[JBoss JIRA] (DROOLS-5522) Fix InternalKieModule.createKieModule
by Gabriele Cardosi (Jira)
Gabriele Cardosi created DROOLS-5522:
----------------------------------------
Summary: Fix InternalKieModule.createKieModule
Key: DROOLS-5522
URL: https://issues.redhat.com/browse/DROOLS-5522
Project: Drools
Issue Type: Task
Reporter: Gabriele Cardosi
Assignee: Mario Fusco
{code:java}
org.drools.compiler.kie.builder.impl.InternalKieModule.createKieModule(ReleaseId releaseId, File jar)
{code}
has a couple of issues
1) there is not a check on the actual type of File received as parameter: it expects it to be a "jar" - but this is not checked anywhere - so
{code:java}
ZipFile zipFile = new ZipFile(jar)
{code}
throws an exception whenever the given file is not a "jar"
2) every exceptions are catch and simply logged; but it seems that whatever exception may happen inside this if
{code:java}
if (zipEntry != null) {
KieModuleModel kieModuleModel = KieModuleModelImpl.fromXML( zipFile.getInputStream( zipEntry ) );
setDefaultsforEmptyKieModule( kieModuleModel );
return kieModuleModel != null ? InternalKieModuleProvider.get( adapt( releaseId ), kieModuleModel, jar ) : null;
}
{code}
it is actually a grave exception, since it means that it was impossible to retrieve an expected KieModule out of a given "kjar" (we know if is a kjar because zipEntry != null)
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (WFCORE-5022) The /subsystem=elytron/policy=* can be simplified a lot further
by Darran Lofthouse (Jira)
[ https://issues.redhat.com/browse/WFCORE-5022?page=com.atlassian.jira.plug... ]
Darran Lofthouse updated WFCORE-5022:
-------------------------------------
Fix Version/s: (was: 13.0.0.Beta3)
> The /subsystem=elytron/policy=* can be simplified a lot further
> ---------------------------------------------------------------
>
> Key: WFCORE-5022
> URL: https://issues.redhat.com/browse/WFCORE-5022
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Security
> Affects Versions: 12.0.1.Final
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
>
> At the moment this resource is quite verbose but the tasks it performs are very simple.
> {code:java}
> [standalone@localhost:9990 /] /subsystem=elytron/policy=*:read-resource-description
> {
> "outcome" => "success",
> "result" => [{
> "address" => [
> ("subsystem" => "elytron"),
> ("policy" => "*")
> ],
> "outcome" => "success",
> "result" => {
> "description" => "A definition that sets up a policy provider.",
> "max-occurs" => 1,
> "capabilities" => [{
> "name" => "org.wildfly.security.policy",
> "dynamic" => false
> }],
> "access-constraints" => {
> "sensitive" => {"elytron-security" => {"type" => "elytron"}},
> "application" => {"elytron-security" => {"type" => "elytron"}}
> },
> "attributes" => {
> "custom-policy" => {
> "type" => OBJECT,
> "description" => "A custom policy provider definition.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => true,
> "alternatives" => ["jacc-policy"],
> "value-type" => {
> "class-name" => {
> "type" => STRING,
> "description" => "The name of a java.security.Policy implementation referencing a policy provider.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => false,
> "min-length" => 1L,
> "max-length" => 2147483647L
> },
> "module" => {
> "type" => STRING,
> "description" => "The name of the module to load the provider from.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L
> }
> },
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> },
> "default-policy" => {
> "type" => STRING,
> "description" => "Not used.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "deprecated" => {
> "since" => "1.2.0",
> "reason" => "The 'default-policy' attribute is ignored, as a policy resource should be configured with only one policy."
> },
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> },
> "jacc-policy" => {
> "type" => OBJECT,
> "description" => "A policy provider definition that sets up JACC and related services.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => true,
> "alternatives" => ["custom-policy"],
> "value-type" => {
> "policy" => {
> "type" => STRING,
> "description" => "The name of a java.security.Policy implementation referencing a policy provider.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "default" => "org.wildfly.security.authz.jacc.JaccDelegatingPolicy",
> "min-length" => 1L,
> "max-length" => 2147483647L
> },
> "configuration-factory" => {
> "type" => STRING,
> "description" => "The name of a javax.security.jacc.PolicyConfigurationFactory implementation referencing a policy configuration factory provider.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "default" => "org.wildfly.security.authz.jacc.ElytronPolicyConfigurationFactory",
> "min-length" => 1L,
> "max-length" => 2147483647L
> },
> "module" => {
> "type" => STRING,
> "description" => "The name of the module to load the provider from.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L
> }
> },
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> }
> },
> "operations" => undefined,
> "notifications" => undefined,
> "children" => {}
> }
> }]
> }
> {code}
> Firstly it only makes sense to have a single policy defined, the outcome of this resource is JVM wide registration so multiple definitions would lead to undefined behaviour.
> Secondly this provides two primary functions.
> 1. Instantation of [https://docs.oracle.com/javase/8/docs/api/java/security/Policy.html] and registration via a call to [https://docs.oracle.com/javase/8/docs/api/java/security/Policy.html#setPo...]
> This first point needs a class name for the policy as well as a module.
> 2. Registration of the JVM wide [https://jakarta.ee/specifications/platform/8/apidocs/javax/security/jacc/...] again needing a classname and module.
> This is also not working correctly but the immediate bug is being addressed under WFCORE-5020
> The JACC APIs don't actually provide a nice way to register this so maybe this is something we should also propose via the spec, but this piece is effectively a class name and module name.
> We have ended up with custom and jacc variants as alternatives. Really both variants are optional but if the resource is defined at least one must be set.
> It may make sense for JACC to move to it's own subsystem for a couple of reasons.
> The JVM wide policy will likely need to be possible in both subsystems but use a capability to ensure it is defined in only one. We probably should move it's registration into the boot operations so registration is complete before DUPs begin.
> The PolicyConfigurationFactory would then be in a JACC subsystem only. Again handling during a boot operation may be preferable otherwise we see issues like WFLY-13615 but failing that ensuring the deployment depend upon the registration happening may be sufficient.
> Additionally the resource has some hard coded class names for the Policy and PolicyConfigurationFactory, we probably should not have these as class names and instead default to them if not defined - this means we still need a way to optionally activate their registration if JACC is required on the server.
> It probably should also be possible to independently set the module for Policy and PolicyContextHandler as these will presently be shared.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (WFLY-12815) Wildfly 13 - Thread local state corrupted by deployed application explosion during session timeout leading to WELD-001304 - More than one context active for scope type javax.enterprise.context.SessionScoped
by Matěj Novotný (Jira)
[ https://issues.redhat.com/browse/WFLY-12815?page=com.atlassian.jira.plugi... ]
Matěj Novotný commented on WFLY-12815:
--------------------------------------
{quote}I am only not sure about the idea that we should normally be catching exceptions to prevent undersired behaivor like this one. In general, we always allow the application server to be "hammered" by our application exceptions,
{quote}
Well, that's what servlet spec says about it. And CDI integration into servlet via these very events so if you blow up the chain, you blow up the only reliable way CDI/Weld has of telling what is going on with requests and sessions. We already have some safety latches for request cases from what I saw but you there is likely always a case where it won't quite work as we will simply be unable to tell what state is it in and whether it is a serious error or if we should just (almost) silently clean up.
BTW I already have a Weld PR up - [https://github.com/weld/core/pull/2005/files]
I am testing it now against Weld TS and WFLY TS and will drop a comment once I know it is good. I can also give you the details on how to patch newer Weld into WFLY. But it is still a fix for WFLY 20/21 as the version 13 you reported it against is pretty ancient at this point (and uses way older Weld as well).
> Wildfly 13 - Thread local state corrupted by deployed application explosion during session timeout leading to WELD-001304 - More than one context active for scope type javax.enterprise.context.SessionScoped
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-12815
> URL: https://issues.redhat.com/browse/WFLY-12815
> Project: WildFly
> Issue Type: Bug
> Components: CDI / Weld
> Affects Versions: 13.0.0.Final
> Environment: Environment independent the issue, it is purely a logical problem
> Reporter: NUNO GODINHO DE MATOS
> Assignee: Matěj Novotný
> Priority: Major
> Attachments: sourceCodeToSendToWildfly.7z
>
>
> The full description of the problem can be seen in stack overflow.
> Please consulder the issue:
> https://stackoverflow.com/questions/58930939/wildflt-13-weld-001304-more-...
> SUMMARY:
> (1) Setup you wildfly to have a session timeout of 1 minute - so that you can esaily make your http sessions timeout
> (2) Program in your WAR application a sessionDestroyed listener that will be broken.
> In our case whenever the session is timing out, we have some code that explodes in wildfly and not in weblogic because it expected for the RequestScope context to be active, but apparently in wildfly when Undertow to start killing of a session the request scope context is not made active so that caused our session destroyed handling to break
> (3) Do this sufficient amount of times to corrupted as may threads in the thread pool as possible
> (4) Now try to interact with your application making use of some session scoped beans .
> If you travel to ay sort of view that makes use of a session scoped bean that thread will be broken with the exception that multiple session scope context implementation are active.
> But this exception will only come out and aply if the thread handling the HTTP request is one of the threads that in the past were used by undertow to handle the session timeout.
> The only threads that have been corrupted forever are those that had a broken sessin timeout
> Explanation for the issue:
> - When the session timeout is being orchestrated by underdow, wildfly is activating a special HttpSessionDescrutionContext and making it active.
> This ACTIVE TRUE/FALSE flag is a ThreadLocal variable.
> So the activation of the scope context is marked on the thread itself.
> - When the thread blows up the thread context will remain for as long at the thread lives
> - in a future request the flag had that thread local variable active already.
> So when the BeanManagaerImpl is hunting to the one and only active http session context it finds the traditional happy path http session context active plust the DestructionSession context that was activated in a previous call.
> All of the illustrative stack traces that facilitate the comprehention of the issue are shown in the stack overflow thread.
> I am of the oppinion that errors like this can happen in the deployed applications.
> It would not hurt if wildfly would somehow be able to ensure that the thread that hand an explosion in a previous request is not corrupted when it is used to handle new requests.
> Many thanks for having a look.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (DROOLS-5521) OutOfBound Exception for last DecisionTable cell
by Jozef Marko (Jira)
[ https://issues.redhat.com/browse/DROOLS-5521?page=com.atlassian.jira.plug... ]
Jozef Marko updated DROOLS-5521:
--------------------------------
Description:
This issue is caused by DROOLS-5442.
It can be spotted when user start to edit last cell of DMN Decision table row and finish the edit mode by pressing TAB key. It causes an attempt to select next cell of the row and an exception is thrown. See the attached video.
h3. Acceptance criteria
Check pressing TAB when edit mode of last cell is active for:
- Guided Decision Table
- Test Scenario
- DMN Decision Table
- DMN Relation
- DMN Context
- DMN Function
- DMN Literal Expression
- DMN List
was:
This issue is caused by DROOLS-5442.
It can be spotted when user start to edit last cell of DMN Decision table row and finish the edit mode by pressing TAB key. It causes an attempt to select next cell of the row and an exception is thrown. See the attached video.
> OutOfBound Exception for last DecisionTable cell
> ------------------------------------------------
>
> Key: DROOLS-5521
> URL: https://issues.redhat.com/browse/DROOLS-5521
> Project: Drools
> Issue Type: Bug
> Components: DMN Editor
> Affects Versions: 7.41.0.Final
> Reporter: Jozef Marko
> Assignee: Jozef Marko
> Priority: Major
> Labels: drools-tools, regression
> Attachments: edit-last-cell-of-row-and-press-tab.webm
>
>
> This issue is caused by DROOLS-5442.
> It can be spotted when user start to edit last cell of DMN Decision table row and finish the edit mode by pressing TAB key. It causes an attempt to select next cell of the row and an exception is thrown. See the attached video.
> h3. Acceptance criteria
> Check pressing TAB when edit mode of last cell is active for:
> - Guided Decision Table
> - Test Scenario
> - DMN Decision Table
> - DMN Relation
> - DMN Context
> - DMN Function
> - DMN Literal Expression
> - DMN List
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (DROOLS-5521) OutOfBound Exception for last DecisionTable cell
by Jozef Marko (Jira)
[ https://issues.redhat.com/browse/DROOLS-5521?page=com.atlassian.jira.plug... ]
Jozef Marko updated DROOLS-5521:
--------------------------------
Sprint: 2020 Week 28-30 (from Jul 6)
> OutOfBound Exception for last DecisionTable cell
> ------------------------------------------------
>
> Key: DROOLS-5521
> URL: https://issues.redhat.com/browse/DROOLS-5521
> Project: Drools
> Issue Type: Bug
> Components: DMN Editor
> Affects Versions: 7.41.0.Final
> Reporter: Jozef Marko
> Assignee: Jozef Marko
> Priority: Major
> Labels: drools-tools, regression
> Attachments: edit-last-cell-of-row-and-press-tab.webm
>
>
> This issue is caused by DROOLS-5442.
> It can be spotted when user start to edit last cell of DMN Decision table row and finish the edit mode by pressing TAB key. It causes an attempt to select next cell of the row and an exception is thrown. See the attached video.
> h3. Acceptance criteria
> Check pressing TAB when edit mode of last cell is active for:
> - Guided Decision Table
> - Test Scenario
> - DMN Decision Table
> - DMN Relation
> - DMN Context
> - DMN Function
> - DMN Literal Expression
> - DMN List
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (WFCORE-5020) Although elytron has module for JACC factory it is not used for JACC
by Jeff Mesnil (Jira)
[ https://issues.redhat.com/browse/WFCORE-5020?page=com.atlassian.jira.plug... ]
Jeff Mesnil updated WFCORE-5020:
--------------------------------
Fix Version/s: 13.0.0.Beta3
(was: 13.0.0.Beta2)
> Although elytron has module for JACC factory it is not used for JACC
> --------------------------------------------------------------------
>
> Key: WFCORE-5020
> URL: https://issues.redhat.com/browse/WFCORE-5020
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 12.0.1.Final
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 13.0.0.Beta3
>
>
> A module can be specified and this is used to load the specified provider class and instantiate it, however this is separate to the one instantiated by PolicyConfigurationFactory.
> Elytron does set a system property to ensure the configured class name is used but does not actually ensure the module is used for class loading.
> At the same time it should be ensuring there is only a single instance of the class.
> Finally we should verify the correct class has been loaded in case some race condition has caused premature initialisation - those can be difficult to debug.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months