[JBoss JIRA] (WFCORE-4395) The single mapper validation added via WFCORE-2364 happens at Runtime, this should be a Model time check.
by Jeff Mesnil (Jira)
[ https://issues.jboss.org/browse/WFCORE-4395?page=com.atlassian.jira.plugi... ]
Jeff Mesnil updated WFCORE-4395:
--------------------------------
Fix Version/s: 9.0.0.Beta5
(was: 9.0.0.Beta4)
> The single mapper validation added via WFCORE-2364 happens at Runtime, this should be a Model time check.
> ---------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-4395
> URL: https://issues.jboss.org/browse/WFCORE-4395
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Darran Lofthouse
> Priority: Major
> Fix For: 9.0.0.Beta5
>
>
> If possible the mappers should be flagged as being mutually exclusive, however failing that the validation should happen during Stage.MODEL.
> Presently this leads to an unsatisifed dependency: -
> {noformat}
> 14:21:59,055 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("security-domain" => "demon-domain")
> ]) - failure description: {
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-realm.demo-realm"],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-domain.demon-domain.initial is missing [org.wildfly.security.security-realm.demo-realm]"]
> }
> {noformat}
> Despite this error the underlying cause is not logged at any level.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years
[JBoss JIRA] (WFCORE-4447) Elytron: Ability to load the attributes of an identity from multiple sources
by Jeff Mesnil (Jira)
[ https://issues.jboss.org/browse/WFCORE-4447?page=com.atlassian.jira.plugi... ]
Jeff Mesnil updated WFCORE-4447:
--------------------------------
Fix Version/s: 9.0.0.Beta5
(was: 9.0.0.Beta4)
> Elytron: Ability to load the attributes of an identity from multiple sources
> ----------------------------------------------------------------------------
>
> Key: WFCORE-4447
> URL: https://issues.jboss.org/browse/WFCORE-4447
> Project: WildFly Core
> Issue Type: Feature Request
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 9.0.0.Beta5
>
>
> In previous versions a {{security-domain}} was used to merge or add roles from multiple repositories. For example the roles for the users were obtained from two different ldaps and a database. All the roles were merged and the final authenticated principal belonged to all of them. The old picketbox subsystem used stacking of login modules (and password) to implement this feature. This use-case is not rare among the customers.
> This issue is avoiding migrations from the old security subsystem to elytron.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years
[JBoss JIRA] (WFCORE-4457) Default SSLContext testing in Elytron test cases breaking SubsystemTransformersTestCase downloads.
by Jeff Mesnil (Jira)
[ https://issues.jboss.org/browse/WFCORE-4457?page=com.atlassian.jira.plugi... ]
Jeff Mesnil updated WFCORE-4457:
--------------------------------
Fix Version/s: 9.0.0.Beta5
(was: 9.0.0.Beta4)
> Default SSLContext testing in Elytron test cases breaking SubsystemTransformersTestCase downloads.
> --------------------------------------------------------------------------------------------------
>
> Key: WFCORE-4457
> URL: https://issues.jboss.org/browse/WFCORE-4457
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Blocker
> Fix For: 9.0.0.Beta5
>
>
> In certain environments this is causing failures such as: -
> {noformat}
> [ERROR] testRejectingTransformersEAP720(org.wildfly.extension.elytron.SubsystemTransformerTestCase) Time elapsed: 1.17 s <<< ERROR!
> java.lang.RuntimeException: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact org.wildfly.core:wildfly-elytron-integration:jar:6.0.1.Final from/to product-repository (https://maven.repository.redhat.com/ga/): sun.security.validator.ValidatorException: No trusted certificate found
> at org.jboss.as.model.test.MavenUtil.createMavenGavURL(MavenUtil.java:142)
> at org.jboss.as.model.test.ChildFirstClassLoaderBuilder.addMavenResourceURL(ChildFirstClassLoaderBuilder.java:198)
> at org.jboss.as.subsystem.test.SubsystemTestDelegate$LegacyKernelServiceInitializerImpl.addMavenResourceURL(SubsystemTestDelegate.java:717)
> at org.wildfly.extension.elytron.SubsystemTransformerTestCase.testRejectingTransformers(SubsystemTransformerTestCase.java:178)
> at org.wildfly.extension.elytron.SubsystemTransformerTestCase.testRejectingTransformersEAP720(SubsystemTransformerTestCase.java:90)
> Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact org.wildfly.core:wildfly-elytron-integration:jar:6.0.1.Final from/to product-repository (https://maven.repository.redhat.com/ga/): sun.security.validator.ValidatorException: No trusted certificate found
> at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:422)
> at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:224)
> at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact(DefaultArtifactResolver.java:201)
> at org.eclipse.aether.internal.impl.DefaultRepositorySystem.resolveArtifact(DefaultRepositorySystem.java:260)
> at org.jboss.as.model.test.MavenUtil.createMavenGavURL(MavenUtil.java:140)
> ... 4 more
> Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact org.wildfly.core:wildfly-elytron-integration:jar:6.0.1.Final from/to product-repository (https://maven.repository.redhat.com/ga/): sun.security.validator.ValidatorException: No trusted certificate found
> at org.eclipse.aether.connector.basic.ArtifactTransportListener.transferFailed(ArtifactTransportListener.java:52)
> at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:365)
> at org.eclipse.aether.util.concurrency.RunnableErrorForwarder$1.run(RunnableErrorForwarder.java:75)
> at org.eclipse.aether.connector.basic.BasicRepositoryConnector$DirectExecutor.execute(BasicRepositoryConnector.java:583)
> at org.eclipse.aether.connector.basic.BasicRepositoryConnector.get(BasicRepositoryConnector.java:259)
> at org.eclipse.aether.internal.impl.DefaultArtifactResolver.performDownloads(DefaultArtifactResolver.java:498)
> at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:399)
> ... 8 more
> Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
> at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:573)
> at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:557)
> at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:414)
> at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
> at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:326)
> at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610)
> at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445)
> at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:835)
> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
> at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
> at org.apache.http.impl.client.DecompressingHttpClient.execute(DecompressingHttpClient.java:164)
> at org.eclipse.aether.transport.http.HttpTransporter.execute(HttpTransporter.java:296)
> at org.eclipse.aether.transport.http.HttpTransporter.implPeek(HttpTransporter.java:240)
> at org.eclipse.aether.spi.connector.transport.AbstractTransporter.peek(AbstractTransporter.java:51)
> at org.eclipse.aether.connector.basic.BasicRepositoryConnector$PeekTaskRunner.runTask(BasicRepositoryConnector.java:386)
> at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:360)
> ... 13 more
> Caused by: sun.security.validator.ValidatorException: No trusted certificate found
> at org.wildfly.extension.elytron.SSLDefinitions$DelegatingTrustManager.checkServerTrusted(SSLDefinitions.java:853)
> ... 29 more
> {noformat}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years
[JBoss JIRA] (WFLY-11833) Stateful Session Bean affinity URI instead of cluster
by Richard Achmatowicz (Jira)
[ https://issues.jboss.org/browse/WFLY-11833?page=com.atlassian.jira.plugin... ]
Richard Achmatowicz edited comment on WFLY-11833 at 4/30/19 10:09 AM:
----------------------------------------------------------------------
It seems that if the bean is created using the Remote home interface (i.e. extends javax.ejb.EJBHome), then the affinity of the associated proxy should be suitable for a remote client. If the bean is created using a Local home interface (i.e. extends javax.ejb.EJBLocalHome), then the associated proxy should be tied to the local environment.
In the case of this issue, the proxy was created with the EJBHome interface and so should be useful in a remote client context, and so probably should have the same affinity as if it were looked up locally from the client (i.e. bean attributes taken into account and end up with a (strong affinity, weak affinity) = (cluster, node session created on)).
was (Author: rachmato):
It seems that if the bean is created using the Remote home interface (i.e. extends javax.ejb.EJBHome), then the affinity of the associated proxy should be suitable for a remote client. If the bean is created using a Local home interface (i.e. extends javax.ejb.EJBLocalHome), then the associated proxy should be tied to the local environment.
> Stateful Session Bean affinity URI instead of cluster
> -----------------------------------------------------
>
> Key: WFLY-11833
> URL: https://issues.jboss.org/browse/WFLY-11833
> Project: WildFly
> Issue Type: Bug
> Components: Clustering, EJB
> Affects Versions: 16.0.0.Final
> Environment: WildFly cluster having SFSB deployed.
> Reporter: Joerg Baesner
> Assignee: Richard Achmatowicz
> Priority: Major
> Labels: downstream_dependency
> Attachments: stateful-timeout.zip
>
>
> Deployed is an application with the following setup:
> * Containing a SFSB (_with passivationCapable="true"_)
> * A SLSB exposing a _remote_ method to a standalone client returning an instance of the SFSB
> Scenario:
> A standalone client is invoking the _remote_ method on the Stateless Session Bean and a new instance of the Stateful Session Bean is returned.
> The issue is that the affinity of the returned Stateful Session Bean is URI instead of Cluster.
> See the attached Gradle reproducer application
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years
[JBoss JIRA] (WFLY-11833) Stateful Session Bean affinity URI instead of cluster
by Richard Achmatowicz (Jira)
[ https://issues.jboss.org/browse/WFLY-11833?page=com.atlassian.jira.plugin... ]
Richard Achmatowicz commented on WFLY-11833:
--------------------------------------------
It seems that if the bean is created using the Remote home interface (i.e. extends javax.ejb.EJBHome), then the affinity of the associated proxy should be suitable for a remote client. If the bean is created using a Local home interface (i.e. extends javax.ejb.EJBLocalHome), then the associated proxy should be tied to the local environment.
> Stateful Session Bean affinity URI instead of cluster
> -----------------------------------------------------
>
> Key: WFLY-11833
> URL: https://issues.jboss.org/browse/WFLY-11833
> Project: WildFly
> Issue Type: Bug
> Components: Clustering, EJB
> Affects Versions: 16.0.0.Final
> Environment: WildFly cluster having SFSB deployed.
> Reporter: Joerg Baesner
> Assignee: Richard Achmatowicz
> Priority: Major
> Labels: downstream_dependency
> Attachments: stateful-timeout.zip
>
>
> Deployed is an application with the following setup:
> * Containing a SFSB (_with passivationCapable="true"_)
> * A SLSB exposing a _remote_ method to a standalone client returning an instance of the SFSB
> Scenario:
> A standalone client is invoking the _remote_ method on the Stateless Session Bean and a new instance of the Stateful Session Bean is returned.
> The issue is that the affinity of the returned Stateful Session Bean is URI instead of Cluster.
> See the attached Gradle reproducer application
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years