[JBoss JIRA] (WFLY-12329) ManagedScheduledExecutorService should be only available after server is ready
by Eduardo Martins (Jira)
[ https://issues.jboss.org/browse/WFLY-12329?page=com.atlassian.jira.plugin... ]
Eduardo Martins commented on WFLY-12329:
----------------------------------------
hi [~nimo22], can you please clarify what behaviour you expected?
Please note that from the spec point of view, the container should free apps from:
# creating, starting, stopping or destroying executors (you are actually forbidden to use API lifecycle related methods)
# setup correct execution/thread context (class loader, security, Jndi, etc)
That's really the "managed by JEE", and the illegal state exception is considered in spec for non running container states, preventing any container trouble while task executes.
> ManagedScheduledExecutorService should be only available after server is ready
> ------------------------------------------------------------------------------
>
> Key: WFLY-12329
> URL: https://issues.jboss.org/browse/WFLY-12329
> Project: WildFly
> Issue Type: Bug
> Components: Concurrency Utilities
> Affects Versions: 17.0.1.Final
> Reporter: nimo stephan
> Assignee: Eduardo Martins
> Priority: Major
>
> I use a *ManagedScheduledExecutorService* to execute tasks periodically:
> {code:java}
> @Startup
> @Singleton
> public class TaskScheduler {
> @Resource
> ManagedScheduledExecutorService executorService;
> @PostConstruct
> public void init() {
> executorService.scheduleAtFixedRate(this::task, 0, 5, TimeUnit.SECONDS);
> }
> public void task() {
> System.out.println("long running task:" + LocalTime.now());
> }
> }
> {code}
> Wildfly throws a few exceptions as long as server is not fully initiated and in "suspend"-mode:
> {code:java}
> 12:44:12,715 ERROR [org.jboss.as.ee] (EE-ManagedScheduledExecutorService-default-Thread-3) WFLYEE0110: Failed to run scheduled task: java.lang.IllegalStateException: WFLYEE0111: Cannot run scheduled task my.Task$$Lambda$1041/0x000000080240a040@5ee966ec as container is suspended
> at org.jboss.as.ee@17.0.1.Final//org.jboss.as.ee.concurrent.ControlPointUtils$ControlledScheduledRunnable.run(ControlPointUtils.java:164)
> at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
> at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
> at org.glassfish.javax.enterprise.concurrent//org.glassfish.enterprise.concurrent.internal.ManagedScheduledThreadPoolExecutor$ManagedScheduledFutureTask.access$201(ManagedScheduledThreadPoolExecutor.java:383)
> at org.glassfish.javax.enterprise.concurrent//org.glassfish.enterprise.concurrent.internal.ManagedScheduledThreadPoolExecutor$ManagedScheduledFutureTask.run(ManagedScheduledThreadPoolExecutor.java:534)
> at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:835)
> at org.glassfish.javax.enterprise.concurrent//org.glassfish.enterprise.concurrent.ManagedThreadFactoryImpl$ManagedThread.run(ManagedThreadFactoryImpl.java:250)
> {code}
> I use _ManagedScheduledExecutorService_ instead of _ScheduledExecutorService_ in JEE because, *ManagedScheduledExecutorService* should be managed by JEE. Hence, the server should also manage and guarantee not to fire the executorService until the server is ready (and EJBs are available).
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
6 years, 10 months
[JBoss JIRA] (WFCORE-4585) Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFCORE-4585?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-4585:
-------------------------------------
Workaround Description:
In host.xml configure a 'secure-interface' and 'secure-port' on the management http interface
{code}<socket interface="localonly" secure-interface="management" port="${jboss.management.http.port:9990}" secure-port="${jboss.management.https.port:9993}"/>
{code}
Assuming you don't want to expose the HTTP port externally, create a separate interface that's bound to localhost. For example if you use 192.168.100.10 for your 'management' interface, in host.xml"
{code}
<interfaces>
<interface name="localonly">
<inet-address value="127.0.0.1"/>
</interface>
<interface name="management">
<inet-address value="192.168.100.10"/>
</interface>
{code}
> Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
> ---------------------------------------------------------------------------------------
>
> Key: WFCORE-4585
> URL: https://issues.jboss.org/browse/WFCORE-4585
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Environment: tried in Linux version RHEL 7.2
> Reporter: Tarak A
> Assignee: Jaikiran Pai
> Priority: Major
> Fix For: 10.0.0.Beta2
>
>
> Hi Team,
> We need your suggestion to fix SSL configuration issue in legacy security-realm in ManagementRealm on host.xml, and it is causing not to start master node with legacy SSL settings in Wildfly 17.0.1 Final version. Below are the example setting we used to configure,same settings working in Wildfly 15.0.1.
> SSL
> <security-realm name="ManagementRealm">
> <server-identities>
> <ssl>
> <keystore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="keystore_password" alias="server" key-password="key_password" />
> </ssl>
> </server-identities>
> <authentication>
> <truststore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="truststore_password" />
> <local default-user="$local"/>
> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
> </authentication>
> </security-realm>
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
6 years, 10 months
[JBoss JIRA] (WFCORE-4585) Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFCORE-4585?page=com.atlassian.jira.plugi... ]
Brian Stansberry commented on WFCORE-4585:
------------------------------------------
WFCORE-4585 is the same underlying problem as WFCORE-4560, although it is more focused on domain mode. Same fix though.
> Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
> ---------------------------------------------------------------------------------------
>
> Key: WFCORE-4585
> URL: https://issues.jboss.org/browse/WFCORE-4585
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Environment: tried in Linux version RHEL 7.2
> Reporter: Tarak A
> Priority: Major
> Fix For: 10.0.0.Beta2
>
>
> Hi Team,
> We need your suggestion to fix SSL configuration issue in legacy security-realm in ManagementRealm on host.xml, and it is causing not to start master node with legacy SSL settings in Wildfly 17.0.1 Final version. Below are the example setting we used to configure,same settings working in Wildfly 15.0.1.
> SSL
> <security-realm name="ManagementRealm">
> <server-identities>
> <ssl>
> <keystore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="keystore_password" alias="server" key-password="key_password" />
> </ssl>
> </server-identities>
> <authentication>
> <truststore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="truststore_password" />
> <local default-user="$local"/>
> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
> </authentication>
> </security-realm>
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
6 years, 10 months
[JBoss JIRA] (WFCORE-4585) Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFCORE-4585?page=com.atlassian.jira.plugi... ]
Brian Stansberry resolved WFCORE-4585.
--------------------------------------
Fix Version/s: 10.0.0.Beta2
Assignee: Jaikiran Pai
Resolution: Duplicate Issue
> Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
> ---------------------------------------------------------------------------------------
>
> Key: WFCORE-4585
> URL: https://issues.jboss.org/browse/WFCORE-4585
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Environment: tried in Linux version RHEL 7.2
> Reporter: Tarak A
> Assignee: Jaikiran Pai
> Priority: Major
> Fix For: 10.0.0.Beta2
>
>
> Hi Team,
> We need your suggestion to fix SSL configuration issue in legacy security-realm in ManagementRealm on host.xml, and it is causing not to start master node with legacy SSL settings in Wildfly 17.0.1 Final version. Below are the example setting we used to configure,same settings working in Wildfly 15.0.1.
> SSL
> <security-realm name="ManagementRealm">
> <server-identities>
> <ssl>
> <keystore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="keystore_password" alias="server" key-password="key_password" />
> </ssl>
> </server-identities>
> <authentication>
> <truststore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="truststore_password" />
> <local default-user="$local"/>
> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
> </authentication>
> </security-realm>
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
6 years, 10 months
[JBoss JIRA] (WFCORE-4585) Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFCORE-4585?page=com.atlassian.jira.plugi... ]
Brian Stansberry reopened WFCORE-4585:
--------------------------------------
> Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
> ---------------------------------------------------------------------------------------
>
> Key: WFCORE-4585
> URL: https://issues.jboss.org/browse/WFCORE-4585
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Environment: tried in Linux version RHEL 7.2
> Reporter: Tarak A
> Priority: Major
>
> Hi Team,
> We need your suggestion to fix SSL configuration issue in legacy security-realm in ManagementRealm on host.xml, and it is causing not to start master node with legacy SSL settings in Wildfly 17.0.1 Final version. Below are the example setting we used to configure,same settings working in Wildfly 15.0.1.
> SSL
> <security-realm name="ManagementRealm">
> <server-identities>
> <ssl>
> <keystore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="keystore_password" alias="server" key-password="key_password" />
> </ssl>
> </server-identities>
> <authentication>
> <truststore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="truststore_password" />
> <local default-user="$local"/>
> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
> </authentication>
> </security-realm>
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
6 years, 10 months
[JBoss JIRA] (WFCORE-4582) Cannot create user with underscores in the name
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/WFCORE-4582?page=com.atlassian.jira.plugi... ]
Darran Lofthouse commented on WFCORE-4582:
------------------------------------------
[~brian.stansberry] TBH would not have an issue going all the way to bug IF confirmed the fix works with both HTTP Digest and SASL DIGEST_MD5 authentication.
> Cannot create user with underscores in the name
> -----------------------------------------------
>
> Key: WFCORE-4582
> URL: https://issues.jboss.org/browse/WFCORE-4582
> Project: WildFly Core
> Issue Type: Enhancement
> Affects Versions: 10.0.0.Beta2
> Reporter: Thorsten Heit
> Assignee: Jeff Mesnil
> Priority: Minor
>
> On a fresh a Wildfly install (tested on 11.0.0.Final and 17.0.0.Final) I cannot create application users with underscores in the user name:
> {noformat}
> C:\Users\thorsten\bin\wildfly-11.0.0.Final\bin>add-user
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by __redirected.__SAXParserFactory (file:/C:/Users/thorsten/bin/wildfly-11.0.0.Final/jboss-modules.jar) to c
> onstructor com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl()
> WARNING: Please consider reporting this to the maintainers of __redirected.__SAXParserFactory
> WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
> WARNING: All illegal access operations will be denied in a future release
> What type of user do you wish to add?
> a) Management User (mgmt-users.properties)
> b) Application User (application-users.properties)
> (a): b
> Enter the details of the new user to add.
> Using realm 'ApplicationRealm' as discovered from the existing property files.
> Username : user_name
> * Error *
> WFLYDM0028: Username must be alphanumeric with the exception of the following accepted symbols (",", "-", ".", "/", "=", "@", "\")
> Username (user_name) :
> {noformat}
> We use basic authentification to restrict access to our applications, and expect usernames in the format {{<prefix>\_<suffix>}} with {{<prefix>}} being a sequence of plain letters (a-z), followed by an underscore ("\_") and a number as {{<suffix>}}.
> This is possible with WebSphere and even Tomcat, but actually not in Wildfly.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
6 years, 10 months
[JBoss JIRA] (WFCORE-4585) Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
by Tarak A (Jira)
[ https://issues.jboss.org/browse/WFCORE-4585?page=com.atlassian.jira.plugi... ]
Tarak A resolved WFCORE-4585.
-----------------------------
Release Notes Text: Resolved after enabling both HTTP and HTTPS ports in management-interfaces in host.xml file as per https://developer.jboss.org/message/990393#990393
Resolution: Done
> Not working configured SSL using legacy security-realm in ManagementRealm on host.xml
> ---------------------------------------------------------------------------------------
>
> Key: WFCORE-4585
> URL: https://issues.jboss.org/browse/WFCORE-4585
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Environment: tried in Linux version RHEL 7.2
> Reporter: Tarak A
> Priority: Major
>
> Hi Team,
> We need your suggestion to fix SSL configuration issue in legacy security-realm in ManagementRealm on host.xml, and it is causing not to start master node with legacy SSL settings in Wildfly 17.0.1 Final version. Below are the example setting we used to configure,same settings working in Wildfly 15.0.1.
> SSL
> <security-realm name="ManagementRealm">
> <server-identities>
> <ssl>
> <keystore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="keystore_password" alias="server" key-password="key_password" />
> </ssl>
> </server-identities>
> <authentication>
> <truststore path="server.jks" relative-to="jboss.server.config.dir" keystore-password="truststore_password" />
> <local default-user="$local"/>
> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
> </authentication>
> </security-realm>
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
6 years, 10 months
[JBoss JIRA] (WFCORE-4582) Cannot create user with underscores in the name
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFCORE-4582?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-4582:
-------------------------------------
Issue Type: Enhancement (was: Feature Request)
[~dlofthouse] [~jmesnil] This sounds more like an Enhancement than a Feature. Please switch it back to feature if you disagree.
I mention this because the process for adding a Feature to WildFly is considerably more involved.
> Cannot create user with underscores in the name
> -----------------------------------------------
>
> Key: WFCORE-4582
> URL: https://issues.jboss.org/browse/WFCORE-4582
> Project: WildFly Core
> Issue Type: Enhancement
> Affects Versions: 10.0.0.Beta2
> Reporter: Thorsten Heit
> Assignee: Jeff Mesnil
> Priority: Minor
>
> On a fresh a Wildfly install (tested on 11.0.0.Final and 17.0.0.Final) I cannot create application users with underscores in the user name:
> {noformat}
> C:\Users\thorsten\bin\wildfly-11.0.0.Final\bin>add-user
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by __redirected.__SAXParserFactory (file:/C:/Users/thorsten/bin/wildfly-11.0.0.Final/jboss-modules.jar) to c
> onstructor com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl()
> WARNING: Please consider reporting this to the maintainers of __redirected.__SAXParserFactory
> WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
> WARNING: All illegal access operations will be denied in a future release
> What type of user do you wish to add?
> a) Management User (mgmt-users.properties)
> b) Application User (application-users.properties)
> (a): b
> Enter the details of the new user to add.
> Using realm 'ApplicationRealm' as discovered from the existing property files.
> Username : user_name
> * Error *
> WFLYDM0028: Username must be alphanumeric with the exception of the following accepted symbols (",", "-", ".", "/", "=", "@", "\")
> Username (user_name) :
> {noformat}
> We use basic authentification to restrict access to our applications, and expect usernames in the format {{<prefix>\_<suffix>}} with {{<prefix>}} being a sequence of plain letters (a-z), followed by an underscore ("\_") and a number as {{<suffix>}}.
> This is possible with WebSphere and even Tomcat, but actually not in Wildfly.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
6 years, 10 months
[JBoss JIRA] (WFCORE-4291) Restore legacy (not "graceful") startup mode
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFCORE-4291?page=com.atlassian.jira.plugi... ]
Brian Stansberry commented on WFCORE-4291:
------------------------------------------
[~bmaxwell] My expectation is this will re-introduce the same problems that the 'graceful startup' fixed. I regard this as a request to let users deal with those problems. which, TBH, I don't mind doing; people have the right to decide whether that is acceptable. And, with mod_cluster it is possible to prevent external requests while stuff having app A invoke app B over localhost:8080, or any IP on which the server is directly listening.
If there's an elegant way to limit requests and make an HTTP-equivalent to a local EJB call, great. But I suspect attempts at that will be buggy or hard to maintain or lead to requests for more exceptions. And simply letting the request get through undertow subsystem checks doesn't mean other parts of the server won't react negatively; see my "Pros of a)" section in the wildfly-dev thread. So, I'm not really inclined to try and solve the race problems.
> Restore legacy (not "graceful") startup mode
> --------------------------------------------
>
> Key: WFCORE-4291
> URL: https://issues.jboss.org/browse/WFCORE-4291
> Project: WildFly Core
> Issue Type: Feature Request
> Components: Management
> Reporter: Vladimir Grabarchuk
> Assignee: Brian Stansberry
> Priority: Major
>
> Please allow a configurable legacy startup mode which was the default before WF11, when components can service HTTP requests as soon as they are deployed, not when the container deploys all components.
> The use case for this is the following: there is a configuration service component upon which other components depend for configuration data, requested and served via a HTTP request. With the new "graceful startup" this scenario no longer seems possible, as it results in read timeouts, mis-configured artifacts, and failed deployments altogether.
> If generally feasible, another value of the *--start-mode=legacy* seems appropriate to accommodate the original (legacy) behavior.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
6 years, 10 months