[JBoss JIRA] (DROOLS-5521) OutOfBound Exception for last DecisionTable cell
by Jozef Marko (Jira)
[ https://issues.redhat.com/browse/DROOLS-5521?page=com.atlassian.jira.plug... ]
Jozef Marko updated DROOLS-5521:
--------------------------------
Workaround Description: Confirm the error dialog, click on demanded cell.
Workaround: Workaround Exists
> OutOfBound Exception for last DecisionTable cell
> ------------------------------------------------
>
> Key: DROOLS-5521
> URL: https://issues.redhat.com/browse/DROOLS-5521
> Project: Drools
> Issue Type: Bug
> Components: DMN Editor
> Affects Versions: 7.41.0.Final
> Reporter: Jozef Marko
> Assignee: Jozef Marko
> Priority: Major
> Labels: drools-tools, regression
> Attachments: edit-last-cell-of-row-and-press-tab.webm
>
>
> This issue is caused by DROOLS-5442.
> It can be spotted when user start to edit last cell of DMN Decision table row and finish the edit mode by pressing TAB key. It causes an attempt to select next cell of the row and an exception is thrown. See the attached video.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (WFCORE-4962) Add a SecurityMetaData for all deployments
by Jeff Mesnil (Jira)
[ https://issues.redhat.com/browse/WFCORE-4962?page=com.atlassian.jira.plug... ]
Jeff Mesnil updated WFCORE-4962:
--------------------------------
Fix Version/s: 13.0.0.Beta3
(was: 13.0.0.Beta2)
> Add a SecurityMetaData for all deployments
> ------------------------------------------
>
> Key: WFCORE-4962
> URL: https://issues.redhat.com/browse/WFCORE-4962
> Project: WildFly Core
> Issue Type: Task
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 13.0.0.Beta3
>
>
> For all deployments we should associate a new class SecurityMetaData with the deployment, initially the purpose of this will be to hold the ServiceName of any Elytron SecurityDomain if one is being used.
> At a later point additional security policy information can be added as we move away from the ApplicationSecurityDomain resources.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (WFCORE-5049) Ensure any java.security.Policy is registered before PolicyConfigurationFactory
by Jeff Mesnil (Jira)
[ https://issues.redhat.com/browse/WFCORE-5049?page=com.atlassian.jira.plug... ]
Jeff Mesnil updated WFCORE-5049:
--------------------------------
Fix Version/s: 13.0.0.Beta3
(was: 13.0.0.Beta2)
> Ensure any java.security.Policy is registered before PolicyConfigurationFactory
> -------------------------------------------------------------------------------
>
> Key: WFCORE-5049
> URL: https://issues.redhat.com/browse/WFCORE-5049
> Project: WildFly Core
> Issue Type: Task
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 13.0.0.Beta3
>
>
> A PolicyConfigurationFactory may want to consult the Policy so ensure it is installed first.
> This comes up within the Jakarta EE TCK where the test PolicyConfigurationFactory consults the underlying registered Policy.
> https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/...
> {code}
> 12:11:00,728 ERROR [stderr] (MSC service thread 1-3) java.lang.ClassCastException: org.jboss.modules.ModulesPolicy cannot be cast to com.sun.ts.tests.jacc.provider.TSPolicy
> 12:11:00,728 ERROR [stderr] (MSC service thread 1-3) at com.sun.ts.tests.jacc.provider.TSPolicyConfigurationFactoryImpl.getTSLogger(TSPolicyConfigurationFactoryImpl.java:229)
> 12:11:00,729 ERROR [stderr] (MSC service thread 1-3) at com.sun.ts.tests.jacc.provider.TSPolicyConfigurationFactoryImpl.getPolicyConfigurationFactory(TSPolicyConfigurationFactoryImpl.java:159)
> 12:11:00,729 ERROR [stderr] (MSC service thread 1-3) at com.sun.ts.tests.jacc.provider.TSPolicyConfigurationFactoryImpl.<init>(TSPolicyConfigurationFactoryImpl.java:53)
> 12:11:00,729 ERROR [stderr] (MSC service thread 1-3) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> {code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (WFCORE-5040) Elytron JASPI fallback causes dependency on PicketBox
by Jeff Mesnil (Jira)
[ https://issues.redhat.com/browse/WFCORE-5040?page=com.atlassian.jira.plug... ]
Jeff Mesnil updated WFCORE-5040:
--------------------------------
Fix Version/s: 13.0.0.Beta3
(was: 13.0.0.Beta2)
> Elytron JASPI fallback causes dependency on PicketBox
> -----------------------------------------------------
>
> Key: WFCORE-5040
> URL: https://issues.redhat.com/browse/WFCORE-5040
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 13.0.0.Beta3
>
>
> The following is logged when PicketBox is not present.
>
> {code:java}
> 2020-07-08 17:35:19,080 TRACE [org.wildfly.extension.elytron] (ServerService Thread Pool -- 16) Unable to load default AuthConfigFactory.: java.lang.IllegalStateException: Failed to find AuthConfigFactory : org.jboss.security.auth.message.config.JBossAuthConfigFactory2020-07-08 17:35:19,080 TRACE [org.wildfly.extension.elytron] (ServerService Thread Pool -- 16) Unable to load default AuthConfigFactory.: java.lang.IllegalStateException: Failed to find AuthConfigFactory : org.jboss.security.auth.message.config.JBossAuthConfigFactory at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:227) at org.wildfly.extension.elytron.ElytronDefinition.getAuthConfigFactory(ElytronDefinition.java:405) at org.wildfly.extension.elytron.ElytronDefinition.access$700(ElytronDefinition.java:112) at org.wildfly.extension.elytron.ElytronDefinition$ElytronAdd.lambda$performBoottime$0(ElytronDefinition.java:499) at org.wildfly.extension.elytron.SecurityActions.doPrivileged(SecurityActions.java:35) at org.wildfly.extension.elytron.ElytronDefinition$ElytronAdd.performBoottime(ElytronDefinition.java:499) at org.jboss.as.controller.AbstractBoottimeAddStepHandler.performRuntime(AbstractBoottimeAddStepHandler.java:119) at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:164) at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:999) at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:743) at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:467) at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:384) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348) at java.lang.Thread.run(Thread.java:748) at org.jboss.threads.JBossThread.run(JBossThread.java:485)Caused by: java.lang.ClassNotFoundException: org.jboss.security.auth.message.config.JBossAuthConfigFactory from [Module "org.wildfly.extension.elytron" version 13.0.0.Beta2-SNAPSHOT from local module loader @5f2108b5 (finder: local module finder @31a5c39e (roots: /home/darranl/tmp/jacc/minimal/modules,/home/darranl/tmp/jacc/minimal/modules/system/layers/base))] at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:255) at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410) at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398) at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116) at javax.security.auth.message.config.AuthConfigFactory$LoadAction.run(AuthConfigFactory.java:571) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:211) ... 17 more {code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (WFCORE-5033) Move org.wildfly.security:wildfly-elytron-jacc into it's own module
by Jeff Mesnil (Jira)
[ https://issues.redhat.com/browse/WFCORE-5033?page=com.atlassian.jira.plug... ]
Jeff Mesnil updated WFCORE-5033:
--------------------------------
Fix Version/s: 13.0.0.Beta3
(was: 13.0.0.Beta2)
> Move org.wildfly.security:wildfly-elytron-jacc into it's own module
> -------------------------------------------------------------------
>
> Key: WFCORE-5033
> URL: https://issues.redhat.com/browse/WFCORE-5033
> Project: WildFly Core
> Issue Type: Task
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 13.0.0.Beta3
>
>
> Long term it will be desirable for JACC to be within it's own subsystem so it's inclusion can be controlled using layers, however there may be an intermediate step where we split JACC out from the Elytron project so will want to bring it in ideally in it's own module.
> The classes within this module have never been public API so we are free to refactor as needed.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (WFCORE-5022) The /subsystem=elytron/policy=* can be simplified a lot further
by Jeff Mesnil (Jira)
[ https://issues.redhat.com/browse/WFCORE-5022?page=com.atlassian.jira.plug... ]
Jeff Mesnil updated WFCORE-5022:
--------------------------------
Fix Version/s: 13.0.0.Beta3
(was: 13.0.0.Beta2)
> The /subsystem=elytron/policy=* can be simplified a lot further
> ---------------------------------------------------------------
>
> Key: WFCORE-5022
> URL: https://issues.redhat.com/browse/WFCORE-5022
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Security
> Affects Versions: 12.0.1.Final
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 13.0.0.Beta3
>
>
> At the moment this resource is quite verbose but the tasks it performs are very simple.
> {code:java}
> [standalone@localhost:9990 /] /subsystem=elytron/policy=*:read-resource-description
> {
> "outcome" => "success",
> "result" => [{
> "address" => [
> ("subsystem" => "elytron"),
> ("policy" => "*")
> ],
> "outcome" => "success",
> "result" => {
> "description" => "A definition that sets up a policy provider.",
> "max-occurs" => 1,
> "capabilities" => [{
> "name" => "org.wildfly.security.policy",
> "dynamic" => false
> }],
> "access-constraints" => {
> "sensitive" => {"elytron-security" => {"type" => "elytron"}},
> "application" => {"elytron-security" => {"type" => "elytron"}}
> },
> "attributes" => {
> "custom-policy" => {
> "type" => OBJECT,
> "description" => "A custom policy provider definition.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => true,
> "alternatives" => ["jacc-policy"],
> "value-type" => {
> "class-name" => {
> "type" => STRING,
> "description" => "The name of a java.security.Policy implementation referencing a policy provider.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => false,
> "min-length" => 1L,
> "max-length" => 2147483647L
> },
> "module" => {
> "type" => STRING,
> "description" => "The name of the module to load the provider from.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L
> }
> },
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> },
> "default-policy" => {
> "type" => STRING,
> "description" => "Not used.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "deprecated" => {
> "since" => "1.2.0",
> "reason" => "The 'default-policy' attribute is ignored, as a policy resource should be configured with only one policy."
> },
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> },
> "jacc-policy" => {
> "type" => OBJECT,
> "description" => "A policy provider definition that sets up JACC and related services.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => true,
> "alternatives" => ["custom-policy"],
> "value-type" => {
> "policy" => {
> "type" => STRING,
> "description" => "The name of a java.security.Policy implementation referencing a policy provider.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "default" => "org.wildfly.security.authz.jacc.JaccDelegatingPolicy",
> "min-length" => 1L,
> "max-length" => 2147483647L
> },
> "configuration-factory" => {
> "type" => STRING,
> "description" => "The name of a javax.security.jacc.PolicyConfigurationFactory implementation referencing a policy configuration factory provider.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "default" => "org.wildfly.security.authz.jacc.ElytronPolicyConfigurationFactory",
> "min-length" => 1L,
> "max-length" => 2147483647L
> },
> "module" => {
> "type" => STRING,
> "description" => "The name of the module to load the provider from.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L
> }
> },
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> }
> },
> "operations" => undefined,
> "notifications" => undefined,
> "children" => {}
> }
> }]
> }
> {code}
> Firstly it only makes sense to have a single policy defined, the outcome of this resource is JVM wide registration so multiple definitions would lead to undefined behaviour.
> Secondly this provides two primary functions.
> 1. Instantation of [https://docs.oracle.com/javase/8/docs/api/java/security/Policy.html] and registration via a call to [https://docs.oracle.com/javase/8/docs/api/java/security/Policy.html#setPo...]
> This first point needs a class name for the policy as well as a module.
> 2. Registration of the JVM wide [https://jakarta.ee/specifications/platform/8/apidocs/javax/security/jacc/...] again needing a classname and module.
> This is also not working correctly but the immediate bug is being addressed under WFCORE-5020
> The JACC APIs don't actually provide a nice way to register this so maybe this is something we should also propose via the spec, but this piece is effectively a class name and module name.
> We have ended up with custom and jacc variants as alternatives. Really both variants are optional but if the resource is defined at least one must be set.
> It may make sense for JACC to move to it's own subsystem for a couple of reasons.
> The JVM wide policy will likely need to be possible in both subsystems but use a capability to ensure it is defined in only one. We probably should move it's registration into the boot operations so registration is complete before DUPs begin.
> The PolicyConfigurationFactory would then be in a JACC subsystem only. Again handling during a boot operation may be preferable otherwise we see issues like WFLY-13615 but failing that ensuring the deployment depend upon the registration happening may be sufficient.
> Additionally the resource has some hard coded class names for the Policy and PolicyConfigurationFactory, we probably should not have these as class names and instead default to them if not defined - this means we still need a way to optionally activate their registration if JACC is required on the server.
> It probably should also be possible to independently set the module for Policy and PolicyContextHandler as these will presently be shared.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months