March 2019 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-4374) security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does

by Bartosz Spyrko-Śmietanko (Jira)

[ https://issues.jboss.org/browse/WFCORE-4374?page=com.atlassian.jira.plugi... ] Bartosz Spyrko-Śmietanko commented on WFCORE-4374: -------------------------------------------------- 'javax.management.MBeanServerPermission' fails to load in LoadedPermissionFactory because the class is not available to the security-manager module. Adding java.se module to the security-manager module will solve most of the cases, but there would still be some permissions not included. Maybe we should add a 'module' parameter on the permission element that would be used to resolve the Permission? [~jmesnil] WDYT? > security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does > ------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-4374 > URL: https://issues.jboss.org/browse/WFCORE-4374 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Bartosz Spyrko-Śmietanko > Assignee: Bartosz Spyrko-Śmietanko > Priority: Major > > When configuring a jdbc driver deployment jar with permissions.xml it I was able to resolve all of the needed permissions. But then when I remove the permissions.xml from the deployment and define the same permissions in the security-manager, it fails saying it requires the javax.management.MBeanServerPermission createMBeanServer even though it is defined in the subsystem. > {code} > 23:41:13,007 ERROR [stderr] (ServerService Thread Pool -- 81) java.security.AccessControlException: WFSM000001: Permission check failed (permission "("javax.management.MBeanServerPermission" "createMBeanServer")" in code source "(vfs:/Users/bmaxwell/Downloads/02291781/jboss-eap-7.3/standalone/deployments/createMBeanServer.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.createMBeanServer.jar" from Service Module Loader") > {code} > {code} > <minimum-set> > <permission class="javax.management.MBeanServerPermission" name="createMBeanServer"/> > </minimum-set> > {code} > If you put a permissions.xml in the deployment's META-INF with this below then it works fine. The other permissions I used for the jdbc driver seemed to work fine, it is just this one that seems inconsistent for some reason. > {code} > <?xml version="1.0" encoding="UTF-8"?> > <permissions xmlns="http://xmlns.jcp.org/xml/ns/javaee" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee > http://xmlns.jcp.org/xml/ns/javaee/permissions_7.xsd" > version="7"> > <permission> > <class-name>javax.management.MBeanServerPermission</class-name> > <name>createMBeanServer</name> > </permission> > </permissions> > {code} -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4374) security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does

by Bartosz Spyrko-Śmietanko (Jira)

[ https://issues.jboss.org/browse/WFCORE-4374?page=com.atlassian.jira.plugi... ] Bartosz Spyrko-Śmietanko updated WFCORE-4374: --------------------------------------------- Component/s: Security > security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does > ------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-4374 > URL: https://issues.jboss.org/browse/WFCORE-4374 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Bartosz Spyrko-Śmietanko > Assignee: Bartosz Spyrko-Śmietanko > Priority: Major > > When configuring a jdbc driver deployment jar with permissions.xml it I was able to resolve all of the needed permissions. But then when I remove the permissions.xml from the deployment and define the same permissions in the security-manager, it fails saying it requires the javax.management.MBeanServerPermission createMBeanServer even though it is defined in the subsystem. > {code} > 23:41:13,007 ERROR [stderr] (ServerService Thread Pool -- 81) java.security.AccessControlException: WFSM000001: Permission check failed (permission "("javax.management.MBeanServerPermission" "createMBeanServer")" in code source "(vfs:/Users/bmaxwell/Downloads/02291781/jboss-eap-7.3/standalone/deployments/createMBeanServer.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.createMBeanServer.jar" from Service Module Loader") > {code} > {code} > <minimum-set> > <permission class="javax.management.MBeanServerPermission" name="createMBeanServer"/> > </minimum-set> > {code} > If you put a permissions.xml in the deployment's META-INF with this below then it works fine. The other permissions I used for the jdbc driver seemed to work fine, it is just this one that seems inconsistent for some reason. > {code} > <?xml version="1.0" encoding="UTF-8"?> > <permissions xmlns="http://xmlns.jcp.org/xml/ns/javaee" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee > http://xmlns.jcp.org/xml/ns/javaee/permissions_7.xsd" > version="7"> > <permission> > <class-name>javax.management.MBeanServerPermission</class-name> > <name>createMBeanServer</name> > </permission> > </permissions> > {code} -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4374) security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does

by Bartosz Spyrko-Śmietanko (Jira)

[ https://issues.jboss.org/browse/WFCORE-4374?page=com.atlassian.jira.plugi... ] Bartosz Spyrko-Śmietanko moved JBEAP-16555 to WFCORE-4374: ---------------------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-4374 (was: JBEAP-16555) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: (was: Security Manager) Affects Version/s: (was: 7.2.0.GA) (was: 7.3.0.CD15) Fix Version/s: (was: 7.2.2.GA) > security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does > ------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-4374 > URL: https://issues.jboss.org/browse/WFCORE-4374 > Project: WildFly Core > Issue Type: Bug > Reporter: Bartosz Spyrko-Śmietanko > Assignee: Bartosz Spyrko-Śmietanko > Priority: Major > > When configuring a jdbc driver deployment jar with permissions.xml it I was able to resolve all of the needed permissions. But then when I remove the permissions.xml from the deployment and define the same permissions in the security-manager, it fails saying it requires the javax.management.MBeanServerPermission createMBeanServer even though it is defined in the subsystem. > {code} > 23:41:13,007 ERROR [stderr] (ServerService Thread Pool -- 81) java.security.AccessControlException: WFSM000001: Permission check failed (permission "("javax.management.MBeanServerPermission" "createMBeanServer")" in code source "(vfs:/Users/bmaxwell/Downloads/02291781/jboss-eap-7.3/standalone/deployments/createMBeanServer.jar <no signer certificates>)" of "ModuleClassLoader for Module "deployment.createMBeanServer.jar" from Service Module Loader") > {code} > {code} > <minimum-set> > <permission class="javax.management.MBeanServerPermission" name="createMBeanServer"/> > </minimum-set> > {code} > If you put a permissions.xml in the deployment's META-INF with this below then it works fine. The other permissions I used for the jdbc driver seemed to work fine, it is just this one that seems inconsistent for some reason. > {code} > <?xml version="1.0" encoding="UTF-8"?> > <permissions xmlns="http://xmlns.jcp.org/xml/ns/javaee" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee > http://xmlns.jcp.org/xml/ns/javaee/permissions_7.xsd" > version="7"> > <permission> > <class-name>javax.management.MBeanServerPermission</class-name> > <name>createMBeanServer</name> > </permission> > </permissions> > {code} -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-640) Refactor Upstream Pipeline

by Guilherme Baufaker Rêgo (Jira)

Guilherme Baufaker Rêgo created SWSQE-640: --------------------------------------------- Summary: Refactor Upstream Pipeline Key: SWSQE-640 URL: https://issues.jboss.org/browse/SWSQE-640 Project: Kiali QE Issue Type: Task Reporter: Guilherme Baufaker Rêgo Assignee: Guilherme Baufaker Rêgo - Istio Upstream - Kiali on Openshift - Istio and Kiali on Openshift These jobs are not valid anymore because ansible installer is gone (https://github.com/istio/istio/issues/12262) -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4373) org.jboss.logmanager module requires java.sql module

by Ilia Vassilev (Jira)

[ https://issues.jboss.org/browse/WFCORE-4373?page=com.atlassian.jira.plugi... ] Ilia Vassilev moved JBEAP-16554 to WFCORE-4373: ----------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-4373 (was: JBEAP-16554) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Modules (was: Server) Affects Version/s: 8.0.0.Final (was: 7.2.0.GA) Fix Version/s: (was: 7.2.2.GA) > org.jboss.logmanager module requires java.sql module > ---------------------------------------------------- > > Key: WFCORE-4373 > URL: https://issues.jboss.org/browse/WFCORE-4373 > Project: WildFly Core > Issue Type: Bug > Components: Modules > Affects Versions: 8.0.0.Final > Reporter: Ilia Vassilev > Assignee: Ilia Vassilev > Priority: Major > > org.jboss.logmanager module requires java.sql module > {code} > Caused by: java.lang.ClassNotFoundException: java.sql.SQLException from [Module "org.jboss.log4j.logmanager" version 1.1.6.Final-redhat-00001 from local module loader @7d3a22a9 (finder: local module finder @1d082e88 (roots: /opt/jboss/modules,/opt/jboss/modules/system/layers/base))] > {code} > It looks like in EAP 6.4 java.* was visible to everything. In EAP 7.2 with JBoss Modules changes likely due to JDK 11 modular changes, it looks like java.* is no longer just visible and JBoss Modules has some internal modules such as java.sql which would be needed to see these classes. > Tattletale says that logmanager jar has this class org.apache.log4j.jdbc.JDBCAppender which uses java.sql.* , so we should add a dependency on java.sql (javax.sql.api exports java.sql , but javax.sql.api module is marked deprecated) > EAP 6.4 > {code} > <module xmlns="urn:jboss:module:1.1" name="org.jboss.log4j.logmanager"> > <resources> > <resource-root path="log4j-jboss-logmanager-1.1.4.Final-redhat-1.jar"/> >  > </resources> > <dependencies> > <module name="javax.api"/> > <module name="javax.mail.api" optional="true"/> > <module name="javax.jms.api" optional="true"/> > <module name="org.dom4j" optional="true"/> > <module name="org.jboss.logmanager"/> > <module name="org.jboss.modules"/> > </dependencies> > </module> > {code} > {code} > grep -r java.sql `f module.xml` > <nothing> > {code} > EAP 7.2: > {code} > <module name="org.jboss.log4j.logmanager" xmlns="urn:jboss:module:1.8"> > <properties> > <property name="jboss.api" value="private"/> > </properties> > <resources> > <resource-root path="log4j-jboss-logmanager-1.1.6.Final-redhat-00001.jar"/> > </resources> > <dependencies> >  > <module name="java.desktop"/> > <module name="java.logging"/> > <module name="java.xml"/> > <module name="javax.mail.api" optional="true"/> > <module name="javax.jms.api" optional="true"/> > <module name="org.dom4j" optional="true"/> > <module name="org.jboss.logmanager"/> > <module name="org.jboss.modules"/> > </dependencies> > </module> > {code} > {code} > grep -r java.sql `f module.xml` > ./modules/system/layers/base/sun/jdk/main/module.xml:  > ./modules/system/layers/base/org/wildfly/extension/elytron/main/module.xml: <module name="java.sql"/> > ./modules/system/layers/base/org/wildfly/security/elytron-private/main/module.xml: <module name="java.sql"/> > ./modules/system/layers/base/io/undertow/core/main/module.xml: <module name="java.sql"/> > ./modules/system/layers/base/javax/sql/api/main/module.xml: <module name="java.sql" export="true"/> > {code} -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-639) UI Automation - Istio Config - Support Newly Added Types

by Hayk Hovsepyan (Jira)

Hayk Hovsepyan created SWSQE-639: ------------------------------------ Summary: UI Automation - Istio Config - Support Newly Added Types Key: SWSQE-639 URL: https://issues.jboss.org/browse/SWSQE-639 Project: Kiali QE Issue Type: QE Task Reporter: Hayk Hovsepyan In Kiali API and OC API: ServiceRole ServiceRoleBinding ClusterRbacConfig -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1763) Public API org.wildfly.security.mechanism.MechanismUtil has been removed.

by Diana Vilkolakova (Jira)

[ https://issues.jboss.org/browse/ELY-1763?page=com.atlassian.jira.plugin.s... ] Diana Vilkolakova edited comment on ELY-1763 at 3/14/19 11:12 AM: ------------------------------------------------------------------ [~dlofthouse] [ELY-1448|https://issues.jboss.org/browse/ELY-1448] issue deprecated this class and delegated methods to _private.MechanismUtil. Then during modularisaton the deprecated class was removed [here|https://github.com/wildfly-security/wildfly-elytron/commit/953283a15...]. So it can probably be excluded from JAPICMP check. was (Author: dvilkola): [~dlofthouse] [ELY-1448|https://issues.jboss.org/browse/ELY-1448] issue deprecated this class and delegated methods to _private.MechanismUtil. Then during modularisaton the deprated class was removed [here|https://github.com/wildfly-security/wildfly-elytron/commit/953283a15...]. So it can probably be excluded from JAPICMP check. > Public API org.wildfly.security.mechanism.MechanismUtil has been removed. > ------------------------------------------------------------------------- > > Key: ELY-1763 > URL: https://issues.jboss.org/browse/ELY-1763 > Project: WildFly Elytron > Issue Type: Sub-task > Components: API / SPI, Build > Reporter: Darran Lofthouse > Assignee: Diana Vilkolakova > Priority: Blocker > Fix For: 1.9.0.CR1 > > > We either need to restore this or exclude it from the JAPICMP check. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1763) Public API org.wildfly.security.mechanism.MechanismUtil has been removed.

by Diana Vilkolakova (Jira)

[ https://issues.jboss.org/browse/ELY-1763?page=com.atlassian.jira.plugin.s... ] Diana Vilkolakova commented on ELY-1763: ---------------------------------------- [~dlofthouse] [ELY-1448|https://issues.jboss.org/browse/ELY-1448] issue deprecated this class and delegated methods to _private.MechanismUtil. Then during modularisaton the deprated class was removed [here|https://github.com/wildfly-security/wildfly-elytron/commit/953283a15...]. So it can probably be excluded from JAPICMP check. > Public API org.wildfly.security.mechanism.MechanismUtil has been removed. > ------------------------------------------------------------------------- > > Key: ELY-1763 > URL: https://issues.jboss.org/browse/ELY-1763 > Project: WildFly Elytron > Issue Type: Sub-task > Components: API / SPI, Build > Reporter: Darran Lofthouse > Assignee: Diana Vilkolakova > Priority: Blocker > Fix For: 1.9.0.CR1 > > > We either need to restore this or exclude it from the JAPICMP check. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-11849) Narayana XTS txbridge not permitting to start transaction when no timeout is set

by Ondra Chaloupka (Jira)

[ https://issues.jboss.org/browse/WFLY-11849?page=com.atlassian.jira.plugin... ] Ondra Chaloupka updated WFLY-11849: ----------------------------------- Forum Reference: https://developer.jboss.org/message/988465#988465 > Narayana XTS txbridge not permitting to start transaction when no timeout is set > -------------------------------------------------------------------------------- > > Key: WFLY-11849 > URL: https://issues.jboss.org/browse/WFLY-11849 > Project: WildFly > Issue Type: Bug > Components: Transactions > Affects Versions: 16.0.0.Final > Reporter: Ondra Chaloupka > Assignee: Ondra Chaloupka > Priority: Critical > > The issue comes with changes in WFTC-54 where it was decided that the timeout of value {{0}} is not acceptable (see https://issues.jboss.org/browse/WFTC-54?focusedCommentId=13677791#comment...). The txbridge still uses value of {{0}} as definition of not timeout. > It seems the Narayana XTS txbridge needs to change the behaviour in similar way as it was done for the ejb client https://issues.jboss.org/browse/EJBCLIENT-316. -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-11850) Upgrade JGroups to 4.0.19.Final

by Paul Ferraro (Jira)

Paul Ferraro created WFLY-11850: ----------------------------------- Summary: Upgrade JGroups to 4.0.19.Final Key: WFLY-11850 URL: https://issues.jboss.org/browse/WFLY-11850 Project: WildFly Issue Type: Component Upgrade Components: Clustering Affects Versions: 16.0.0.Final Reporter: Paul Ferraro Assignee: Paul Ferraro https://issues.jboss.org/projects/JGRP/versions/12340786 -- This message was sent by Atlassian Jira (v7.12.1#712002)

5 years, 10 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2019