[JBoss JIRA] (WFLY-13319) Wildfly 19 MP-JWT & EJB Integration
by Darran Lofthouse (Jira)
[ https://issues.redhat.com/browse/WFLY-13319?page=com.atlassian.jira.plugi... ]
Darran Lofthouse updated WFLY-13319:
------------------------------------
Issue Type: Feature Request (was: Bug)
> Wildfly 19 MP-JWT & EJB Integration
> -----------------------------------
>
> Key: WFLY-13319
> URL: https://issues.redhat.com/browse/WFLY-13319
> Project: WildFly
> Issue Type: Feature Request
> Components: MP JWT, Test Suite
> Affects Versions: 19.0.0.Final
> Reporter: Radu Cimpean
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 20.0.0.Beta1
>
> Attachments: server-cli.txt, web.xml
>
>
> ===Previous configuration & situation===
> As written https://groups.google.com/forum/#!topic/wildfly/L1BxATschCU,
> We were running wildfly 18 and used jwt for securing the application. We did this via a series of cli commands (see server-cli.txt) to configure the server, as well as referencing the created domains in the web.xml.
> Under jboss-web.xml we are referencing the "ejb-domain" created in the CLIs. The web.xml (see attachments) protects the resource wit the role referenced in the CLIs (role present in the token)
> All our jax-rs resources are annotated with @Stateless and are calling EJBs which in turn are @Statless and declare allowed roles.
> ===Current situation===
> We've upgraded to wildfly 19 in hopes of using microprofile jwt. To do this, we've annotated the Application class with
> @LoginConfig(authMethod = "MP-JWT", realmName = "MP-JWT-REALM"), removed the login-config from the web.xml, and removed the security-domain from jboss-web.xml (since otherwise I would receive an error: ELY01148: A SecurityDomain has already been associated with the specified ClassLoader").
> After also removing the security-constraint tag from the web.xml I was able to get to the resource and noticed that the JWTToken was properly injected (all claims and entries are there), and the SecurityContext injected in the resource also contained the jwt specific values. From what I can tell, in the context of the jax-rs classloader, I am authenticated.
> I would, however, always receive a "Invocation on method... is not allowed" the second the resource would try calling a bean, even if the role matched. Upon checking the logs, and what the injected SessionContext contained, I noticed the principal was anonymous and had no roles allowed.
> I therefore believe that the credentials are somehow not being properly passed.
> Is there a documented way of properly integrating jax-rs&ejb with microprofile jwt?
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years
[JBoss JIRA] (DROOLS-5253) [DMN Designer] Copied node should be distinguished from original one
by Valentino Pellegrino (Jira)
[ https://issues.redhat.com/browse/DROOLS-5253?page=com.atlassian.jira.plug... ]
Valentino Pellegrino updated DROOLS-5253:
-----------------------------------------
Tester: Anna Dupliak (was: Jozef Marko)
> [DMN Designer] Copied node should be distinguished from original one
> --------------------------------------------------------------------
>
> Key: DROOLS-5253
> URL: https://issues.redhat.com/browse/DROOLS-5253
> Project: Drools
> Issue Type: Bug
> Components: DMN Editor
> Affects Versions: 7.37.0.Final
> Reporter: Jozef Marko
> Assignee: Valentino Pellegrino
> Priority: Minor
> Labels: drools-tools
>
> If user copy a DMN diagram node, the copy has exactly name name as the original node. It causes validation issues as the node names have to be unique. We should add some suffix to the copied node, probably numbers (-1, -2, -3 ...).
> It will not break rule about node unique names and will help to distinguish original node from the copied one.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years
[JBoss JIRA] (WFLY-13259) Memory leak in Hibernate pending-puts cache when L2 cache is enabled
by Scott Marlow (Jira)
[ https://issues.redhat.com/browse/WFLY-13259?page=com.atlassian.jira.plugi... ]
Scott Marlow commented on WFLY-13259:
-------------------------------------
[~spotra]
{quote}
But the workaround that I did seems to be working (see JPAUtil.removePendingPutAfterCreate() in my test app) although it looks like a terrible hack as it uses non public APIs.
{quote}
Would either calling javax.persistence.Cache.evictAll() or javax.persistence.Cache.evict(Class) help?
Scott
> Memory leak in Hibernate pending-puts cache when L2 cache is enabled
> --------------------------------------------------------------------
>
> Key: WFLY-13259
> URL: https://issues.redhat.com/browse/WFLY-13259
> Project: WildFly
> Issue Type: Enhancement
> Components: JPA / Hibernate
> Affects Versions: 18.0.1.Final, 19.0.0.Final
> Reporter: Sorin Potra
> Assignee: Scott Marlow
> Priority: Optional
> Attachments: PathToGCRoots_strong_refs.PNG, afterOOM.hprof.zip, beforeOOM.hprof.zip, pending-puts-leak.PNG, simple-hibernate-war-client.zip, simple-hibernate-war-client.zip.2020-03-25, simple-hibernate-war.war, simple-hibernate-war.war.2020-03-25, simple-hibernate-war.zip, simple-hibernate-war.zip.2020-03-25
>
>
> Under certain conditions, described below, WildFly / Hibernate can leak memory into the pending-puts cache eventually causing an OutOfMemoryError. Attached you can find a web application and a standalone client that can be used to reproduce the problem. The web app defines two entities: a Parent and a Child. There is a bidirectional one-to-many relationship between the Parent and the Child. JPA L2 cache is enabled (Infinispan is the cache provider).
> Repeatedly executing a transaction that creates a new Child and adds it to the list of children in the Parent will cause the memory usage to increase steadily until OOM is encountered. If the execution of these transactions is stopped before reaching OOM, the memory will be reclaimed after a few minutes of inactivity.
> Attached you can find the following:
> - simple-hibernate-war.war - the web app that can be deployed in WildFly to reproduce the issue.
> - simple-hibernate-war.zip - the source code for the above web app. The servlet that is invoked by the client to create and persist a new Child is com.microfocus.sa.web.AddChildServlet
> - simple-hibernate-war-client.zip - the standalone client that can be used to invoke the AddChildServlet. After unzipping the archive, the client can be run with the following command from the client folder:
>
> java -cp bin com.microfocus.sa.client.AddChildClient
>
> If you need to run the client multiple times, you have to restart WildFly in between the runs, to start from a fresh state (the web app uses the h2 in memory databasewhich is reset at each restart).
> - pending-puts-leak.PNG - a screeshot from Memory Analyzer showing a leaked SessionImpl instance
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years
[JBoss JIRA] (SWSQE-1141) Mirror rh stage registry
by Filip Brychta (Jira)
Filip Brychta created SWSQE-1141:
------------------------------------
Summary: Mirror rh stage registry
Key: SWSQE-1141
URL: https://issues.redhat.com/browse/SWSQE-1141
Project: Kiali QE
Issue Type: Sub-task
Reporter: Filip Brychta
Assignee: Filip Brychta
Jaeger team is using that registry and it would be nice to have that available in disconnected cluster.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years
[JBoss JIRA] (DROOLS-5298) [Scesim Editor]Collection dialog doesn't add any items in context typed lists
by Anna Dupliak (Jira)
Anna Dupliak created DROOLS-5298:
------------------------------------
Summary: [Scesim Editor]Collection dialog doesn't add any items in context typed lists
Key: DROOLS-5298
URL: https://issues.redhat.com/browse/DROOLS-5298
Project: Drools
Issue Type: Bug
Components: Scenario Simulation and Testing
Affects Versions: 7.33.0.Final
Reporter: Anna Dupliak
Assignee: Yeser Amer
Attachments: image-2020-05-05-14-54-38-501.png, test.dmn
When user use list of context - like list of maps the editor fails to add the nodes to it.
!image-2020-05-05-14-54-38-501.png|thumbnail!
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years
[JBoss JIRA] (WFLY-13319) Wildfly 19 MP-JWT & EJB Integration
by Darran Lofthouse (Jira)
[ https://issues.redhat.com/browse/WFLY-13319?page=com.atlassian.jira.plugi... ]
Darran Lofthouse commented on WFLY-13319:
-----------------------------------------
Here is a more complete stack trace of the error being reported: -
{code}
[31m13:49:15,566 ERROR [org.jboss.as.ejb3.invocation] (default task-1) WFLYEJB0034: EJB Invocation failed on component TargetBean for method public boolean org.wildfly.test.integration.microprofile.jwt.ejb.TargetBean.successfulCall(): javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public boolean org.wildfly.test.integration.microprofile.jwt.ejb.TargetBean.successfulCall() of bean: TargetBean is not allowed
at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:134)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:627)
at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
{code}
> Wildfly 19 MP-JWT & EJB Integration
> -----------------------------------
>
> Key: WFLY-13319
> URL: https://issues.redhat.com/browse/WFLY-13319
> Project: WildFly
> Issue Type: Bug
> Components: MP JWT, Test Suite
> Affects Versions: 19.0.0.Final
> Reporter: Radu Cimpean
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 20.0.0.Beta1
>
> Attachments: server-cli.txt, web.xml
>
>
> ===Previous configuration & situation===
> As written https://groups.google.com/forum/#!topic/wildfly/L1BxATschCU,
> We were running wildfly 18 and used jwt for securing the application. We did this via a series of cli commands (see server-cli.txt) to configure the server, as well as referencing the created domains in the web.xml.
> Under jboss-web.xml we are referencing the "ejb-domain" created in the CLIs. The web.xml (see attachments) protects the resource wit the role referenced in the CLIs (role present in the token)
> All our jax-rs resources are annotated with @Stateless and are calling EJBs which in turn are @Statless and declare allowed roles.
> ===Current situation===
> We've upgraded to wildfly 19 in hopes of using microprofile jwt. To do this, we've annotated the Application class with
> @LoginConfig(authMethod = "MP-JWT", realmName = "MP-JWT-REALM"), removed the login-config from the web.xml, and removed the security-domain from jboss-web.xml (since otherwise I would receive an error: ELY01148: A SecurityDomain has already been associated with the specified ClassLoader").
> After also removing the security-constraint tag from the web.xml I was able to get to the resource and noticed that the JWTToken was properly injected (all claims and entries are there), and the SecurityContext injected in the resource also contained the jwt specific values. From what I can tell, in the context of the jax-rs classloader, I am authenticated.
> I would, however, always receive a "Invocation on method... is not allowed" the second the resource would try calling a bean, even if the role matched. Upon checking the logs, and what the injected SessionContext contained, I noticed the principal was anonymous and had no roles allowed.
> I therefore believe that the credentials are somehow not being properly passed.
> Is there a documented way of properly integrating jax-rs&ejb with microprofile jwt?
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years
[JBoss JIRA] (WFWIP-319) Can /tmp directory of builder image be cleared?
by Martin Choma (Jira)
Martin Choma created WFWIP-319:
----------------------------------
Summary: Can /tmp directory of builder image be cleared?
Key: WFWIP-319
URL: https://issues.redhat.com/browse/WFWIP-319
Project: WildFly WIP
Issue Type: Bug
Components: OpenShift
Reporter: Martin Choma
Assignee: Jeff Mesnil
This is not XP specific, but I have noticed it during XP work. I am comparing builder images of 7.3.1 and XP and diff is complaining about {{tmp/jboss-eap-7.3.1.GA-image-builder-maven-repository/licenses/}}
I want to ask if this is necessary to have in builder image. As it is located in /tmp directory I suppose this is just working dir and can be safely deleted?
{code}
[jboss@f4e78430d511 licenses]$ pwd
/tmp/jboss-eap-xp-1.0.0.GA-image-builder-maven-repository/licenses
[jboss@f4e78430d511 licenses]$ ls
'apache license 1.1.txt' 'eclipse public license 1.0.txt' 'gnu lesser general public license v3.0 or later.html' 'mozilla public license 1.1.txt'
'apache license 2.0.txt' 'eclipse public license 2.0.txt' 'gnu lesser general public license, version 3.txt' 'mozilla public license 2.0.html'
'bsd 3-clause new or revised license.html' 'eclipse public license, version 1.0.txt' 'gnu library general public license v2 only.txt' 'plexus classworlds license.html'
'bsd 3-clause no nuclear license.html' 'fsf all permissive license.html' 'gnu library general public license, version 2.txt' 'public domain.txt'
'common development and distribution license 1.0.txt' 'gnu general public license v2.0 only, with classpath exception.txt' 'icu license - icu 1.8.1 to icu 57.1.txt' 'the antlr 2.7.7 license.txt'
'common development and distribution license 1.1.txt' 'gnu general public license, version 2 with the classpath exception.txt' 'indiana university extreme lab software license 1.1.1.html' 'the asm bsd license.txt'
'common development and distribution license.txt' 'gnu general public license, version 2.txt' licenses.css 'the bsd license.txt'
'common public license 1.0.txt' 'gnu lesser general public license v2.1 only.txt' licenses.html 'the dom4j license.txt'
'creative commons attribution 2.5.html' 'gnu lesser general public license v2.1 or later.html' licenses.xml 'the jaxen license.txt'
'creative commons zero v1.0 universal.html' 'gnu lesser general public license v2.1 or later.txt' licenses.xsl 'the jsoup mit license.html'
'eclipse distribution license, version 1.0.txt' 'gnu lesser general public license v3.0 only.txt' 'mit license.txt'
{code}
[1] https://eap-qe-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/OpenShift/job...
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years