June 2019 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-629) Enabled automatic encryption of passwords stored in configuration

by Farah Juma (Jira)

[ https://issues.jboss.org/browse/WFCORE-629?page=com.atlassian.jira.plugin... ] Farah Juma resolved WFCORE-629. ------------------------------- Resolution: Duplicate Issue > Enabled automatic encryption of passwords stored in configuration > ----------------------------------------------------------------- > > Key: WFCORE-629 > URL: https://issues.jboss.org/browse/WFCORE-629 > Project: WildFly Core > Issue Type: Feature Request > Components: Management, Security > Environment: Wildfly 9 > Reporter: Jason Shepherd > Assignee: Darran Lofthouse > Priority: Major > Fix For: 10.0.0.Beta1 > > > Currently encrypting passwords such as Datasource passwords can only be done 'after the fact'. You have to create the datasource first, then retrospectively store the password in the vault and dereference it in the configuration. > It would be great if could turn on automatic storage of passwords in the vault so that when you create a Datasource password, or add a resource adapter which specifies a remote resource password, those passwords were automatically added to the vault, and deferenced in the configuration file. -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-10995) update Netty 4.1.25 to 4.1.29

by Ingo Weiss (Jira)

[ https://issues.jboss.org/browse/WFLY-10995?page=com.atlassian.jira.plugin... ] Ingo Weiss updated WFLY-10995: ------------------------------ Labels: (was: downstream_dependency) > update Netty 4.1.25 to 4.1.29 > ----------------------------- > > Key: WFLY-10995 > URL: https://issues.jboss.org/browse/WFLY-10995 > Project: WildFly > Issue Type: Component Upgrade > Affects Versions: 14.0.0.Final > Reporter: Erik . > Assignee: James Perkins > Priority: Minor > Fix For: 16.0.0.Beta1, 16.0.0.Final > > > There is a long list of closed issues in the past 4 months https://github.com/netty/netty/milestones?state=closed > Updating 4.1.25 to 4.1.29 requires <module name="org.apache.log4j"/> to be added to <dependencies> in modules.xml otherwise you will get failed to define class > {{ > {code:java} > 2018-09-07 20:51:29,111 WARN [org.jboss.modules.define] (ServerService Thread Pool -- 81) Failed to define class io.netty.util.internal.logging.Log4J2Logger in Module "io.netty" version 4.1.29.Final from local module loader @4a194c39 (finder: local module finder @52066604 (roots: C:\jee-as\wildfly-14.0.0.Final\modules,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\db,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\money,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\base)): java.lang.NoClassDefFoundError: Failed to link io/netty/util/internal/logging/Log4J2Logger (Module "io.netty" version 4.1.29.Final from local module loader @4a194c39 (finder: local module finder @52066604 (roots: C:\jee-as\wildfly-14.0.0.Final\modules,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\db,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\money,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\base))): org/apache/logging/log4j/spi/ExtendedLoggerWrapper > at java.base/java.lang.ClassLoader.defineClass1(Native Method) > at java.base/java.lang.ClassLoader.defineClass(Unknown Source) > at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:423) > at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:519) > at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:339) > at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:126) > at org.jboss.modules.Module.loadModuleClass(Module.java:731) > at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247) > at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410) > at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398) > at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116) > at io.netty@4.1.29.Final//io.netty.util.internal.logging.Log4J2LoggerFactory.newInstance(Log4J2LoggerFactory.java:33) > at io.netty@4.1.29.Final//io.netty.util.internal.logging.InternalLoggerFactory.newDefaultFactory(InternalLoggerFactory.java:51) > at io.netty@4.1.29.Final//io.netty.util.internal.logging.InternalLoggerFactory.getDefaultFactory(InternalLoggerFactory.java:67) > at io.netty@4.1.29.Final//io.netty.util.internal.logging.InternalLoggerFactory.getInstance(InternalLoggerFactory.java:93) > at io.netty@4.1.29.Final//io.netty.util.internal.logging.InternalLoggerFactory.getInstance(InternalLoggerFactory.java:86) > at io.netty(a)4.1.29.Final//io.netty.util.ResourceLeakDetector.<clinit>(ResourceLeakDetector.java:94) > at io.netty(a)4.1.29.Final//io.netty.buffer.AbstractByteBufAllocator.<clinit>(AbstractByteBufAllocator.java:34) > at io.netty(a)4.1.29.Final//io.netty.buffer.Unpooled.<clinit>(Unpooled.java:74) > at org.apache.activemq.artemis.journal(a)2.6.3.jbossorg-001//org.apache.activemq.artemis.core.io.buffer.TimedBuffer.<init>(TimedBuffer.java:126) > at org.apache.activemq.artemis.journal(a)2.6.3.jbossorg-001//org.apache.activemq.artemis.core.io.AbstractSequentialFileFactory.<init>(AbstractSequentialFileFactory.java:92) > at org.apache.activemq.artemis.journal(a)2.6.3.jbossorg-001//org.apache.activemq.artemis.core.io.nio.NIOSequentialFileFactory.<init>(NIOSequentialFileFactory.java:77) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.persistence.impl.journal.JournalStorageManager.init(JournalStorageManager.java:143) > at org.apache.activemq.artemis(a)2.6.3.jbossorg-001//org.apache.activemq.artemis.core.persistence.impl.journal.AbstractJournalStorageManager.<init>(AbstractJournalStorageManager.java:229) > at org.apache.activemq.artemis(a)2.6.3.jbossorg-001//org.apache.activemq.artemis.core.persistence.impl.journal.JournalStorageManager.<init>(JournalStorageManager.java:106) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createStorageManager(ActiveMQServerImpl.java:2160) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.initialisePart1(ActiveMQServerImpl.java:2296) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.server.impl.LiveOnlyActivation.run(LiveOnlyActivation.java:64) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.internalStart(ActiveMQServerImpl.java:535) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.start(ActiveMQServerImpl.java:474) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.jms.server.impl.JMSServerManagerImpl.start(JMSServerManagerImpl.java:376) > at org.wildfly.extension.messaging-activemq//org.wildfly.extension.messaging.activemq.jms.JMSService.doStart(JMSService.java:206) > at org.wildfly.extension.messaging-activemq//org.wildfly.extension.messaging.activemq.jms.JMSService.access$000(JMSService.java:65) > at org.wildfly.extension.messaging-activemq//org.wildfly.extension.messaging.activemq.jms.JMSService$1.run(JMSService.java:100) > at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) > at java.base/java.util.concurrent.FutureTask.run(Unknown Source) > at org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.base/java.lang.Thread.run(Unknown Source) > at org.jboss.threads@2.3.2.Final//org.jboss.threads.JBossThread.run(JBossThread.java:485) > {code} > }} -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-10995) update Netty 4.1.25 to 4.1.29

by Ingo Weiss (Jira)

[ https://issues.jboss.org/browse/WFLY-10995?page=com.atlassian.jira.plugin... ] Ingo Weiss updated WFLY-10995: ------------------------------ Labels: downstream_dependency (was: ) > update Netty 4.1.25 to 4.1.29 > ----------------------------- > > Key: WFLY-10995 > URL: https://issues.jboss.org/browse/WFLY-10995 > Project: WildFly > Issue Type: Component Upgrade > Affects Versions: 14.0.0.Final > Reporter: Erik . > Assignee: James Perkins > Priority: Minor > Fix For: 16.0.0.Beta1, 16.0.0.Final > > > There is a long list of closed issues in the past 4 months https://github.com/netty/netty/milestones?state=closed > Updating 4.1.25 to 4.1.29 requires <module name="org.apache.log4j"/> to be added to <dependencies> in modules.xml otherwise you will get failed to define class > {{ > {code:java} > 2018-09-07 20:51:29,111 WARN [org.jboss.modules.define] (ServerService Thread Pool -- 81) Failed to define class io.netty.util.internal.logging.Log4J2Logger in Module "io.netty" version 4.1.29.Final from local module loader @4a194c39 (finder: local module finder @52066604 (roots: C:\jee-as\wildfly-14.0.0.Final\modules,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\db,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\money,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\base)): java.lang.NoClassDefFoundError: Failed to link io/netty/util/internal/logging/Log4J2Logger (Module "io.netty" version 4.1.29.Final from local module loader @4a194c39 (finder: local module finder @52066604 (roots: C:\jee-as\wildfly-14.0.0.Final\modules,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\db,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\money,C:\jee-as\wildfly-14.0.0.Final\modules\system\layers\base))): org/apache/logging/log4j/spi/ExtendedLoggerWrapper > at java.base/java.lang.ClassLoader.defineClass1(Native Method) > at java.base/java.lang.ClassLoader.defineClass(Unknown Source) > at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:423) > at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:519) > at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:339) > at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:126) > at org.jboss.modules.Module.loadModuleClass(Module.java:731) > at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:247) > at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410) > at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398) > at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116) > at io.netty@4.1.29.Final//io.netty.util.internal.logging.Log4J2LoggerFactory.newInstance(Log4J2LoggerFactory.java:33) > at io.netty@4.1.29.Final//io.netty.util.internal.logging.InternalLoggerFactory.newDefaultFactory(InternalLoggerFactory.java:51) > at io.netty@4.1.29.Final//io.netty.util.internal.logging.InternalLoggerFactory.getDefaultFactory(InternalLoggerFactory.java:67) > at io.netty@4.1.29.Final//io.netty.util.internal.logging.InternalLoggerFactory.getInstance(InternalLoggerFactory.java:93) > at io.netty@4.1.29.Final//io.netty.util.internal.logging.InternalLoggerFactory.getInstance(InternalLoggerFactory.java:86) > at io.netty(a)4.1.29.Final//io.netty.util.ResourceLeakDetector.<clinit>(ResourceLeakDetector.java:94) > at io.netty(a)4.1.29.Final//io.netty.buffer.AbstractByteBufAllocator.<clinit>(AbstractByteBufAllocator.java:34) > at io.netty(a)4.1.29.Final//io.netty.buffer.Unpooled.<clinit>(Unpooled.java:74) > at org.apache.activemq.artemis.journal(a)2.6.3.jbossorg-001//org.apache.activemq.artemis.core.io.buffer.TimedBuffer.<init>(TimedBuffer.java:126) > at org.apache.activemq.artemis.journal(a)2.6.3.jbossorg-001//org.apache.activemq.artemis.core.io.AbstractSequentialFileFactory.<init>(AbstractSequentialFileFactory.java:92) > at org.apache.activemq.artemis.journal(a)2.6.3.jbossorg-001//org.apache.activemq.artemis.core.io.nio.NIOSequentialFileFactory.<init>(NIOSequentialFileFactory.java:77) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.persistence.impl.journal.JournalStorageManager.init(JournalStorageManager.java:143) > at org.apache.activemq.artemis(a)2.6.3.jbossorg-001//org.apache.activemq.artemis.core.persistence.impl.journal.AbstractJournalStorageManager.<init>(AbstractJournalStorageManager.java:229) > at org.apache.activemq.artemis(a)2.6.3.jbossorg-001//org.apache.activemq.artemis.core.persistence.impl.journal.JournalStorageManager.<init>(JournalStorageManager.java:106) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.createStorageManager(ActiveMQServerImpl.java:2160) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.initialisePart1(ActiveMQServerImpl.java:2296) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.server.impl.LiveOnlyActivation.run(LiveOnlyActivation.java:64) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.internalStart(ActiveMQServerImpl.java:535) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.start(ActiveMQServerImpl.java:474) > at org.apache.activemq.artemis@2.6.3.jbossorg-001//org.apache.activemq.artemis.jms.server.impl.JMSServerManagerImpl.start(JMSServerManagerImpl.java:376) > at org.wildfly.extension.messaging-activemq//org.wildfly.extension.messaging.activemq.jms.JMSService.doStart(JMSService.java:206) > at org.wildfly.extension.messaging-activemq//org.wildfly.extension.messaging.activemq.jms.JMSService.access$000(JMSService.java:65) > at org.wildfly.extension.messaging-activemq//org.wildfly.extension.messaging.activemq.jms.JMSService$1.run(JMSService.java:100) > at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) > at java.base/java.util.concurrent.FutureTask.run(Unknown Source) > at org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.base/java.lang.Thread.run(Unknown Source) > at org.jboss.threads@2.3.2.Final//org.jboss.threads.JBossThread.run(JBossThread.java:485) > {code} > }} -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFWIP-162) IllegalStateException when TrustManager with SunX509 algorithm and with OCSP

by Jan Stourac (Jira)

[ https://issues.jboss.org/browse/WFWIP-162?page=com.atlassian.jira.plugin.... ] Jan Stourac edited comment on WFWIP-162 at 6/19/19 10:43 AM: ------------------------------------------------------------- Thank you, Martin, for clarification. AFAIK PKIX based TrustManagerFactory should be available on all of our supported platforms so we can probably just document this requirement in our documentation for OCSP. Followup question though - does this affect our current customers who would like to utilize OCSP - e.g. in case they use SunX509 now, is change to PKIX as easy as just change of this value in their configurations? E.g. isn't it necessary to rebuild their key/trust-stores or to perform any other extra steps? If so, we should probably consider to mention such things also in our doc. Hope I don't miss anything else on this if we restrict to PKIX only. [~dlofthouse] JFYI. was (Author: jstourac): Thank you, Martin, for clarification. AFAIK PKIX based TrustManagerFactory should be available on all of our supported platforms so we can probably just document this requirement in our documentation for OCSP. Followup question though - does this affect our current customers who would like to utilize OCSP - e.g. in case they use SunX509 now, is change to PKIX as easy as just change of this value in their configurations? E.g. isn't it necessary to rebuild their key/trust-stores or to perform any other extra steps? If so, we should probably consider to mentions such things also in our doc. Hope I don't miss anything else on this if we restrict to PKIX only. > IllegalStateException when TrustManager with SunX509 algorithm and with OCSP > ---------------------------------------------------------------------------- > > Key: WFWIP-162 > URL: https://issues.jboss.org/browse/WFWIP-162 > Project: WildFly WIP > Issue Type: Bug > Components: Security > Environment: WildFly built with following branches in use: > {code} > https://github.com/nekdozjam/wildfly-elytron/tree/ELY-1617 > https://github.com/nekdozjam/wildfly-core/tree/WFCORE-3947 > {code} > Reporter: Jan Stourac > Assignee: Martin Mazanek > Priority: Major > Attachments: ocsp-truststore.jks > > > I can see an error when I try to create 'trust-manager' with OCSP enabled and SunX509 algorithm specified. When I don't specify SunX509 algorithm, operation succeeds. > Here are noticed error messages: > {code} > { > "outcome" => "failed", > "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.trust-manager.tm" => "Failed to start service > Caused by: java.lang.IllegalStateException: ELY04026: Could not create trust manager [org.wildfly.security.ssl.X509RevocationTrustManager] > Caused by: java.security.InvalidAlgorithmParameterException: SunX509 TrustManagerFactory does not use ManagerFactoryParameters"}}, > "rolled-back" => true > } > {code} > In server.log, there is following text: > {code} > 17:14:48,560 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service org.wildfly.security.trust-manager.tm: org.jboss.msc.service.StartException in service org.wildfly.security.trust-manager.tm: Failed to start service > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1730) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1558) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.lang.IllegalStateException: ELY04026: Could not create trust manager [org.wildfly.security.ssl.X509RevocationTrustManager] > at org.wildfly.security.ssl.X509RevocationTrustManager.<init>(X509RevocationTrustManager.java:108) > at org.wildfly.security.ssl.X509RevocationTrustManager.<init>(X509RevocationTrustManager.java:56) > at org.wildfly.security.ssl.X509RevocationTrustManager$Builder.build(X509RevocationTrustManager.java:293) > at org.wildfly.extension.elytron.SSLDefinitions$2.lambda$createX509RevocationExtendedTrustManager$1(SSLDefinitions.java:732) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1738) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1700) > ... 6 more > Caused by: java.security.InvalidAlgorithmParameterException: SunX509 TrustManagerFactory does not use ManagerFactoryParameters > at sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory.getInstance(TrustManagerFactoryImpl.java:257) > at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:90) > at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:273) > at org.wildfly.security.ssl.X509RevocationTrustManager.<init>(X509RevocationTrustManager.java:98) > ... 12 more > 17:14:48,562 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("trust-manager" => "tm") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.trust-manager.tm" => "Failed to start service > Caused by: java.lang.IllegalStateException: ELY04026: Could not create trust manager [org.wildfly.security.ssl.X509RevocationTrustManager] > Caused by: java.security.InvalidAlgorithmParameterException: SunX509 TrustManagerFactory does not use ManagerFactoryParameters"}} > {code} > I'm attaching kestore file that I used for this. Password is 'weneedthatforjava'. > Note that when I try 'certificate-revocation-list' instead or if I omit 'algorithm' attribute at all, the operation succeeds. -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFWIP-162) IllegalStateException when TrustManager with SunX509 algorithm and with OCSP

by Jan Stourac (Jira)

[ https://issues.jboss.org/browse/WFWIP-162?page=com.atlassian.jira.plugin.... ] Jan Stourac commented on WFWIP-162: ----------------------------------- Thank you, Martin, for clarification. AFAIK PKIX based TrustManagerFactory should be available on all of our supported platforms so we can probably just document this requirement in our documentation for OCSP. Followup question though - does this affect our current customers who would like to utilize OCSP - e.g. in case they use SunX509 now, is change to PKIX as easy as just change of this value in their configurations? E.g. isn't it necessary to rebuild their key/trust-stores or to perform any other extra steps? If so, we should probably consider to mentions such things also in our doc. Hope I don't miss anything else on this if we restrict to PKIX only. > IllegalStateException when TrustManager with SunX509 algorithm and with OCSP > ---------------------------------------------------------------------------- > > Key: WFWIP-162 > URL: https://issues.jboss.org/browse/WFWIP-162 > Project: WildFly WIP > Issue Type: Bug > Components: Security > Environment: WildFly built with following branches in use: > {code} > https://github.com/nekdozjam/wildfly-elytron/tree/ELY-1617 > https://github.com/nekdozjam/wildfly-core/tree/WFCORE-3947 > {code} > Reporter: Jan Stourac > Assignee: Martin Mazanek > Priority: Major > Attachments: ocsp-truststore.jks > > > I can see an error when I try to create 'trust-manager' with OCSP enabled and SunX509 algorithm specified. When I don't specify SunX509 algorithm, operation succeeds. > Here are noticed error messages: > {code} > { > "outcome" => "failed", > "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.trust-manager.tm" => "Failed to start service > Caused by: java.lang.IllegalStateException: ELY04026: Could not create trust manager [org.wildfly.security.ssl.X509RevocationTrustManager] > Caused by: java.security.InvalidAlgorithmParameterException: SunX509 TrustManagerFactory does not use ManagerFactoryParameters"}}, > "rolled-back" => true > } > {code} > In server.log, there is following text: > {code} > 17:14:48,560 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service org.wildfly.security.trust-manager.tm: org.jboss.msc.service.StartException in service org.wildfly.security.trust-manager.tm: Failed to start service > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1730) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1558) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.lang.IllegalStateException: ELY04026: Could not create trust manager [org.wildfly.security.ssl.X509RevocationTrustManager] > at org.wildfly.security.ssl.X509RevocationTrustManager.<init>(X509RevocationTrustManager.java:108) > at org.wildfly.security.ssl.X509RevocationTrustManager.<init>(X509RevocationTrustManager.java:56) > at org.wildfly.security.ssl.X509RevocationTrustManager$Builder.build(X509RevocationTrustManager.java:293) > at org.wildfly.extension.elytron.SSLDefinitions$2.lambda$createX509RevocationExtendedTrustManager$1(SSLDefinitions.java:732) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1738) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1700) > ... 6 more > Caused by: java.security.InvalidAlgorithmParameterException: SunX509 TrustManagerFactory does not use ManagerFactoryParameters > at sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory.getInstance(TrustManagerFactoryImpl.java:257) > at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:90) > at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:273) > at org.wildfly.security.ssl.X509RevocationTrustManager.<init>(X509RevocationTrustManager.java:98) > ... 12 more > 17:14:48,562 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("trust-manager" => "tm") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.trust-manager.tm" => "Failed to start service > Caused by: java.lang.IllegalStateException: ELY04026: Could not create trust manager [org.wildfly.security.ssl.X509RevocationTrustManager] > Caused by: java.security.InvalidAlgorithmParameterException: SunX509 TrustManagerFactory does not use ManagerFactoryParameters"}} > {code} > I'm attaching kestore file that I used for this. Password is 'weneedthatforjava'. > Note that when I try 'certificate-revocation-list' instead or if I omit 'algorithm' attribute at all, the operation succeeds. -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-12032) EJB subsystem doesn't set TCCL when deserializing request

by Ingo Weiss (Jira)

[ https://issues.jboss.org/browse/WFLY-12032?page=com.atlassian.jira.plugin... ] Ingo Weiss updated WFLY-12032: ------------------------------ Labels: downstream_dependency (was: ) > EJB subsystem doesn't set TCCL when deserializing request > ---------------------------------------------------------- > > Key: WFLY-12032 > URL: https://issues.jboss.org/browse/WFLY-12032 > Project: WildFly > Issue Type: Bug > Affects Versions: 16.0.0.Final > Reporter: Tomas Hofman > Priority: Major > Labels: downstream_dependency > Fix For: 17.0.0.Final > > > This is follow up issue for JBEAP-16725, which was resolved with a workaround - javax.rmi was added as a dependency of wildfly.extension.io module. > The root cause is probably inside jboss-modules. > The issue is following: > * a standalone EJB client invokes remote EJB, and passes an object as an argument; > * server (trying to use the remote object) fails with "java.lang.ClassNotFoundException: java.rmi.dgc.Lease" (stacktrace bellow). > If a short delay ({{Thread.sleep(100)}}) is introduced on the server side, before manipulating the remote object, the invocation succeeds. > {code} > java.lang.ClassNotFoundException: java.rmi.dgc.Lease from [Module "org.wildfly.extension.io" version 6.0.12.Final-redhat-00001 from local module loader @6a024a67 (finder: local module finder @7921b0a2 (roots: /tmp/jboss-eap-7.2/modules,/tmp/jboss-eap-7.2/modules/system/layers/base))] (no security manager: RMI class loader disabled) > (default task-2) java.lang.ClassNotFoundException.<init>(ClassNotFoundException.java:97) > (default task-2) sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:396) > (default task-2) sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:186) > (default task-2) java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:637) > (default task-2) java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:264) > (default task-2) sun.rmi.server.MarshalInputStream.resolveClass(MarshalInputStream.java:219) > (default task-2) java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1868) > (default task-2) java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1751) > (default task-2) java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2042) > (default task-2) java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573) > (default task-2) java.io.ObjectInputStream.readObject(ObjectInputStream.java:431) > (default task-2) sun.rmi.transport.DGCImpl_Stub.dirty(DGCImpl_Stub.java:125) > (default task-2) sun.rmi.transport.DGCClient$EndpointEntry.makeDirtyCall(DGCClient.java:382) > (default task-2) sun.rmi.transport.DGCClient$EndpointEntry.registerRefs(DGCClient.java:324) > (default task-2) sun.rmi.transport.DGCClient.registerRefs(DGCClient.java:160) > (default task-2) sun.rmi.transport.LiveRef.read(LiveRef.java:312) > (default task-2) sun.rmi.server.UnicastRef.readExternal(UnicastRef.java:489) > (default task-2) java.rmi.server.RemoteObject.readObject(RemoteObject.java:455) > (default task-2) sun.reflect.NativeMethodAccessorImpl.invoke0(NativeMethodAccessorImpl.java:-2) > (default task-2) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > (default task-2) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > (default task-2) java.lang.reflect.Method.invoke(Method.java:498) > (default task-2) org.jboss.marshalling.reflect.JDKSpecific$SerMethods.callReadObject(JDKSpecific.java:179) > (default task-2) org.jboss.marshalling.reflect.SerializableClass.callReadObject(SerializableClass.java:212) > (default task-2) org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1746) > (default task-2) org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1715) > (default task-2) org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1715) > (default task-2) org.jboss.marshalling.river.RiverUnmarshaller.doReadNewObject(RiverUnmarshaller.java:1395) > (default task-2) org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:272) > (default task-2) org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:205) > (default task-2) org.jboss.marshalling.AbstractObjectInput.readObject(AbstractObjectInput.java:41) > (default task-2) org.jboss.ejb.protocol.remote.EJBServerChannel$RemotingInvocationRequest.getRequestContent(EJBServerChannel.java:813) > (default task-2) org.jboss.as.ejb3.remote.AssociationImpl.receiveInvocationRequest(AssociationImpl.java:130) > (default task-2) org.jboss.ejb.protocol.remote.EJBServerChannel$ReceiverImpl.handleInvocationRequest(EJBServerChannel.java:451) > (default task-2) org.jboss.ejb.protocol.remote.EJBServerChannel$ReceiverImpl.handleMessage(EJBServerChannel.java:189) > (default task-2) org.jboss.remoting3.remote.RemoteConnectionChannel.lambda$handleMessageData$3(RemoteConnectionChannel.java:430) > (default task-2) org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:949) > (default task-2) org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > (default task-2) org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > (default task-2) org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > (default task-2) org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > (default task-2) java.lang.Thread.run(Thread.java:748) > {code} -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-11414) :read-resource operation of jax-rs subsystem doesn't handle all interfaces

by Ingo Weiss (Jira)

[ https://issues.jboss.org/browse/WFLY-11414?page=com.atlassian.jira.plugin... ] Ingo Weiss updated WFLY-11414: ------------------------------ Labels: downstream_dependency (was: ) > :read-resource operation of jax-rs subsystem doesn't handle all interfaces > -------------------------------------------------------------------------- > > Key: WFLY-11414 > URL: https://issues.jboss.org/browse/WFLY-11414 > Project: WildFly > Issue Type: Bug > Components: REST > Reporter: Marek Kopecky > Assignee: Lin Gao > Priority: Major > Labels: downstream_dependency > Fix For: 16.0.0.Beta1, 16.0.0.Final > > > _:read-resource_ operation of jax-rs subsystem doesn't handle interfaces, where end-point path is defined on interface > Steps to reproduce: > # {code:java} > @Path("pure/proxy") > public interface PureProxyApiService { > @Path("test/{a}/{b}") > @GET > String test(@PathParam("a") String a, @PathParam("b") String b); > } > public class PureProxyEndPoint implements PureProxyApiService { > @Override > public String test(@PathParam("a") String a, @PathParam("b") String b) { > return a + b; > } > } > {code} > # _/deployment=DEPLOYMENT_NAME/subsystem=jaxrs:read-resource(recursive,include-runtime)_ > # Output: > {noformat} > "org.resteasy.simple.deployment.PureProxyEndPoint" => { > "resource-class" => "org.resteasy.simple.deployment.PureProxyEndPoint", > "rest-resource-paths" => undefined, > "sub-resource-locators" => undefined > } > {noformat} > # If class has \@Path annotation, _read-resource_ operation works correctly > # {code:java}public interface ProxyApiService { > @Path("test/{a}/{b}") > @GET > String test(@PathParam("a") String a, @PathParam("b") String b); > } > @Path("proxy") > public class ProxyEndPoint implements ProxyApiService { > @Override > public String test(@PathParam("a") String a, @PathParam("b") String b) { > return a + b; > } > } > {code} > # {noformat} "org.resteasy.simple.deployment.ProxyEndPoint" => { > "resource-class" => "org.resteasy.simple.deployment.ProxyEndPoint", > "rest-resource-paths" => [{ > "resource-path" => "proxy/test/{a}/{b}", > "consumes" => undefined, > "produces" => undefined, > "java-method" => "java.lang.String org.resteasy.simple.deployment.ProxyEndPoint.test(@PathParam java.lang.String a, @PathParam java.lang.String b)", > "resource-methods" => ["GET /jaxrs-wf/proxy/test/{a}/{b}"] > }], > "sub-resource-locators" => undefined > } > {noformat} > cc [~gaol] -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-12085) java.net.URISyntaxException: Illegal character in opaque part at index 7: file:C:\Java\jboss\jboss-as\standalone\configuration/logging.properties

by Ingo Weiss (Jira)

[ https://issues.jboss.org/browse/WFLY-12085?page=com.atlassian.jira.plugin... ] Ingo Weiss updated WFLY-12085: ------------------------------ Labels: downstream_dependency (was: ) > java.net.URISyntaxException: Illegal character in opaque part at index 7: file:C:\Java\jboss\jboss-as\standalone\configuration/logging.properties > ------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-12085 > URL: https://issues.jboss.org/browse/WFLY-12085 > Project: WildFly > Issue Type: Bug > Components: JMS > Affects Versions: 17.0.0.Alpha1, 17.0.0.Final > Environment: Red Hat JBoss Enterprise Application Platform > 7.2.1 > Microsoft Windows 10 > Reporter: Emmanuel Hugonnet > Assignee: Emmanuel Hugonnet > Priority: Major > Labels: downstream_dependency > > There seems to be a regression in JBoss EAP 7.2.1 patch. After applying it the following exception can be seen in the server log file during the startup: > {noformat} > 2019-05-13 11:45:11,419 WARN [org.apache.activemq.artemis.core.server] (ServerService Thread Pool -- 78) AMQ222277: Problem initializing automatic logging configuration reload for file:C:\Java\jboss\jboss-as\standalone\configuration/logging.properties: java.net.URISyntaxException: Illegal character in opaque part at index 7: file:C:\Java\jboss\jboss-as\standalone\configuration/logging.properties > at java.net.URI$Parser.fail(URI.java:2848) > at java.net.URI$Parser.checkChars(URI.java:3021) > at java.net.URI$Parser.parse(URI.java:3058) > at java.net.URI.<init>(URI.java:588) > at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.initialisePart1(ActiveMQServerImpl.java:2369) > at org.apache.activemq.artemis.core.server.impl.LiveOnlyActivation.run(LiveOnlyActivation.java:64) > at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.internalStart(ActiveMQServerImpl.java:544) > at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.start(ActiveMQServerImpl.java:481) > at org.apache.activemq.artemis.jms.server.impl.JMSServerManagerImpl.start(JMSServerManagerImpl.java:376) > at org.wildfly.extension.messaging.activemq.jms.JMSService.doStart(JMSService.java:206) > at org.wildfly.extension.messaging.activemq.jms.JMSService.access$000(JMSService.java:65) > at org.wildfly.extension.messaging.activemq.jms.JMSService$1.run(JMSService.java:100) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1349) > at java.lang.Thread.run(Thread.java:748) > at org.jboss.threads.JBossThread.run(JBossThread.java:485) > {noformat} > This issue only affects Microsoft Windows platform. -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1634) LDAPS referrals broken

by Ingo Weiss (Jira)

[ https://issues.jboss.org/browse/ELY-1634?page=com.atlassian.jira.plugin.s... ] Ingo Weiss updated ELY-1634: ---------------------------- Labels: downstream_dependency (was: ) > LDAPS referrals broken > ---------------------- > > Key: ELY-1634 > URL: https://issues.jboss.org/browse/ELY-1634 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Philippe Marschall > Assignee: Darran Lofthouse > Priority: Major > Labels: downstream_dependency > Fix For: 1.6.3.Final, 1.7.0.CR1 > > > We are having trouble getting LDAPS referrals working with an Elytron LDAP realm. The issue is the following stack trace. > {code} > javax.security.sasl.SaslException: ELY05012: Authentication mechanism server-side authentication failed [Caused by org.wildfly.security.auth.server.RealmUnavailableException: ELY01153: Direct LDAP verification failed with DN [redacted] and absolute DN [null]] > at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:121) > at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58) > at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106) > at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59) > at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245) > at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217) > at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:486) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1349) > at java.lang.Thread.run(Thread.java:748) > Caused by: org.wildfly.security.auth.server.RealmUnavailableException: ELY01153: Direct LDAP verification failed with DN [redacted] and absolute DN [null] > at org.wildfly.security.auth.realm.ldap.DirectEvidenceVerifier$1.verifyEvidence(DirectEvidenceVerifier.java:104) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:609) > at org.wildfly.security.auth.realm.AggregateSecurityRealm$Identity.verifyEvidence(AggregateSecurityRealm.java:155) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1977) > at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:759) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:992) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:902) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) > at org.wildfly.security.sasl.util.SSLQueryCallbackHandler.handle(SSLQueryCallbackHandler.java:60) > at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer$0(TrustManagerSaslServerFactory.java:96) > at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:117) > ... 12 more > Caused by: javax.naming.CommunicationException: ldap.acme.com:636 [Root exception is java.lang.ClassNotFoundException: org.wildfly.security.auth.realm.ldap.ThreadLocalSSLSocketFactory from [Module "org.wildfly.extension.io" version 5.0.0.Final from local module loader @7586beff (finder: local module finder @3b69e7d1 (roots: redacted))]] > at com.sun.jndi.ldap.Connection.<init>(Connection.java:226) > at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) > at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) > at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2699) > at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2673) > at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2669) > at org.wildfly.security.auth.realm.ldap.DelegatingLdapContext.reconnect(DelegatingLdapContext.java:181) > at org.wildfly.security.auth.realm.ldap.DirectEvidenceVerifier$1.verifyEvidence(DirectEvidenceVerifier.java:97) > ... 22 more > Caused by: java.lang.ClassNotFoundException: org.wildfly.security.auth.realm.ldap.ThreadLocalSSLSocketFactory from [Module "org.wildfly.extension.io" version 5.0.0.Final from local module loader @7586beff (finder: local module finder @3b69e7d1 (roots: redacted))] > at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:255) > at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410) > at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398) > at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116) > at java.lang.Class.forName0(Native Method) > at java.lang.Class.forName(Class.java:348) > at com.sun.jndi.ldap.VersionHelper12.loadClass(VersionHelper12.java:72) > at com.sun.jndi.ldap.Connection.createSocket(Connection.java:281) > at com.sun.jndi.ldap.Connection.<init>(Connection.java:203) > ... 30 more > {code} > As you can see the Sun/Oracle LDAP classes try to load the class {{org.wildfly.security.auth.realm.ldap.ThreadLocalSSLSocketFactory}} using the TCCL which is the {{org.wildfly.extension.io}} module loader. This will not work as ThreadLocalSSLSocketFactor is in the module {{org.wildfy.security.elytron-private}}. -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFLY-12077) Transaction could not handle remote EJB invocation even if the transaction is not used remote

by Ingo Weiss (Jira)

[ https://issues.jboss.org/browse/WFLY-12077?page=com.atlassian.jira.plugin... ] Ingo Weiss updated WFLY-12077: ------------------------------ Labels: Regression downstream_dependency (was: Regression) > Transaction could not handle remote EJB invocation even if the transaction is not used remote > --------------------------------------------------------------------------------------------- > > Key: WFLY-12077 > URL: https://issues.jboss.org/browse/WFLY-12077 > Project: WildFly > Issue Type: Bug > Components: EJB > Affects Versions: 17.0.0.Alpha1 > Reporter: Wolf-Dieter Fink > Assignee: Tomasz Adamski > Priority: Critical > Labels: Regression, downstream_dependency > Fix For: 18.0.0.Beta1 > > Attachments: reproducer.zip > > > An EJB marked as BMT which start a Tx and invoke a CMT managed Bean annotated with REQUIRES_NEW will fail if the BMT bean will show unexpected Arjuna WARN messages and the Tx seems not finished correctly. > The same works in former releases. > {code} > WARN [com.arjuna.ats.jta] (default task-2) ARJUNA016129: Could not end XA resource Subordinate XAResource at http-remoting://localhost:8180: javax.transaction.xa.XAException: WFTXN0029: The peer threw an XA exception > at org.wildfly.transaction.client.provider.remoting.TransactionClientChannel.setRollbackOnly(TransactionClientChannel.java:167) > at org.wildfly.transaction.client.provider.remoting.RemotingRemoteTransactionPeer$1.end(RemotingRemoteTransactionPeer.java:158) > at org.wildfly.transaction.client.SubordinateXAResource.end(SubordinateXAResource.java:138) > at com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionImple.doEnd(TransactionImple.java:1088) > at com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionImple.endAssociation(TransactionImple.java:1059) > at com.arjuna.ats.internal.jta.resources.arjunacore.XAResourceRecord.endAssociation(XAResourceRecord.java:1286) > at com.arjuna.ats.internal.jta.resources.arjunacore.XAResourceRecord.topLevelAbort(XAResourceRecord.java:313) > at com.arjuna.ats.arjuna.coordinator.BasicAction.doAbort(BasicAction.java:3023) > at com.arjuna.ats.arjuna.coordinator.BasicAction.doAbort(BasicAction.java:3002) > at com.arjuna.ats.arjuna.coordinator.BasicAction.Abort(BasicAction.java:1674) > at com.arjuna.ats.arjuna.coordinator.TwoPhaseCoordinator.cancel(TwoPhaseCoordinator.java:124) > at com.arjuna.ats.arjuna.AtomicAction.abort(AtomicAction.java:186) > at com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionImple.rollbackAndDisassociate(TransactionImple.java:1370) > at com.arjuna.ats.internal.jta.transaction.arjunacore.BaseTransaction.rollback(BaseTransaction.java:143) > at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.rollback(BaseTransactionManagerDelegate.java:134) > at org.wildfly.transaction.client.LocalTransaction.rollbackAndDissociate(LocalTransaction.java:109) > at org.wildfly.transaction.client.ContextTransactionManager.rollback(ContextTransactionManager.java:83) > at org.wildfly.transaction.client.LocalUserTransaction.rollback(LocalUserTransaction.java:58) > at xa.transaction.BeanA.testRemoteCMTxnFailure(BeanA.java:44) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509) > at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:79) > at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:89) > at org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:102) > at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ejb3.tx.EjbBMTInterceptor.handleInvocation(EjbBMTInterceptor.java:103) > at org.jboss.as.ejb3.tx.BMTInterceptor.processInvocation(BMTInterceptor.java:57) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53) > at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509) > at org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:81) > at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438) > at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:618) > at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57) > at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422) > at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53) > at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198) > at org.wildfly.security.auth.server.SecurityIdentity.runAsFunctionEx(SecurityIdentity.java:406) > at org.jboss.as.ejb3.remote.AssociationImpl.invokeWithIdentity(AssociationImpl.java:565) > at org.jboss.as.ejb3.remote.AssociationImpl.invokeMethod(AssociationImpl.java:546) > at org.jboss.as.ejb3.remote.AssociationImpl.lambda$receiveInvocationRequest$0(AssociationImpl.java:197) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348) > at java.lang.Thread.run(Thread.java:748) > Caused by: Remote exception javax.transaction.xa.XAException > Public fields: > errorCode=-4 > at org.wildfly.transaction.client.provider.remoting.TransactionServerChannel.lambda$handleXaTxnRollbackOnly$3(TransactionServerChannel.java:398) > at org.wildfly.security.auth.server.SecurityIdentity.runAsObjIntConsumer(SecurityIdentity.java:381) > at org.wildfly.transaction.client.provider.remoting.TransactionServerChannel.handleXaTxnRollbackOnly(TransactionServerChannel.java:394) > at org.wildfly.transaction.client.provider.remoting.TransactionServerChannel$ReceiverImpl.handleMessage(TransactionServerChannel.java:132) > at org.jboss.remoting3.remote.RemoteConnectionChannel.lambda$handleMessageData$3(RemoteConnectionChannel.java:430) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:942) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) > ... 1 more > {code} -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 10 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira June 2019