboss/threads/main/jboss-threads-2.2.1.Final-redhat-1.jar!/) to field java.lang.Thread.threadLocals
> WARNING: Illegal reflective access by org.jboss.threads.ThreadLocalResetter$2 (jar:file:/tmp/CR4/jboss-eap-7.1/modules/system/layers/base/org/jboss/threads/main/jboss-threads-2.2.1.Final-redhat-1.jar!/) to field java.lang.Thread.inheritableThreadLocals
> WARNING: Illegal reflective access by org.xnio.nio.NioXnio$2 (jar:file:/tmp/CR4/jboss-eap-7.1/modules/system/layers/base/org/jboss/xnio/nio/main/xnio-nio-3.5.4.Final-redhat-1.jar!/) to constructor sun.nio.ch.EPollSelectorProvider()
> WARNING: Illegal reflective access by io.undertow.util.FlexBase64$1 (jar:file:/tmp/CR4/jboss-eap-7.1/modules/system/layers/base/io/undertow/core/main/undertow-core-1.4.18.Final-redhat-2.jar!/) to constructor java.lang.String(char[],boolean)
> {code}
> Oracle has stated that
> {quote}
> When deny becomes the default illegal-access mode then permit will likely remain supported for at least one release, so that developers can continue to migrate their code. The permit, warn, and debug modes will, over time, be removed, as will the --illegal-access option itself.
> {quote}
> http://openjdk.java.net/jeps/261#Relaxed-strong-encapsulation
> Not sure what all components are affected, I see at least Undertow and XNIO. Well, to be honest, I guess there will be more problems in the code which occurr in various situations...
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (DROOLS-2854) MVEL: expression (1 + 2 * 3 + $v ) causes "no such method or function " for bind variable
by Mario Fusco (JIRA)
[ https://issues.jboss.org/browse/DROOLS-2854?page=com.atlassian.jira.plugi... ]
Mario Fusco updated DROOLS-2854:
--------------------------------
Sprint: 2018 Week 30-32
> MVEL: expression (1 + 2 * 3 + $v ) causes "no such method or function " for bind variable
> -------------------------------------------------------------------------------------------
>
> Key: DROOLS-2854
> URL: https://issues.jboss.org/browse/DROOLS-2854
> Project: Drools
> Issue Type: Bug
> Components: core engine
> Affects Versions: 7.9.0.Final
> Environment: MVEL2 2.4.0 Final
> Reporter: Hiroko Miura
> Assignee: Mario Fusco
> Attachments: mvel2-var-test.zip
>
>
> When MVEL evaluates
> m.setStatus( 1 + 2 * 3 + m.getStatus() );
> the following exception happens.
> {noformat}
> Exception executing consequence for rule "Hello World" in com.sample: [Error: no such method or function: m]
> [Near : {... m.setStatus( 1 + 2 * 3 + m.getStatus() ); ....}]
> {noformat}
> If this is something like
> Exception executing consequence for rule "Hello World" in com.sample: [Error: no such method or function: m]
> m.setStatus( 1 + 2 + 3 + m.getStatus() ); <== Multiplication "*" is not used
> it works without above exception.
> This happens in both LHS and RHS with dialect "mvel"
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFCORE-3885) XNIO prints WARNING with JDK10+ if CLI connects to server
by Kabir Khan (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3885?page=com.atlassian.jira.plugi... ]
Kabir Khan resolved WFCORE-3885.
--------------------------------
Fix Version/s: 6.0.0.Alpha6
Resolution: Done
> XNIO prints WARNING with JDK10+ if CLI connects to server
> ---------------------------------------------------------
>
> Key: WFCORE-3885
> URL: https://issues.jboss.org/browse/WFCORE-3885
> Project: WildFly Core
> Issue Type: Bug
> Components: CLI, Scripts
> Reporter: Marek Kopecký
> Assignee: Jean-Francois Denise
> Labels: blocker-WF14
> Fix For: 6.0.0.Alpha6
>
>
> CLI prints WARNING with JDK10+ if CLI connects to server
> {noformat}
> [mkopecky@dhcp-10-40-5-52 bin]$ java -version
> java version "10" 2018-03-20
> Java(TM) SE Runtime Environment 18.3 (build 10+46)
> Java HotSpot(TM) 64-Bit Server VM 18.3 (build 10+46, mixed mode)
> [mkopecky@dhcp-10-40-5-52 bin]$ ./jboss-cli.sh "echo test"
> test
> [mkopecky@dhcp-10-40-5-52 bin]$ ./jboss-cli.sh -c "echo test"
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by org.xnio.nio.NioXnio$2 (jar:file:/home/mkopecky/playground/eap/7.2.0.CD13.1/jboss-eap-7.2/modules/system/layers/base/org/jboss/xnio/nio/main/xnio-nio-3.6.3.Final.jar!/) to constructor sun.nio.ch.EPollSelectorProvider()
> WARNING: Please consider reporting this to the maintainers of org.xnio.nio.NioXnio$2
> WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
> WARNING: All illegal access operations will be denied in a future release
> test
> [mkopecky@dhcp-10-40-5-52 bin]$
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFCORE-3988) Domain prints WARNING with JDK10+ during start-up (XNIO illegal reflective access)
by Kabir Khan (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3988?page=com.atlassian.jira.plugi... ]
Kabir Khan resolved WFCORE-3988.
--------------------------------
Fix Version/s: 6.0.0.Alpha6
Resolution: Done
> Domain prints WARNING with JDK10+ during start-up (XNIO illegal reflective access)
> ----------------------------------------------------------------------------------
>
> Key: WFCORE-3988
> URL: https://issues.jboss.org/browse/WFCORE-3988
> Project: WildFly Core
> Issue Type: Bug
> Components: Management
> Reporter: Marek Kopecký
> Assignee: Jeff Mesnil
> Priority: Blocker
> Fix For: 6.0.0.Alpha6
>
>
> Domain prints WARNING with JDK10+ during start-up (XNIO illegal reflective access)
> {noformat}
> [mkopecky@dhcp-10-40-4-197 bin]$ export JAVA_OPTS="--add-modules=java.se"
> [mkopecky@dhcp-10-40-4-197 bin]$ ./domain.sh
> JAVA_OPTS already set in environment; overriding default settings with values: --add-modules=java.se
> =========================================================================
> JBoss Bootstrap Environment
> JBOSS_HOME: /home/mkopecky/playground/wf/wfly.29/wfly.29
> JAVA: /home/mkopecky/base/jdk11_ea21_2018_08_01/bin/java
> JAVA_OPTS: -server --add-modules=java.se
> =========================================================================
> 10:37:11,438 INFO [org.jboss.modules] (main) JBoss Modules version 1.8.5.Final
> 10:37:11,659 INFO [org.jboss.threads] (main) JBoss Threads version 2.3.2.Final
> ...
> [Host Controller] WARNING: An illegal reflective access operation has occurred
> [Host Controller] WARNING: Illegal reflective access by org.xnio.nio.NioXnio$2 (jar:file:/home/mkopecky/playground/wf/wfly.29/wfly.29/modules/system/layers/base/org/jboss/xnio/nio/main/xnio-nio-3.6.3.Final.jar!/) to constructor sun.nio.ch.EPollSelectorProvider()
> [Host Controller] WARNING: Please consider reporting this to the maintainers of org.xnio.nio.NioXnio$2
> [Host Controller] WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
> [Host Controller] WARNING: All illegal access operations will be denied in a future release
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFLY-10795) Non-Elytron SSL configuration won't establish secure channel between worker and balancer
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/WFLY-10795?page=com.atlassian.jira.plugin... ]
Radoslav Husar edited comment on WFLY-10795 at 8/8/18 12:22 PM:
----------------------------------------------------------------
Looking at worker configuration, it does not define SSL:
{code:xml}
<subsystem xmlns="urn:jboss:domain:modcluster:4.0">
<proxy name="default" advertise-socket="modcluster" connector="https">
<dynamic-load-provider>
<load-metric type="cpu"/>
</dynamic-load-provider>
</proxy>
</subsystem>
{code}
You need to define SSL such as:
{code:xml}
<proxy name="other"
connector="default">
<simple-load-provider factor="${modcluster.simple-load-provider.factor:15}"/>
<ssl ca-certificate-file="${modcluster.ca-certificate-file:/home/rhusar/client-keystore.jks}"
ca-revocation-url="${modcluster.ca-revocation-url:/home/rhusar/revocations}"
certificate-key-file="${modcluster.certificate-key-file:/home/rhusar/client-keystore.jks}"
cipher-suite="${modcluster.cipher-suite:SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA}"
key-alias="${modcluster.key-alias:mykeyalias}"
password="${modcluster.password:mypassword}"
protocol="${modcluster.protocol:TLSv1}"/>
</proxy>
{code}
was (Author: rhusar):
Looking at worker configuration, it does not define SSL:
{code:xml}
<subsystem xmlns="urn:jboss:domain:modcluster:4.0">
<proxy name="default" advertise-socket="modcluster" connector="https">
<dynamic-load-provider>
<load-metric type="cpu"/>
</dynamic-load-provider>
</proxy>
</subsystem>
{code}
You need to define SSL such as:
{noformat}
<proxy name="other"
connector="default">
<simple-load-provider factor="${modcluster.simple-load-provider.factor:15}"/>
<ssl ca-certificate-file="${modcluster.ca-certificate-file:/home/rhusar/client-keystore.jks}"
ca-revocation-url="${modcluster.ca-revocation-url:/home/rhusar/revocations}"
certificate-key-file="${modcluster.certificate-key-file:/home/rhusar/client-keystore.jks}"
cipher-suite="${modcluster.cipher-suite:SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA}"
key-alias="${modcluster.key-alias:mykeyalias}"
password="${modcluster.password:mypassword}"
protocol="${modcluster.protocol:TLSv1}"/>
</proxy>
{noformat}
> Non-Elytron SSL configuration won't establish secure channel between worker and balancer
> ----------------------------------------------------------------------------------------
>
> Key: WFLY-10795
> URL: https://issues.jboss.org/browse/WFLY-10795
> Project: WildFly
> Issue Type: Bug
> Components: mod_cluster
> Affects Versions: 14.0.0.CR1
> Environment: Latest snapshot from ci.wildfly.org
> Reporter: Jan Kašík
> Assignee: Radoslav Husar
> Attachments: confs.zip
>
>
> When running scenario, where connection between worker and balancer is secured with SSL, worker fails to register on balancer.
> Worker obviously tries to send INFO commands, though it sends it as a 'plain text' to a secured channel.
> I enabled SSL debugging, and such unsecured-secured communication causes this error:
> {code}
> 09:42:20,456 INFO [stdout] (default I/O-4) Using SSLEngineImpl.
> 09:42:20,458 INFO [stdout] (default I/O-4) Allow unsafe renegotiation: false
> 09:42:20,458 INFO [stdout] (default I/O-4) Allow legacy hello messages: true
> 09:42:20,458 INFO [stdout] (default I/O-4) Is initial handshake: true
> 09:42:20,459 INFO [stdout] (default I/O-4) Is secure renegotiation: false
> 09:42:20,459 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
> 09:42:20,479 INFO [stdout] (default I/O-4) default I/O-4, fatal error: 80: problem unwrapping net record
> 09:42:20,480 INFO [stdout] (default I/O-4) javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, SEND TLSv1.2 ALERT: fatal, description = internal_error
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, WRITE: TLSv1.2 Alert, length = 2
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeInbound()
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeOutbound()
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, closeOutboundInternal()
> {code}
> What bothers me, that there are no other errors (bad certificate, CLI error...) in log regarding this. Apart from:
> {code}
> 09:45:42,653 WARN [org.infinispan.topology.ClusterTopologyManagerImpl] (transport-thread--p14-t16) ISPN000197: Error updating cluster member list: org.infinispan.util.concurrent.TimeoutException: ISPN000476: Timed out waiting for responses for request 6 from wildfly-14.0.0.Beta2-SNAPSHOT-2
> at org.infinispan.remoting.transport.impl.MultiTargetRequest.onTimeout(MultiTargetRequest.java:167)
> at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:87)
> at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:22)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Suppressed: org.infinispan.util.logging.TraceException
> at org.infinispan.remoting.transport.Transport.invokeRemotely(Transport.java:75)
> at org.infinispan.topology.ClusterTopologyManagerImpl.confirmMembersAvailable(ClusterTopologyManagerImpl.java:525)
> at org.infinispan.topology.ClusterTopologyManagerImpl.updateCacheMembers(ClusterTopologyManagerImpl.java:508)
> at org.infinispan.topology.ClusterTopologyManagerImpl.handleClusterView(ClusterTopologyManagerImpl.java:321)
> at org.infinispan.topology.ClusterTopologyManagerImpl.access$500(ClusterTopologyManagerImpl.java:87)
> at org.infinispan.topology.ClusterTopologyManagerImpl$ClusterViewListener.lambda$handleViewChange$0(ClusterTopologyManagerImpl.java:731)
> at org.infinispan.executors.LimitedExecutor.runTasks(LimitedExecutor.java:175)
> at org.infinispan.executors.LimitedExecutor.access$100(LimitedExecutor.java:37)
> at org.infinispan.executors.LimitedExecutor$Runner.run(LimitedExecutor.java:227)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at org.wildfly.clustering.service.concurrent.ClassLoaderThreadFactory.lambda$newThread$0(ClassLoaderThreadFactory.java:47)
> ... 1 more
> {code}
> Configuration using non-Elytron configuration was possible before, hence this is a regression.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFLY-10795) Non-Elytron SSL configuration won't establish secure channel between worker and balancer
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/WFLY-10795?page=com.atlassian.jira.plugin... ]
Radoslav Husar commented on WFLY-10795:
---------------------------------------
Looking at worker configuration, it does not define security:
{code:xml}
<subsystem xmlns="urn:jboss:domain:modcluster:4.0">
<proxy name="default" advertise-socket="modcluster" connector="https">
<dynamic-load-provider>
<load-metric type="cpu"/>
</dynamic-load-provider>
</proxy>
</subsystem>
{code}
You need to define SSL such as:
{noformat}
<proxy name="other"
connector="default">
<simple-load-provider factor="${modcluster.simple-load-provider.factor:15}"/>
<ssl ca-certificate-file="${modcluster.ca-certificate-file:/home/rhusar/client-keystore.jks}"
ca-revocation-url="${modcluster.ca-revocation-url:/home/rhusar/revocations}"
certificate-key-file="${modcluster.certificate-key-file:/home/rhusar/client-keystore.jks}"
cipher-suite="${modcluster.cipher-suite:SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA}"
key-alias="${modcluster.key-alias:mykeyalias}"
password="${modcluster.password:mypassword}"
protocol="${modcluster.protocol:TLSv1}"/>
</proxy>
{noformat}
> Non-Elytron SSL configuration won't establish secure channel between worker and balancer
> ----------------------------------------------------------------------------------------
>
> Key: WFLY-10795
> URL: https://issues.jboss.org/browse/WFLY-10795
> Project: WildFly
> Issue Type: Bug
> Components: mod_cluster
> Affects Versions: 14.0.0.CR1
> Environment: Latest snapshot from ci.wildfly.org
> Reporter: Jan Kašík
> Assignee: Radoslav Husar
> Attachments: confs.zip
>
>
> When running scenario, where connection between worker and balancer is secured with SSL, worker fails to register on balancer.
> Worker obviously tries to send INFO commands, though it sends it as a 'plain text' to a secured channel.
> I enabled SSL debugging, and such unsecured-secured communication causes this error:
> {code}
> 09:42:20,456 INFO [stdout] (default I/O-4) Using SSLEngineImpl.
> 09:42:20,458 INFO [stdout] (default I/O-4) Allow unsafe renegotiation: false
> 09:42:20,458 INFO [stdout] (default I/O-4) Allow legacy hello messages: true
> 09:42:20,458 INFO [stdout] (default I/O-4) Is initial handshake: true
> 09:42:20,459 INFO [stdout] (default I/O-4) Is secure renegotiation: false
> 09:42:20,459 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
> 09:42:20,479 INFO [stdout] (default I/O-4) default I/O-4, fatal error: 80: problem unwrapping net record
> 09:42:20,480 INFO [stdout] (default I/O-4) javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, SEND TLSv1.2 ALERT: fatal, description = internal_error
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, WRITE: TLSv1.2 Alert, length = 2
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeInbound()
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeOutbound()
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, closeOutboundInternal()
> {code}
> What bothers me, that there are no other errors (bad certificate, CLI error...) in log regarding this. Apart from:
> {code}
> 09:45:42,653 WARN [org.infinispan.topology.ClusterTopologyManagerImpl] (transport-thread--p14-t16) ISPN000197: Error updating cluster member list: org.infinispan.util.concurrent.TimeoutException: ISPN000476: Timed out waiting for responses for request 6 from wildfly-14.0.0.Beta2-SNAPSHOT-2
> at org.infinispan.remoting.transport.impl.MultiTargetRequest.onTimeout(MultiTargetRequest.java:167)
> at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:87)
> at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:22)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Suppressed: org.infinispan.util.logging.TraceException
> at org.infinispan.remoting.transport.Transport.invokeRemotely(Transport.java:75)
> at org.infinispan.topology.ClusterTopologyManagerImpl.confirmMembersAvailable(ClusterTopologyManagerImpl.java:525)
> at org.infinispan.topology.ClusterTopologyManagerImpl.updateCacheMembers(ClusterTopologyManagerImpl.java:508)
> at org.infinispan.topology.ClusterTopologyManagerImpl.handleClusterView(ClusterTopologyManagerImpl.java:321)
> at org.infinispan.topology.ClusterTopologyManagerImpl.access$500(ClusterTopologyManagerImpl.java:87)
> at org.infinispan.topology.ClusterTopologyManagerImpl$ClusterViewListener.lambda$handleViewChange$0(ClusterTopologyManagerImpl.java:731)
> at org.infinispan.executors.LimitedExecutor.runTasks(LimitedExecutor.java:175)
> at org.infinispan.executors.LimitedExecutor.access$100(LimitedExecutor.java:37)
> at org.infinispan.executors.LimitedExecutor$Runner.run(LimitedExecutor.java:227)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at org.wildfly.clustering.service.concurrent.ClassLoaderThreadFactory.lambda$newThread$0(ClassLoaderThreadFactory.java:47)
> ... 1 more
> {code}
> Configuration using non-Elytron configuration was possible before, hence this is a regression.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFWIP-67) [Artemis 2.x upgrade] IndexOutOfBoundsException during receiving messages in remote JCA scenario between Artemis 1.5 and 2.x
by Clebert Suconic (JIRA)
[ https://issues.jboss.org/browse/WFWIP-67?page=com.atlassian.jira.plugin.s... ]
Clebert Suconic commented on WFWIP-67:
--------------------------------------
[~mnovak]I'm not sure what version you have for 2.x.. this was an issue long ago. .but it was fixed...
I ran your test multiple times.. never failed...
(There was a typo on your instructions.. just to be sure.. it should be oldJmsNewMdbWi... (not OldJmsNewMDbWi...) ).. just to make sure I'm using the right branch.
> [Artemis 2.x upgrade] IndexOutOfBoundsException during receiving messages in remote JCA scenario between Artemis 1.5 and 2.x
> -----------------------------------------------------------------------------------------------------------------------------
>
> Key: WFWIP-67
> URL: https://issues.jboss.org/browse/WFWIP-67
> Project: WildFly WIP
> Issue Type: Bug
> Components: Artemis
> Reporter: Martin Styk
> Assignee: Martyn Taylor
> Priority: Blocker
>
> *Scenario:*
> Nodes A and B are in cluster. Destinations InQueue and OutQueue are deployed on them.
> MDBs are deployed on node C and D. These MDBs read messages from InQueue of nodes A, B and sends them to OutQueue on A and B.
> Nodes A,B are running Artemis 1.5. Nodes C,D are using Artemis 2.6.
> # Client sends messages to InQueue on node A
> # MDBs on nodes C,D read messages from remote InQueue and send them to remote OutQueue on nodes A,B
> # During processing of messages nodes A and C are killed
> # Client reads messages from OutQueue on node B.
> *Issue*
> At the end of the test, client is not able to read message
> {code}
> java.lang.IndexOutOfBoundsException: readerIndex(9) + length(128) exceeds writerIndex(133): UnpooledDuplicatedByteBuf(ridx: 9, widx: 133, cap: 606, unwrapped: UnpooledByteBufAllocator$InstrumentedUnpooledUnsafeHeapByteBuf(ridx: 0, widx: 606, cap: 606))
> at io.netty.buffer.AbstractByteBuf.checkReadableBytes0(AbstractByteBuf.java:1405)
> at io.netty.buffer.AbstractByteBuf.checkReadableBytes(AbstractByteBuf.java:1392)
> at io.netty.buffer.AbstractByteBuf.readBytes(AbstractByteBuf.java:872)
> at io.netty.buffer.AbstractByteBuf.readBytes(AbstractByteBuf.java:880)
> at io.netty.buffer.WrappedByteBuf.readBytes(WrappedByteBuf.java:649)
> at org.apache.activemq.artemis.api.core.SimpleString.readSimpleString(SimpleString.java:183)
> at org.apache.activemq.artemis.api.core.SimpleString.readSimpleString(SimpleString.java:171)
> at org.apache.activemq.artemis.api.core.SimpleString.readNullableSimpleString(SimpleString.java:158)
> at org.apache.activemq.artemis.core.buffers.impl.ChannelBufferWrapper.readNullableSimpleString(ChannelBufferWrapper.java:69)
> at org.apache.activemq.artemis.reader.TextMessageUtil.readBodyText(TextMessageUtil.java:37)
> at org.apache.activemq.artemis.jms.client.ActiveMQTextMessage.doBeforeReceive(ActiveMQTextMessage.java:112)
> at org.apache.activemq.artemis.jms.client.ActiveMQMessageConsumer.getMessage(ActiveMQMessageConsumer.java:224)
> at org.apache.activemq.artemis.jms.client.ActiveMQMessageConsumer.receive(ActiveMQMessageConsumer.java:132)
> at org.jboss.qa.hornetq.apps.clients.Receiver11.receiveMessage(Receiver11.java:151)
> at org.jboss.qa.hornetq.apps.clients.ReceiverTransAck.run(ReceiverTransAck.java:89)
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFLY-10795) Non-Elytron SSL configuration won't establish secure channel between worker and balancer
by Radoslav Husar (JIRA)
[ https://issues.jboss.org/browse/WFLY-10795?page=com.atlassian.jira.plugin... ]
Radoslav Husar edited comment on WFLY-10795 at 8/8/18 12:21 PM:
----------------------------------------------------------------
Looking at worker configuration, it does not define SSL:
{code:xml}
<subsystem xmlns="urn:jboss:domain:modcluster:4.0">
<proxy name="default" advertise-socket="modcluster" connector="https">
<dynamic-load-provider>
<load-metric type="cpu"/>
</dynamic-load-provider>
</proxy>
</subsystem>
{code}
You need to define SSL such as:
{noformat}
<proxy name="other"
connector="default">
<simple-load-provider factor="${modcluster.simple-load-provider.factor:15}"/>
<ssl ca-certificate-file="${modcluster.ca-certificate-file:/home/rhusar/client-keystore.jks}"
ca-revocation-url="${modcluster.ca-revocation-url:/home/rhusar/revocations}"
certificate-key-file="${modcluster.certificate-key-file:/home/rhusar/client-keystore.jks}"
cipher-suite="${modcluster.cipher-suite:SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA}"
key-alias="${modcluster.key-alias:mykeyalias}"
password="${modcluster.password:mypassword}"
protocol="${modcluster.protocol:TLSv1}"/>
</proxy>
{noformat}
was (Author: rhusar):
Looking at worker configuration, it does not define security:
{code:xml}
<subsystem xmlns="urn:jboss:domain:modcluster:4.0">
<proxy name="default" advertise-socket="modcluster" connector="https">
<dynamic-load-provider>
<load-metric type="cpu"/>
</dynamic-load-provider>
</proxy>
</subsystem>
{code}
You need to define SSL such as:
{noformat}
<proxy name="other"
connector="default">
<simple-load-provider factor="${modcluster.simple-load-provider.factor:15}"/>
<ssl ca-certificate-file="${modcluster.ca-certificate-file:/home/rhusar/client-keystore.jks}"
ca-revocation-url="${modcluster.ca-revocation-url:/home/rhusar/revocations}"
certificate-key-file="${modcluster.certificate-key-file:/home/rhusar/client-keystore.jks}"
cipher-suite="${modcluster.cipher-suite:SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA}"
key-alias="${modcluster.key-alias:mykeyalias}"
password="${modcluster.password:mypassword}"
protocol="${modcluster.protocol:TLSv1}"/>
</proxy>
{noformat}
> Non-Elytron SSL configuration won't establish secure channel between worker and balancer
> ----------------------------------------------------------------------------------------
>
> Key: WFLY-10795
> URL: https://issues.jboss.org/browse/WFLY-10795
> Project: WildFly
> Issue Type: Bug
> Components: mod_cluster
> Affects Versions: 14.0.0.CR1
> Environment: Latest snapshot from ci.wildfly.org
> Reporter: Jan Kašík
> Assignee: Radoslav Husar
> Attachments: confs.zip
>
>
> When running scenario, where connection between worker and balancer is secured with SSL, worker fails to register on balancer.
> Worker obviously tries to send INFO commands, though it sends it as a 'plain text' to a secured channel.
> I enabled SSL debugging, and such unsecured-secured communication causes this error:
> {code}
> 09:42:20,456 INFO [stdout] (default I/O-4) Using SSLEngineImpl.
> 09:42:20,458 INFO [stdout] (default I/O-4) Allow unsafe renegotiation: false
> 09:42:20,458 INFO [stdout] (default I/O-4) Allow legacy hello messages: true
> 09:42:20,458 INFO [stdout] (default I/O-4) Is initial handshake: true
> 09:42:20,459 INFO [stdout] (default I/O-4) Is secure renegotiation: false
> 09:42:20,459 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
> 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
> 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
> 09:42:20,479 INFO [stdout] (default I/O-4) default I/O-4, fatal error: 80: problem unwrapping net record
> 09:42:20,480 INFO [stdout] (default I/O-4) javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, SEND TLSv1.2 ALERT: fatal, description = internal_error
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, WRITE: TLSv1.2 Alert, length = 2
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeInbound()
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeOutbound()
> 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, closeOutboundInternal()
> {code}
> What bothers me, that there are no other errors (bad certificate, CLI error...) in log regarding this. Apart from:
> {code}
> 09:45:42,653 WARN [org.infinispan.topology.ClusterTopologyManagerImpl] (transport-thread--p14-t16) ISPN000197: Error updating cluster member list: org.infinispan.util.concurrent.TimeoutException: ISPN000476: Timed out waiting for responses for request 6 from wildfly-14.0.0.Beta2-SNAPSHOT-2
> at org.infinispan.remoting.transport.impl.MultiTargetRequest.onTimeout(MultiTargetRequest.java:167)
> at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:87)
> at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:22)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Suppressed: org.infinispan.util.logging.TraceException
> at org.infinispan.remoting.transport.Transport.invokeRemotely(Transport.java:75)
> at org.infinispan.topology.ClusterTopologyManagerImpl.confirmMembersAvailable(ClusterTopologyManagerImpl.java:525)
> at org.infinispan.topology.ClusterTopologyManagerImpl.updateCacheMembers(ClusterTopologyManagerImpl.java:508)
> at org.infinispan.topology.ClusterTopologyManagerImpl.handleClusterView(ClusterTopologyManagerImpl.java:321)
> at org.infinispan.topology.ClusterTopologyManagerImpl.access$500(ClusterTopologyManagerImpl.java:87)
> at org.infinispan.topology.ClusterTopologyManagerImpl$ClusterViewListener.lambda$handleViewChange$0(ClusterTopologyManagerImpl.java:731)
> at org.infinispan.executors.LimitedExecutor.runTasks(LimitedExecutor.java:175)
> at org.infinispan.executors.LimitedExecutor.access$100(LimitedExecutor.java:37)
> at org.infinispan.executors.LimitedExecutor$Runner.run(LimitedExecutor.java:227)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at org.wildfly.clustering.service.concurrent.ClassLoaderThreadFactory.lambda$newThread$0(ClassLoaderThreadFactory.java:47)
> ... 1 more
> {code}
> Configuration using non-Elytron configuration was possible before, hence this is a regression.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months