[JBoss JIRA] (WFLY-11365) Test JSONBTestCase fails with security manager
by Bartosz Baranowski (Jira)
[ https://issues.jboss.org/browse/WFLY-11365?page=com.atlassian.jira.plugin... ]
Bartosz Baranowski commented on WFLY-11365:
-------------------------------------------
<<ALL FILES >> perms are there because you cant wildcard file permissions to match part of execution path. So you cant match */modules/-/specific.jar, you either have to specify either root prefix of path ( with /-) or whole URL. Distribution method( IMHO) is mute point as securing container/granting access is not something OS/installation should do, it should be handled by admin.
> Test JSONBTestCase fails with security manager
> ----------------------------------------------
>
> Key: WFLY-11365
> URL: https://issues.jboss.org/browse/WFLY-11365
> Project: WildFly
> Issue Type: Bug
> Components: EE, Test Suite
> Affects Versions: 15.0.0.Beta1
> Reporter: Martin Choma
> Assignee: Bartosz Baranowski
> Priority: Major
> Labels: security-manager
> Attachments: sm-fix.patch
>
>
> {noformat}
> org.jboss.as.test.integration.json (1)
> JSONBTestCase.testJsonbServlet
> {noformat}
> {noformat}
> java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/store/repository/org/eclipse/yasson/1.0.2/yasson-1.0.2.jar" "read")" in code source "(vfs:/content/jsonb10-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.jsonb10-test.war" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:359)
> at java.util.zip.ZipFile.<init>(ZipFile.java:216)
> at java.util.zip.ZipFile.<init>(ZipFile.java:155)
> at java.util.jar.JarFile.<init>(JarFile.java:166)
> at java.util.jar.JarFile.<init>(JarFile.java:103)
> at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
> at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
> at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99)
> at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
> at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:152)
> at java.net.URL.openStream(URL.java:1045)
> at java.util.ServiceLoader.parse(ServiceLoader.java:304)
> at java.util.ServiceLoader.access$200(ServiceLoader.java:185)
> at java.util.ServiceLoader$LazyIterator.hasNextService(ServiceLoader.java:357)
> at java.util.ServiceLoader$LazyIterator.access$600(ServiceLoader.java:323)
> at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:396)
> at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:395)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398)
> at java.util.ServiceLoader$1.hasNext(ServiceLoader.java:474)
> at javax.json.bind.spi.JsonbProvider.provider(JsonbProvider.java:112)
> at javax.json.bind.JsonbBuilder.create(JsonbBuilder.java:108)
> at org.jboss.as.test.integration.json.JSONBServlet.doGet(JSONBServlet.java:46) ...
> {noformat}
> Looks to me similar to WFLY-11337
> [1] https://ci.wildfly.org/viewLog.html?buildId=128138&buildTypeId=WF_MasterS...
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFLY-11365) Test JSONBTestCase fails with security manager
by Bartosz Baranowski (Jira)
[ https://issues.jboss.org/browse/WFLY-11365?page=com.atlassian.jira.plugin... ]
Bartosz Baranowski edited comment on WFLY-11365 at 1/8/19 2:16 AM:
-------------------------------------------------------------------
{noformat}
<<ALL FILES >> perms are there because you cant wildcard file permissions to match part of execution path. So you cant match */modules/-/specific.jar, you either have to specify either root prefix of path ( with /-) or whole URL. Distribution method( IMHO) is mute point as securing container/granting access is not something OS/installation should do, it should be handled by admin.
{noformat}
was (Author: baranowb):
<<ALL FILES >> perms are there because you cant wildcard file permissions to match part of execution path. So you cant match */modules/-/specific.jar, you either have to specify either root prefix of path ( with /-) or whole URL. Distribution method( IMHO) is mute point as securing container/granting access is not something OS/installation should do, it should be handled by admin.
> Test JSONBTestCase fails with security manager
> ----------------------------------------------
>
> Key: WFLY-11365
> URL: https://issues.jboss.org/browse/WFLY-11365
> Project: WildFly
> Issue Type: Bug
> Components: EE, Test Suite
> Affects Versions: 15.0.0.Beta1
> Reporter: Martin Choma
> Assignee: Bartosz Baranowski
> Priority: Major
> Labels: security-manager
> Attachments: sm-fix.patch
>
>
> {noformat}
> org.jboss.as.test.integration.json (1)
> JSONBTestCase.testJsonbServlet
> {noformat}
> {noformat}
> java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/store/repository/org/eclipse/yasson/1.0.2/yasson-1.0.2.jar" "read")" in code source "(vfs:/content/jsonb10-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.jsonb10-test.war" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:359)
> at java.util.zip.ZipFile.<init>(ZipFile.java:216)
> at java.util.zip.ZipFile.<init>(ZipFile.java:155)
> at java.util.jar.JarFile.<init>(JarFile.java:166)
> at java.util.jar.JarFile.<init>(JarFile.java:103)
> at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
> at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
> at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99)
> at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
> at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:152)
> at java.net.URL.openStream(URL.java:1045)
> at java.util.ServiceLoader.parse(ServiceLoader.java:304)
> at java.util.ServiceLoader.access$200(ServiceLoader.java:185)
> at java.util.ServiceLoader$LazyIterator.hasNextService(ServiceLoader.java:357)
> at java.util.ServiceLoader$LazyIterator.access$600(ServiceLoader.java:323)
> at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:396)
> at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:395)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398)
> at java.util.ServiceLoader$1.hasNext(ServiceLoader.java:474)
> at javax.json.bind.spi.JsonbProvider.provider(JsonbProvider.java:112)
> at javax.json.bind.JsonbBuilder.create(JsonbBuilder.java:108)
> at org.jboss.as.test.integration.json.JSONBServlet.doGet(JSONBServlet.java:46) ...
> {noformat}
> Looks to me similar to WFLY-11337
> [1] https://ci.wildfly.org/viewLog.html?buildId=128138&buildTypeId=WF_MasterS...
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFLY-11365) Test JSONBTestCase fails with security manager
by Bartosz Baranowski (Jira)
[ https://issues.jboss.org/browse/WFLY-11365?page=com.atlassian.jira.plugin... ]
Bartosz Baranowski edited comment on WFLY-11365 at 1/8/19 2:16 AM:
-------------------------------------------------------------------
<<ALL FILES >> perms are there because you cant wildcard file permissions to match part of execution path. So you cant match */modules/*/specific.jar, you either have to specify either root prefix of path ( with /-) or whole URL. Distribution method( IMHO) is mute point as securing container/granting access is not something OS/installation should do, it should be handled by admin.
was (Author: baranowb):
{noformat}
<<ALL FILES >> perms are there because you cant wildcard file permissions to match part of execution path. So you cant match */modules/-/specific.jar, you either have to specify either root prefix of path ( with /-) or whole URL. Distribution method( IMHO) is mute point as securing container/granting access is not something OS/installation should do, it should be handled by admin.
{noformat}
> Test JSONBTestCase fails with security manager
> ----------------------------------------------
>
> Key: WFLY-11365
> URL: https://issues.jboss.org/browse/WFLY-11365
> Project: WildFly
> Issue Type: Bug
> Components: EE, Test Suite
> Affects Versions: 15.0.0.Beta1
> Reporter: Martin Choma
> Assignee: Bartosz Baranowski
> Priority: Major
> Labels: security-manager
> Attachments: sm-fix.patch
>
>
> {noformat}
> org.jboss.as.test.integration.json (1)
> JSONBTestCase.testJsonbServlet
> {noformat}
> {noformat}
> java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/store/repository/org/eclipse/yasson/1.0.2/yasson-1.0.2.jar" "read")" in code source "(vfs:/content/jsonb10-test.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.jsonb10-test.war" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:359)
> at java.util.zip.ZipFile.<init>(ZipFile.java:216)
> at java.util.zip.ZipFile.<init>(ZipFile.java:155)
> at java.util.jar.JarFile.<init>(JarFile.java:166)
> at java.util.jar.JarFile.<init>(JarFile.java:103)
> at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
> at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
> at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99)
> at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
> at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:152)
> at java.net.URL.openStream(URL.java:1045)
> at java.util.ServiceLoader.parse(ServiceLoader.java:304)
> at java.util.ServiceLoader.access$200(ServiceLoader.java:185)
> at java.util.ServiceLoader$LazyIterator.hasNextService(ServiceLoader.java:357)
> at java.util.ServiceLoader$LazyIterator.access$600(ServiceLoader.java:323)
> at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:396)
> at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:395)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398)
> at java.util.ServiceLoader$1.hasNext(ServiceLoader.java:474)
> at javax.json.bind.spi.JsonbProvider.provider(JsonbProvider.java:112)
> at javax.json.bind.JsonbBuilder.create(JsonbBuilder.java:108)
> at org.jboss.as.test.integration.json.JSONBServlet.doGet(JSONBServlet.java:46) ...
> {noformat}
> Looks to me similar to WFLY-11337
> [1] https://ci.wildfly.org/viewLog.html?buildId=128138&buildTypeId=WF_MasterS...
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFLY-11352) WildFly registers multiple distinct drivers for current MySQL driver jar
by Stefano Maestri (Jira)
[ https://issues.jboss.org/browse/WFLY-11352?page=com.atlassian.jira.plugin... ]
Stefano Maestri updated WFLY-11352:
-----------------------------------
Issue Type: Enhancement (was: Bug)
> WildFly registers multiple distinct drivers for current MySQL driver jar
> ------------------------------------------------------------------------
>
> Key: WFLY-11352
> URL: https://issues.jboss.org/browse/WFLY-11352
> Project: WildFly
> Issue Type: Enhancement
> Components: JCA
> Affects Versions: 14.0.1.Final
> Reporter: Stephen Fikes
> Assignee: Lin Gao
> Priority: Major
>
> When MySQL drivers are deployed as jars (rather than [modules|https://issues.jboss.org/browse/WFLY-3218]), multiple named drivers:
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-3) WFLYJCA0005: Deploying non-JDBC-compliant driver class com.mysql.jdbc.Driver (version 5.1)
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-3) WFLYJCA0005: Deploying non-JDBC-compliant driver class com.mysql.fabric.jdbc.FabricMySQLDriver (version 5.1)
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = mysql-connector-java-5.1.44-bin.jar_com.mysql.jdbc.Driver_5_1
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = mysql-connector-java-5.1.44-bin.jar_com.mysql.fabric.jdbc.FabricMySQLDriver_5_1
> Consequently, references to the driver by name (such as the below) fail to resolve
> {code}
> <datasource jndi-name="java:jboss/datasources/mysql" pool-name="MySQL" enabled="true">
> ...
> <driver>mysql-connector-java-5.1.44-bin.jar</driver>
> ...
> </datasource>
> {code}
> This issue was [already resolved|https://issues.jboss.org/browse/WFLY-3218] for the case where a module was used to deploy the driver.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFLY-11352) WildFly registers multiple distinct drivers for current MySQL driver jar
by Stefano Maestri (Jira)
[ https://issues.jboss.org/browse/WFLY-11352?page=com.atlassian.jira.plugin... ]
Stefano Maestri updated WFLY-11352:
-----------------------------------
Priority: Minor (was: Major)
> WildFly registers multiple distinct drivers for current MySQL driver jar
> ------------------------------------------------------------------------
>
> Key: WFLY-11352
> URL: https://issues.jboss.org/browse/WFLY-11352
> Project: WildFly
> Issue Type: Enhancement
> Components: JCA
> Affects Versions: 14.0.1.Final
> Reporter: Stephen Fikes
> Assignee: Lin Gao
> Priority: Minor
>
> When MySQL drivers are deployed as jars (rather than [modules|https://issues.jboss.org/browse/WFLY-3218]), multiple named drivers:
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-3) WFLYJCA0005: Deploying non-JDBC-compliant driver class com.mysql.jdbc.Driver (version 5.1)
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-3) WFLYJCA0005: Deploying non-JDBC-compliant driver class com.mysql.fabric.jdbc.FabricMySQLDriver (version 5.1)
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = mysql-connector-java-5.1.44-bin.jar_com.mysql.jdbc.Driver_5_1
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = mysql-connector-java-5.1.44-bin.jar_com.mysql.fabric.jdbc.FabricMySQLDriver_5_1
> Consequently, references to the driver by name (such as the below) fail to resolve
> {code}
> <datasource jndi-name="java:jboss/datasources/mysql" pool-name="MySQL" enabled="true">
> ...
> <driver>mysql-connector-java-5.1.44-bin.jar</driver>
> ...
> </datasource>
> {code}
> This issue was [already resolved|https://issues.jboss.org/browse/WFLY-3218] for the case where a module was used to deploy the driver.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFLY-11353) Classes for newer versions are not loaded from Multi-Release-JARs in WARs
by Daniel Schwering (Jira)
[ https://issues.jboss.org/browse/WFLY-11353?page=com.atlassian.jira.plugin... ]
Daniel Schwering commented on WFLY-11353:
-----------------------------------------
[~dmlloyd], what do you mean by "Normal"? How do I deploy my war's content in a "Normal" way? I tried adding the contents as a directory instead of as a war to my deployments dir, but the result was the same.
> Classes for newer versions are not loaded from Multi-Release-JARs in WARs
> -------------------------------------------------------------------------
>
> Key: WFLY-11353
> URL: https://issues.jboss.org/browse/WFLY-11353
> Project: WildFly
> Issue Type: Bug
> Components: Class Loading
> Affects Versions: 14.0.0.Final, 15.0.0.Final
> Environment: Java 9+
> Reporter: Daniel Schwering
> Priority: Major
> Attachments: buggywar.src.zip, buggywar.war, multireleaselib-0.0.1-SNAPSHOT.jar, multireleaselib-0.0.1-SNAPSHOT.jar, multireleaselib.src.zip, multireleaselib.src.zip
>
>
> 1
> down vote
> favorite
> Since Java 9 there are Multi-Release JARs ([MRJARS|https://openjdk.java.net/jeps/238]) that allow different classes for different Java versions to be included in one JAR file. I was surprised when a Wildfly 14 running on Java 11 executed Java-8-code in a JAR included in a WAR although the JAR was a MRJAR with code for Java 11. That JAR included as a dependency for a regular Java SE project is running different code depending on the running JRE, but when included in a WAR, the Java-11-code seems to be ignored.
> Is that expected behavior for a webserver, as Java EE 8 does not explicitly require Java 9 (which introduced MRJARs) but only Java 8?
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (DROOLS-2697) [DMN Designer] Improve readability of node labels
by Matthew Stevens (Jira)
[ https://issues.jboss.org/browse/DROOLS-2697?page=com.atlassian.jira.plugi... ]
Matthew Stevens edited comment on DROOLS-2697 at 1/7/19 9:44 PM:
-----------------------------------------------------------------
Would it be possible to break up the long word [~dadossan]? So it could look like:
a
very
looooooo
oong te...
was (Author: mstevens1):
Would it be possible to break up the loooong word [~dadossan]? So it could look like:
a
very
looooooo
oong te...
> [DMN Designer] Improve readability of node labels
> -------------------------------------------------
>
> Key: DROOLS-2697
> URL: https://issues.jboss.org/browse/DROOLS-2697
> Project: Drools
> Issue Type: Enhancement
> Components: DMN Editor
> Affects Versions: 7.8.0.Final
> Reporter: Guilherme Carreiro
> Assignee: Daniel José dos Santos
> Priority: Major
> Attachments: BPMN-label.png, screenshot-1.png, screenshot-2.png
>
>
> Node names are bold text without background rectangle and hence _merge_ into the node SVG. It'd be nicer to change font to regular and provide a (white) background rectangle to improve readability. See https://github.com/kiegroup/kie-wb-common/pull/1929#pullrequestreview-133...
> h2. Acceptance criteria
> - Download as DMN, import into external tool
> - Download as picture
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months
[JBoss JIRA] (WFLY-11352) WildFly registers multiple distinct drivers for current MySQL driver jar
by Lin Gao (Jira)
[ https://issues.jboss.org/browse/WFLY-11352?page=com.atlassian.jira.plugin... ]
Lin Gao reassigned WFLY-11352:
------------------------------
Assignee: Lin Gao (was: Stefano Maestri)
> WildFly registers multiple distinct drivers for current MySQL driver jar
> ------------------------------------------------------------------------
>
> Key: WFLY-11352
> URL: https://issues.jboss.org/browse/WFLY-11352
> Project: WildFly
> Issue Type: Bug
> Components: JCA
> Affects Versions: 14.0.1.Final
> Reporter: Stephen Fikes
> Assignee: Lin Gao
> Priority: Major
>
> When MySQL drivers are deployed as jars (rather than [modules|https://issues.jboss.org/browse/WFLY-3218]), multiple named drivers:
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-3) WFLYJCA0005: Deploying non-JDBC-compliant driver class com.mysql.jdbc.Driver (version 5.1)
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-3) WFLYJCA0005: Deploying non-JDBC-compliant driver class com.mysql.fabric.jdbc.FabricMySQLDriver (version 5.1)
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = mysql-connector-java-5.1.44-bin.jar_com.mysql.jdbc.Driver_5_1
> ... INFO [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-1) WFLYJCA0018: Started Driver service with driver-name = mysql-connector-java-5.1.44-bin.jar_com.mysql.fabric.jdbc.FabricMySQLDriver_5_1
> Consequently, references to the driver by name (such as the below) fail to resolve
> {code}
> <datasource jndi-name="java:jboss/datasources/mysql" pool-name="MySQL" enabled="true">
> ...
> <driver>mysql-connector-java-5.1.44-bin.jar</driver>
> ...
> </datasource>
> {code}
> This issue was [already resolved|https://issues.jboss.org/browse/WFLY-3218] for the case where a module was used to deploy the driver.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 9 months