[JBoss JIRA] (WFLY-11348) EESecurityAuthMechanismTestCase fails with security manager
by James Perkins (Jira)
[ https://issues.jboss.org/browse/WFLY-11348?page=com.atlassian.jira.plugin... ]
James Perkins reopened WFLY-11348:
----------------------------------
Assignee: James Perkins (was: Justin Cook)
> EESecurityAuthMechanismTestCase fails with security manager
> -----------------------------------------------------------
>
> Key: WFLY-11348
> URL: https://issues.jboss.org/browse/WFLY-11348
> Project: WildFly
> Issue Type: Bug
> Components: Security, Test Suite
> Affects Versions: 14.0.0.Final
> Reporter: Martin Choma
> Assignee: James Perkins
> Priority: Major
> Labels: security-manager
>
> {noformat}
> org.jboss.as.test.integration.security.jaspi (2)
> EESecurityAuthMechanismTestCase.testAuthNotRequired
> EESecurityAuthMechanismTestCase.testSuccessfulAuthentication
> {noformat}
> Seems to me doPrivileged block is missing in server code somewhere.
> {noformat}
> &#27;[0m&#27;[31m00:29:39,192 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /EESecurityAuthMechanismTestCase/unsecured/index.jsp: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.lang.RuntimePermission" "org.jboss.security.plugins.JBossSecurityContext.getSubjectInfo")" in code source "(vfs:/content/EESecurityAuthMechanismTestCase.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.EESecurityAuthMechanismTestCase.war" from Service Module Loader")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:294)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:191)
> at org.jboss.security.plugins.JBossSecurityContext.getSubjectInfo(JBossSecurityContext.java:182)
> at org.jboss.security.auth.callback.JASPICallbackHandler.handleCallBack(JASPICallbackHandler.java:128)
> at org.jboss.security.auth.callback.JBossCallbackHandler.handle(JBossCallbackHandler.java:87)
> at org.glassfish.soteria.mechanisms.jaspic.Jaspic.handleCallbacks(Jaspic.java:196)
> at org.glassfish.soteria.mechanisms.jaspic.Jaspic.notifyContainerAboutLogin(Jaspic.java:182)
> at org.glassfish.soteria.mechanisms.HttpMessageContextImpl.doNothing(HttpMessageContextImpl.java:303)
> at org.jboss.as.test.integration.security.jaspi.SimpleHttpAuthenticationMechanism.validateRequest(SimpleHttpAuthenticationMechanism.java:43)
> at org.jboss.as.test.integration.security.jaspi.SimpleHttpAuthenticationMechanism$Proxy$_$$_WeldClientProxy.validateRequest(Unknown Source)
> at org.glassfish.soteria.mechanisms.jaspic.HttpBridgeServerAuthModule.validateRequest(HttpBridgeServerAuthModule.java:114)
> at org.glassfish.soteria.mechanisms.jaspic.DefaultServerAuthContext.validateRequest(DefaultServerAuthContext.java:76)
> at org.jboss.security.plugins.auth.JASPIServerAuthenticationManager.isValid(JASPIServerAuthenticationManager.java:115)
> at org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism.authenticate(JASPICAuthenticationMechanism.java:125)
> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:245)
> at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231)
> at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125)
> at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99)
> at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
> at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55){noformat}
> {noformat}
> [1] https://ci.wildfly.org/viewLog.html?buildId=128138&buildTypeId=WF_MasterS...
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 6 months
[JBoss JIRA] (DROOLS-3429) Serialization of KiePackages fails when SecurityManager is enabled
by Tibor Zimányi (Jira)
[ https://issues.jboss.org/browse/DROOLS-3429?page=com.atlassian.jira.plugi... ]
Tibor Zimányi updated DROOLS-3429:
----------------------------------
Story Points: 3
> Serialization of KiePackages fails when SecurityManager is enabled
> ------------------------------------------------------------------
>
> Key: DROOLS-3429
> URL: https://issues.jboss.org/browse/DROOLS-3429
> Project: Drools
> Issue Type: Bug
> Components: core engine
> Affects Versions: 6.5.0.Final, 7.15.0.Final
> Environment: Running with IBM JDK 1.8
> Reporter: Marcel Abou Khalil
> Assignee: Tibor Zimányi
> Priority: Major
>
> Our Drools setup:
> - users write rules in a combination of DSL and Java code
> - rules are compiled
> - packages are stored in a database (rules are seldom changed but often ran)
> This has been working fine but in order to improve security, we've enabled the SecurityManager. This throws an exception while trying to serialize the consequence part of the rule:
> {code:java}
> Caused by: java.io.NotSerializableException: com.redacted.Rule_Events_REDACTED61028857611DefaultConsequenceInvoker
> - field (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", name: "delegate", type: "interface org.drools.core.spi.Consequence")
> - object (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence@93071816)
> - writeExternal data
> - object (class "org.drools.core.definitions.rule.impl.RuleImpl", [Rule name=REDACTED, agendaGroup=end, salience=0, no-loop=true])
> - writeExternal data
> - object (class "org.drools.core.rule.JavaDialectRuntimeData", org.drools.core.rule.JavaDialectRuntimeData{...})
> - custom writeObject data (class "java.util.HashMap")
> - object (class "java.util.HashMap", {java=org.drools.core.rule.JavaDialectRuntimeData{...}, mvel=org.drools.core.rule.MVELDialectRuntimeData@b99ea6b2})
> - writeExternal data
> - root object (class "org.drools.core.rule.DialectRuntimeRegistry", org.drools.core.rule.DialectRuntimeRegistry@2d9acae8)
> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1213)
> at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1615)
> at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1576)
> at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1499)
> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1209)
> at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:365)
> at org.drools.core.definitions.rule.impl.RuleImpl.writeExternal(RuleImpl.java:180)
> {code}
> Possible cause:
> Class {{RuleImpl}}, method {{writeExternal}} will write out {{null}} if the consequence is of type {{CompiledInvoker}}. But if the SecurityManager is enabled, the method {{wire}} will wrap the Consequence inside a {{SafeConsequence}}. A {{SafeConsequence}}, in contrast to the wrapped consequence is not a {{CompiledInvoker}}, so {{writeExternal}} will attempt to serialize it, instead of just writing {{null}} and fails.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 6 months
[JBoss JIRA] (DROOLS-2697) [DMN Designer] Improve readability of node labels
by Liz Clayton (Jira)
[ https://issues.jboss.org/browse/DROOLS-2697?page=com.atlassian.jira.plugi... ]
Liz Clayton commented on DROOLS-2697:
-------------------------------------
[~dadossan] I don't know if there was a resolution wrt wrapping. Looking at https://issues.jboss.org/browse/JBPM-6454 though I found this:
"...for long names, the default (placeholder) node name would first scale down to fit the default node size automatically. After reducing to some min acceptable font size, if the name still couldn't be accommodated then it would get truncated. I presume if the node was resized larger the reverse would happen - first not truncated, then larger."
[~mstevens1] Wdyt? Do we; A) resize, wrap and then truncate, or B) just resize, and then truncate? Thanks!
> [DMN Designer] Improve readability of node labels
> -------------------------------------------------
>
> Key: DROOLS-2697
> URL: https://issues.jboss.org/browse/DROOLS-2697
> Project: Drools
> Issue Type: Enhancement
> Components: DMN Editor
> Affects Versions: 7.8.0.Final
> Reporter: Guilherme Carreiro
> Assignee: Daniel José dos Santos
> Priority: Major
> Attachments: BPMN-label.png, screenshot-1.png
>
>
> Node names are bold text without background rectangle and hence _merge_ into the node SVG. It'd be nicer to change font to regular and provide a (white) background rectangle to improve readability. See https://github.com/kiegroup/kie-wb-common/pull/1929#pullrequestreview-133...
> h2. Acceptance criteria
> - Download as DMN, import into external tool
> - Download as picture
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 6 months
[JBoss JIRA] (WFLY-11420) Configure statistics-enabled for subsystems that exposes metrics
by Jeff Mesnil (Jira)
[ https://issues.jboss.org/browse/WFLY-11420?page=com.atlassian.jira.plugin... ]
Jeff Mesnil resolved WFLY-11420.
--------------------------------
Fix Version/s: 16.0.0.Beta1
Resolution: Done
Enhancement was provided by WFLY-11471
> Configure statistics-enabled for subsystems that exposes metrics
> ----------------------------------------------------------------
>
> Key: WFLY-11420
> URL: https://issues.jboss.org/browse/WFLY-11420
> Project: WildFly
> Issue Type: Enhancement
> Components: MP Metrics
> Reporter: Rostislav Svoboda
> Assignee: Jeff Mesnil
> Priority: Critical
> Fix For: 16.0.0.Beta1
>
>
> Vendor metrics - subsystem - statistics-enabled to get valid data
> I was playing with vendor metrics and I received a lot of zeros.
> {code}
> curl http://localhost:10090/metrics/vendor 2>/dev/null | grep -v TYPE | grep -v HELP | sort
> {code}
> Note: I use {{-Djboss.socket.binding.port-offset=100}}
> So I started to wonder why and it's because of statistics are not enabled.
> When I enabled statistics for Undertow and hit the WF server main page I saw some changes in metrics.
> {code}
> subsystem=undertow/:write-attribute(name=statistics-enabled, value=true)
> {code}
> Later I realized this scenario is also mentioned in analysis, section WildFly Metrics with undefined value / statistic-enabled = false
> https://github.com/wildfly/wildfly-proposals/blob/cc189b56720951875aa9610...
> So this is mainly tracking + discussion point now.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
7 years, 6 months