[JBoss JIRA] (WFLY-13256) Upgrade bouncycastle to 1.65.0
by Jim Ma (Jira)
[ https://issues.redhat.com/browse/WFLY-13256?page=com.atlassian.jira.plugi... ]
Jim Ma edited comment on WFLY-13256 at 4/10/20 6:01 AM:
--------------------------------------------------------
[~brian.stansberry] [~aabdelsa] I tried fix these failures with adding @FixedMethodOrder for WSTrustTest and it works:
:https://github.com/jimma/wildfly/commit/7fce5a2d10e81e4e7951d1e11eeb4419d1a63607
>From the test execution, if the WSTrustTestCase.testPicketLink() execution is *before *WSTrustTestCase.testBearer() and WSTrustTestCase.testHolderOfKey() , it *fails*. But WSTrustTestCase.test() execution first , it *doesn't* break these two tests. Compare these two tests:
{code:java}
public void test() throws Exception {
Bus bus = BusFactory.newInstance().createBus();
try {
BusFactory.setThreadDefaultBus(bus);
final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
final URL wsdlURL = new URL(serviceURL + "SecurityService?wsdl");
Service service = Service.create(wsdlURL, serviceName);
ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class);
final QName stsServiceName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "SecurityTokenService");
final QName stsPortName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "UT_Port");
URL stsURL = new URL(serviceURL.getProtocol(), serviceURL.getHost(), serviceURL.getPort(), "/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl");
WSTrustTestUtils.setupWsseAndSTSClient(proxy, bus, stsURL.toString(), stsServiceName, stsPortName);
try {
assertEquals("WS-Trust Hello World!", proxy.sayHello());
} catch (Exception e) {
e.printStackTrace();
throw e;
}
} finally {
bus.shutdown(true);
}
}
public void testPicketLink() throws Exception {
Bus bus = BusFactory.newInstance().createBus();
try {
BusFactory.setThreadDefaultBus(bus);
final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
final URL wsdlURL = new URL(serviceURL + "SecurityService?wsdl");
Service service = Service.create(wsdlURL, serviceName);
ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class);
final QName stsServiceName = new QName("urn:picketlink:identity-federation:sts", "PicketLinkSTS");
final QName stsPortName = new QName("urn:picketlink:identity-federation:sts", "PicketLinkSTSPort");
final URL stsURL = new URL(serviceURL.getProtocol(), serviceURL.getHost(), serviceURL.getPort(), "/jaxws-samples-wsse-policy-trustPicketLink-sts/PicketLinkSTS?wsdl");
WSTrustTestUtils.setupWsseAndSTSClient(proxy, bus, stsURL.toString(), stsServiceName, stsPortName);
try {
assertEquals("WS-Trust Hello World!", proxy.sayHello());
} catch (Exception e) {
throw e;
}
} finally {
bus.shutdown(true);
}
}
{code}
(find these lines from
https://github.com/wildfly/wildfly/blob/master/testsuite/integration/ws/s...,
https://github.com/wildfly/wildfly/blob/master/testsuite/integration/ws/s...)
Only STS endpoint is different, and one is CXF's STS service and another one is PicketLink. But the strange thing is PicketLink service is running with http transport instead of https. I still don't get why this will break the following https handshake.
I looked at picketlink code and dependencies. One thing we probably need to check is picketlink 2.5.5.SP12 has a very old xmlsec 1.5.1.Final dependency which doesn't support jdk9+. JDK9 support and adding bouncycastle dependency are after xmlsec 2.1.x. CXF already upgraded to xml sec 2.1.4. Don't know if that's reason CXF STS service works.
was (Author: jim.ma):
[~brian.stansberry] [~aabdelsa] I tried fix these failures with adding @FixedMethodOrder for WSTrustTest and it works:
:https://github.com/jimma/wildfly/commit/7fce5a2d10e81e4e7951d1e11eeb4419d1a63607
>From the test execution, if the WSTrustTestCase.testPicketLink() execution is before WSTrustTestCase.testBearer() and WSTrustTestCase.testHolderOfKey() , it fails. But WSTrustTestCase.test() execution first , it doesn't break these two tests. Compare these two tests:
{code:java}
public void test() throws Exception {
Bus bus = BusFactory.newInstance().createBus();
try {
BusFactory.setThreadDefaultBus(bus);
final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
final URL wsdlURL = new URL(serviceURL + "SecurityService?wsdl");
Service service = Service.create(wsdlURL, serviceName);
ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class);
final QName stsServiceName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "SecurityTokenService");
final QName stsPortName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "UT_Port");
URL stsURL = new URL(serviceURL.getProtocol(), serviceURL.getHost(), serviceURL.getPort(), "/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl");
WSTrustTestUtils.setupWsseAndSTSClient(proxy, bus, stsURL.toString(), stsServiceName, stsPortName);
try {
assertEquals("WS-Trust Hello World!", proxy.sayHello());
} catch (Exception e) {
e.printStackTrace();
throw e;
}
} finally {
bus.shutdown(true);
}
}
public void testPicketLink() throws Exception {
Bus bus = BusFactory.newInstance().createBus();
try {
BusFactory.setThreadDefaultBus(bus);
final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
final URL wsdlURL = new URL(serviceURL + "SecurityService?wsdl");
Service service = Service.create(wsdlURL, serviceName);
ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class);
final QName stsServiceName = new QName("urn:picketlink:identity-federation:sts", "PicketLinkSTS");
final QName stsPortName = new QName("urn:picketlink:identity-federation:sts", "PicketLinkSTSPort");
final URL stsURL = new URL(serviceURL.getProtocol(), serviceURL.getHost(), serviceURL.getPort(), "/jaxws-samples-wsse-policy-trustPicketLink-sts/PicketLinkSTS?wsdl");
WSTrustTestUtils.setupWsseAndSTSClient(proxy, bus, stsURL.toString(), stsServiceName, stsPortName);
try {
assertEquals("WS-Trust Hello World!", proxy.sayHello());
} catch (Exception e) {
throw e;
}
} finally {
bus.shutdown(true);
}
}
{code}
(find these lines from
https://github.com/wildfly/wildfly/blob/master/testsuite/integration/ws/s...,
https://github.com/wildfly/wildfly/blob/master/testsuite/integration/ws/s...)
Only STS endpoint is different, and one is CXF's STS service and another one is picketLink. But the string thing is picketLink service is running with http transport instead of https. I still don't get why this will break the following https handshake.
I looked at picketlink code and dependencies. One thing we probably need to check is picketlink-federation has a very old xmlsec 1.5.1.Final dependency which doesn't support jdk9+. JDK9 support and adding bouncycastle dependency are after xmlsec 2.1.x. CXF already upgraded to xml sec 2.1.4. Don't know if that's reason CXF STS service works.
> Upgrade bouncycastle to 1.65.0
> ------------------------------
>
> Key: WFLY-13256
> URL: https://issues.redhat.com/browse/WFLY-13256
> Project: WildFly
> Issue Type: Component Upgrade
> Components: Build System, Server
> Reporter: Bartosz Spyrko-Smietanko
> Assignee: Brian Stansberry
> Priority: Blocker
> Labels: downstream_dependency
> Fix For: 20.0.0.Beta1
>
> Attachments: handshake-error.log, handshake-success.log
>
>
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 6 months
[JBoss JIRA] (WFLY-13256) Upgrade bouncycastle to 1.65.0
by Jim Ma (Jira)
[ https://issues.redhat.com/browse/WFLY-13256?page=com.atlassian.jira.plugi... ]
Jim Ma commented on WFLY-13256:
-------------------------------
[~brian.stansberry] [~aabdelsa] I tried fix these failures with adding @FixedMethodOrder for WSTrustTest and it works:
:https://github.com/jimma/wildfly/commit/7fce5a2d10e81e4e7951d1e11eeb4419d1a63607
>From the test execution, if the WSTrustTestCase.testPicketLink() execution is before WSTrustTestCase.testBearer() and WSTrustTestCase.testHolderOfKey() , it fails. But WSTrustTestCase.test() execution first , it doesn't break these two tests. Compare these two tests:
{code:java}
public void test() throws Exception {
Bus bus = BusFactory.newInstance().createBus();
try {
BusFactory.setThreadDefaultBus(bus);
final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
final URL wsdlURL = new URL(serviceURL + "SecurityService?wsdl");
Service service = Service.create(wsdlURL, serviceName);
ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class);
final QName stsServiceName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "SecurityTokenService");
final QName stsPortName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "UT_Port");
URL stsURL = new URL(serviceURL.getProtocol(), serviceURL.getHost(), serviceURL.getPort(), "/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl");
WSTrustTestUtils.setupWsseAndSTSClient(proxy, bus, stsURL.toString(), stsServiceName, stsPortName);
try {
assertEquals("WS-Trust Hello World!", proxy.sayHello());
} catch (Exception e) {
e.printStackTrace();
throw e;
}
} finally {
bus.shutdown(true);
}
}
public void testPicketLink() throws Exception {
Bus bus = BusFactory.newInstance().createBus();
try {
BusFactory.setThreadDefaultBus(bus);
final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
final URL wsdlURL = new URL(serviceURL + "SecurityService?wsdl");
Service service = Service.create(wsdlURL, serviceName);
ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class);
final QName stsServiceName = new QName("urn:picketlink:identity-federation:sts", "PicketLinkSTS");
final QName stsPortName = new QName("urn:picketlink:identity-federation:sts", "PicketLinkSTSPort");
final URL stsURL = new URL(serviceURL.getProtocol(), serviceURL.getHost(), serviceURL.getPort(), "/jaxws-samples-wsse-policy-trustPicketLink-sts/PicketLinkSTS?wsdl");
WSTrustTestUtils.setupWsseAndSTSClient(proxy, bus, stsURL.toString(), stsServiceName, stsPortName);
try {
assertEquals("WS-Trust Hello World!", proxy.sayHello());
} catch (Exception e) {
throw e;
}
} finally {
bus.shutdown(true);
}
}
{code}
(find these lines from
https://github.com/wildfly/wildfly/blob/master/testsuite/integration/ws/s...,
https://github.com/wildfly/wildfly/blob/master/testsuite/integration/ws/s...)
Only STS endpoint is different, and one is CXF's STS service and another one is picketLink. But the string thing is picketLink service is running with http transport instead of https. I still don't get why this will break the following https handshake.
I looked at picketlink code and dependencies. One thing we probably need to check is picketlink-federation has a very old xmlsec 1.5.1.Final dependency which doesn't support jdk9+. JDK9 support and adding bouncycastle dependency are after xmlsec 2.1.x. CXF already upgraded to xml sec 2.1.4. Don't know if that's reason CXF STS service works.
> Upgrade bouncycastle to 1.65.0
> ------------------------------
>
> Key: WFLY-13256
> URL: https://issues.redhat.com/browse/WFLY-13256
> Project: WildFly
> Issue Type: Component Upgrade
> Components: Build System, Server
> Reporter: Bartosz Spyrko-Smietanko
> Assignee: Brian Stansberry
> Priority: Blocker
> Labels: downstream_dependency
> Fix For: 20.0.0.Beta1
>
> Attachments: handshake-error.log, handshake-success.log
>
>
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 6 months
[JBoss JIRA] (DROOLS-5139) [DMN Designer] Decision Navigator does not update Diagram name
by Yeser Amer (Jira)
[ https://issues.redhat.com/browse/DROOLS-5139?page=com.atlassian.jira.plug... ]
Yeser Amer updated DROOLS-5139:
-------------------------------
Sprint: (was: 2020 Week 13-15 (from Mar 23))
> [DMN Designer] Decision Navigator does not update Diagram name
> --------------------------------------------------------------
>
> Key: DROOLS-5139
> URL: https://issues.redhat.com/browse/DROOLS-5139
> Project: Drools
> Issue Type: Bug
> Components: DMN Editor
> Affects Versions: 7.34.0.Final
> Reporter: Michael Anstis
> Assignee: Yeser Amer
> Priority: Major
> Labels: drools-tools
>
> Following changes for https://issues.redhat.com/browse/DROOLS-5137 it became evident that the Decision Navigator does not show updated Diagram names.
> This pre-exists DROOLS-5137 and DROOLS-5060 (i.e. it is not a regression), so this new JIRA has been created.
> * Create a new DMN Diagram
> * Expand Decision Navigator
> * Expand Properties Panel
> * Select _background_ i.e. _diagram_
> * Change name in Properties Panel
> * Decision Navigator does not update
> * Saving, closing and re-opening diagram shows updated name
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 6 months
[JBoss JIRA] (WFCORE-4916) Unclear attribute name completion for LIST type
by Chao Wang (Jira)
Chao Wang created WFCORE-4916:
---------------------------------
Summary: Unclear attribute name completion for LIST type
Key: WFCORE-4916
URL: https://issues.redhat.com/browse/WFCORE-4916
Project: WildFly Core
Issue Type: Bug
Components: CLI
Affects Versions: 12.0.0.Beta1
Reporter: Chao Wang
Assignee: Jean Francois Denise
Following discussion in WFCORE-4908. There is a completion of "[" for LIST type attribute name after hitting tab, for example:
{code}
[domain@localhost:9990 /] /host=master/server-config=server-one/jvm=default:write-attribute(name=jvm-options
{code}
added here https://github.com/wildfly/wildfly-core/blob/12.0.0.Beta1/cli/src/main/ja...
It seems to me that misleads to the wrong syntax as described in WFCORE-4908.
{code}
[domain@localhost:9990 /] /host=master/server-config=server-one/jvm=default:write-attribute(name=jvm-options[...
{code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 6 months
[JBoss JIRA] (WFLY-13259) Memory leak in Hibernate pending-puts cache when L2 cache is enabled
by Scott Marlow (Jira)
[ https://issues.redhat.com/browse/WFLY-13259?page=com.atlassian.jira.plugi... ]
Scott Marlow commented on WFLY-13259:
-------------------------------------
[~spotra]
Please see previous two comments from [~gbadner].
In summary, I think that you could try to disable caching on the entity that is leaking.
Or, you could try the mentioned JPA hints or change cache mode (via Hibernate ORM native API Session.setCacheMode(CacheMode.IGNORE), during the long operation that deals with the folders.
[~gbadner] please comment if you have anything to add or correct in my comment. Thanks! I changed this jira to an "Enhancement".
> Memory leak in Hibernate pending-puts cache when L2 cache is enabled
> --------------------------------------------------------------------
>
> Key: WFLY-13259
> URL: https://issues.redhat.com/browse/WFLY-13259
> Project: WildFly
> Issue Type: Enhancement
> Components: JPA / Hibernate
> Affects Versions: 18.0.1.Final, 19.0.0.Final
> Reporter: Sorin Potra
> Assignee: Scott Marlow
> Priority: Optional
> Attachments: PathToGCRoots_strong_refs.PNG, afterOOM.hprof.zip, beforeOOM.hprof.zip, pending-puts-leak.PNG, simple-hibernate-war-client.zip, simple-hibernate-war-client.zip.2020-03-25, simple-hibernate-war.war, simple-hibernate-war.war.2020-03-25, simple-hibernate-war.zip, simple-hibernate-war.zip.2020-03-25
>
>
> Under certain conditions, described below, WildFly / Hibernate can leak memory into the pending-puts cache eventually causing an OutOfMemoryError. Attached you can find a web application and a standalone client that can be used to reproduce the problem. The web app defines two entities: a Parent and a Child. There is a bidirectional one-to-many relationship between the Parent and the Child. JPA L2 cache is enabled (Infinispan is the cache provider).
> Repeatedly executing a transaction that creates a new Child and adds it to the list of children in the Parent will cause the memory usage to increase steadily until OOM is encountered. If the execution of these transactions is stopped before reaching OOM, the memory will be reclaimed after a few minutes of inactivity.
> Attached you can find the following:
> - simple-hibernate-war.war - the web app that can be deployed in WildFly to reproduce the issue.
> - simple-hibernate-war.zip - the source code for the above web app. The servlet that is invoked by the client to create and persist a new Child is com.microfocus.sa.web.AddChildServlet
> - simple-hibernate-war-client.zip - the standalone client that can be used to invoke the AddChildServlet. After unzipping the archive, the client can be run with the following command from the client folder:
>
> java -cp bin com.microfocus.sa.client.AddChildClient
>
> If you need to run the client multiple times, you have to restart WildFly in between the runs, to start from a fresh state (the web app uses the h2 in memory databasewhich is reset at each restart).
> - pending-puts-leak.PNG - a screeshot from Memory Analyzer showing a leaked SessionImpl instance
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 6 months
[JBoss JIRA] (WFLY-13259) Memory leak in Hibernate pending-puts cache when L2 cache is enabled
by Scott Marlow (Jira)
[ https://issues.redhat.com/browse/WFLY-13259?page=com.atlassian.jira.plugi... ]
Scott Marlow updated WFLY-13259:
--------------------------------
Priority: Optional (was: Critical)
> Memory leak in Hibernate pending-puts cache when L2 cache is enabled
> --------------------------------------------------------------------
>
> Key: WFLY-13259
> URL: https://issues.redhat.com/browse/WFLY-13259
> Project: WildFly
> Issue Type: Enhancement
> Components: JPA / Hibernate
> Affects Versions: 18.0.1.Final, 19.0.0.Final
> Reporter: Sorin Potra
> Assignee: Scott Marlow
> Priority: Optional
> Attachments: PathToGCRoots_strong_refs.PNG, afterOOM.hprof.zip, beforeOOM.hprof.zip, pending-puts-leak.PNG, simple-hibernate-war-client.zip, simple-hibernate-war-client.zip.2020-03-25, simple-hibernate-war.war, simple-hibernate-war.war.2020-03-25, simple-hibernate-war.zip, simple-hibernate-war.zip.2020-03-25
>
>
> Under certain conditions, described below, WildFly / Hibernate can leak memory into the pending-puts cache eventually causing an OutOfMemoryError. Attached you can find a web application and a standalone client that can be used to reproduce the problem. The web app defines two entities: a Parent and a Child. There is a bidirectional one-to-many relationship between the Parent and the Child. JPA L2 cache is enabled (Infinispan is the cache provider).
> Repeatedly executing a transaction that creates a new Child and adds it to the list of children in the Parent will cause the memory usage to increase steadily until OOM is encountered. If the execution of these transactions is stopped before reaching OOM, the memory will be reclaimed after a few minutes of inactivity.
> Attached you can find the following:
> - simple-hibernate-war.war - the web app that can be deployed in WildFly to reproduce the issue.
> - simple-hibernate-war.zip - the source code for the above web app. The servlet that is invoked by the client to create and persist a new Child is com.microfocus.sa.web.AddChildServlet
> - simple-hibernate-war-client.zip - the standalone client that can be used to invoke the AddChildServlet. After unzipping the archive, the client can be run with the following command from the client folder:
>
> java -cp bin com.microfocus.sa.client.AddChildClient
>
> If you need to run the client multiple times, you have to restart WildFly in between the runs, to start from a fresh state (the web app uses the h2 in memory databasewhich is reset at each restart).
> - pending-puts-leak.PNG - a screeshot from Memory Analyzer showing a leaked SessionImpl instance
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 6 months