[JBoss JIRA] (WFLY-12815) Wildfly 13 - Thread local state corrupted by deployed application explosion during session timeout leading to WELD-001304 - More than one context active for scope type javax.enterprise.context.SessionScoped
by Brian Stansberry (Jira)
[ https://issues.redhat.com/browse/WFLY-12815?page=com.atlassian.jira.plugi... ]
Brian Stansberry resolved WFLY-12815.
-------------------------------------
Resolution: Done
> Wildfly 13 - Thread local state corrupted by deployed application explosion during session timeout leading to WELD-001304 - More than one context active for scope type javax.enterprise.context.SessionScoped
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-12815
> URL: https://issues.redhat.com/browse/WFLY-12815
> Project: WildFly
> Issue Type: Bug
> Components: CDI / Weld
> Affects Versions: 13.0.0.Final
> Environment: Environment independent the issue, it is purely a logical problem
> Reporter: NUNO GODINHO DE MATOS
> Assignee: Matěj Novotný
> Priority: Major
> Fix For: 21.0.0.Beta1
>
> Attachments: 01_snippets_of_code_of_sample_app.7z, 02_issue_fix2_using_weld-web-3.1.5-SNAPSHOT.jar.txt.7z, 02_reproducing_issue_on_wildfly20_before_patching_weld_core_web.7z, Sample_App_To_reproduceBug_001_RollingFileAppender.7z, sourceCodeToSendToWildfly.7z
>
>
> The full description of the problem can be seen in stack overflow.
> Please consulder the issue:
> https://stackoverflow.com/questions/58930939/wildflt-13-weld-001304-more-...
> SUMMARY:
> (1) Setup you wildfly to have a session timeout of 1 minute - so that you can esaily make your http sessions timeout
> (2) Program in your WAR application a sessionDestroyed listener that will be broken.
> In our case whenever the session is timing out, we have some code that explodes in wildfly and not in weblogic because it expected for the RequestScope context to be active, but apparently in wildfly when Undertow to start killing of a session the request scope context is not made active so that caused our session destroyed handling to break
> (3) Do this sufficient amount of times to corrupted as may threads in the thread pool as possible
> (4) Now try to interact with your application making use of some session scoped beans .
> If you travel to ay sort of view that makes use of a session scoped bean that thread will be broken with the exception that multiple session scope context implementation are active.
> But this exception will only come out and aply if the thread handling the HTTP request is one of the threads that in the past were used by undertow to handle the session timeout.
> The only threads that have been corrupted forever are those that had a broken sessin timeout
> Explanation for the issue:
> - When the session timeout is being orchestrated by underdow, wildfly is activating a special HttpSessionDescrutionContext and making it active.
> This ACTIVE TRUE/FALSE flag is a ThreadLocal variable.
> So the activation of the scope context is marked on the thread itself.
> - When the thread blows up the thread context will remain for as long at the thread lives
> - in a future request the flag had that thread local variable active already.
> So when the BeanManagaerImpl is hunting to the one and only active http session context it finds the traditional happy path http session context active plust the DestructionSession context that was activated in a previous call.
> All of the illustrative stack traces that facilitate the comprehention of the issue are shown in the stack overflow thread.
> I am of the oppinion that errors like this can happen in the deployed applications.
> It would not hurt if wildfly would somehow be able to ensure that the thread that hand an explosion in a previous request is not corrupted when it is used to handle new requests.
> Many thanks for having a look.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (DROOLS-5578) Kie Server uses obselete/to be deleted Java APIs
by Steve Davidson (Jira)
[ https://issues.redhat.com/browse/DROOLS-5578?page=com.atlassian.jira.plug... ]
Steve Davidson edited comment on DROOLS-5578 at 8/13/20 5:26 PM:
-----------------------------------------------------------------
Looks like the KIE-CI is having some configuration issues or something with "Uberfire" (???) right now.....
was (Author: northgorky):
Looks like the KIE-CI is having some configuration issues or something right now.....
> Kie Server uses obselete/to be deleted Java APIs
> ------------------------------------------------
>
> Key: DROOLS-5578
> URL: https://issues.redhat.com/browse/DROOLS-5578
> Project: Drools
> Issue Type: Component Upgrade
> Components: kie server
> Affects Versions: 7.38.0.Final, 7.39.0.Final, 7.40.0.Final, 7.41.0.Final
> Reporter: Steve Davidson
> Assignee: Mario Fusco
> Priority: Minor
> Labels: Kie-Server, kie, kie-server
>
> Kie Server is using several deprecated and soon to be restricted/deleted Java APIs. Much of this has been cleaned up over the last year or so, but there are still a few instances of old Java APIs in use.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (DROOLS-5578) Kie Server uses obselete/to be deleted Java APIs
by Steve Davidson (Jira)
[ https://issues.redhat.com/browse/DROOLS-5578?page=com.atlassian.jira.plug... ]
Steve Davidson commented on DROOLS-5578:
----------------------------------------
Looks like the KIE-CI is having some configuration issues or something right now.....
> Kie Server uses obselete/to be deleted Java APIs
> ------------------------------------------------
>
> Key: DROOLS-5578
> URL: https://issues.redhat.com/browse/DROOLS-5578
> Project: Drools
> Issue Type: Component Upgrade
> Components: kie server
> Affects Versions: 7.38.0.Final, 7.39.0.Final, 7.40.0.Final, 7.41.0.Final
> Reporter: Steve Davidson
> Assignee: Mario Fusco
> Priority: Minor
> Labels: Kie-Server, kie, kie-server
>
> Kie Server is using several deprecated and soon to be restricted/deleted Java APIs. Much of this has been cleaned up over the last year or so, but there are still a few instances of old Java APIs in use.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (WFCORE-5069) libwfssl is not detected by EAP automatically -> cannot use OpenSSL security provider
by Brian Stansberry (Jira)
[ https://issues.redhat.com/browse/WFCORE-5069?page=com.atlassian.jira.plug... ]
Brian Stansberry updated WFCORE-5069:
-------------------------------------
Fix Version/s: (was: 13.0.0.Final)
> libwfssl is not detected by EAP automatically -> cannot use OpenSSL security provider
> -------------------------------------------------------------------------------------
>
> Key: WFCORE-5069
> URL: https://issues.redhat.com/browse/WFCORE-5069
> Project: WildFly Core
> Issue Type: Bug
> Reporter: Farah Juma
> Assignee: Farah Juma
> Priority: Blocker
> Fix For: 13.0.0.Beta5
>
>
> Looks like detection of `libwfssl` is broken in current build. When I try to configure OpenSSL security provider in legacy security, I can see following errors in standalone.log:
> {code:java}
> 15:39:44,704 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: WFLYDM0018: Unable to start service15:39:44,704 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: WFLYDM0018: Unable to start service at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:116) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739) at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701) at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.lang.Thread.run(Thread.java:748)Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: openssl.TLSv1.2, provider: openssl, class: org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi) at java.security.Provider$Service.newInstance(Provider.java:1617) at sun.security.jca.GetInstance.getInstance(GetInstance.java:236) at sun.security.jca.GetInstance.getInstance(GetInstance.java:164) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:105) ... 8 moreCaused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException at org.wildfly.openssl.SSL.init(SSL.java:87) at org.wildfly.openssl.OpenSSLContextSPI.<init>(OpenSSLContextSPI.java:129) at org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi.<init>(OpenSSLContextSPI.java:484) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at java.security.Provider$Service.newInstance(Provider.java:1595) ... 12 moreCaused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.wildfly.openssl.SSL.init(SSL.java:82) ... 19 moreCaused by: java.lang.UnsatisfiedLinkError: no wfssl in java.library.path at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1860) at java.lang.Runtime.loadLibrary0(Runtime.java:870) at java.lang.System.loadLibrary(System.java:1124) at org.wildfly.openssl.SSL$LibraryLoader.load(SSL.java:288) ... 24 more
> 15:39:44,818 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("core-service" => "management"), ("security-realm" => "ApplicationRealm")]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context" => "WFLYDM0018: Unable to start service Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: openssl.TLSv1.2, provider: openssl, class: org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi) Caused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException Caused by: java.lang.reflect.InvocationTargetException Caused by: java.lang.UnsatisfiedLinkError: no wfssl in java.library.path"}} {code}
>
> This is a regression against previous release - {{EAP7.3.1}}. Expected behaviour is no error in the log, libwfssl is loaded successfully and OpenSSL is correctly used for TLS connections.
> Note - there has been a change in the location of the particular libwfssl native binaries in the distribution, see https://github.com/wildfly-security/wildfly-openssl/commit/c5c07d3dc0d637...
> {code:title=7.3.1}
> $ find . -name *wfssl*
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-sparcv9/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-x86_64/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/win-x86_64/wfssl.dll
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/win-i386/wfssl.dll
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-i386/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-s390x/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-x86_64/libwfssl.so
> {code}
> and
> {code:title=7.4.0.CD20-CR1}
> $ find . -name *ssl*
> ./modules/system/layers/base/org/wildfly/openssl
> ./modules/system/layers/base/org/wildfly/openssl/main/wildfly-openssl-java-1.1.0.Final-redhat-00001.jar
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-sparcv9/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-x86_64/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/win-x86_64/wfssl.dll
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/win-i386/wfssl.dll
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-s390x/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/el8-x86_64/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/el7-x86_64/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/el6-x86_64/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/el6-i386/libwfssl.so
> ./modules/system/layers/base/org/wildfly/security/elytron-private/main/wildfly-elytron-ssl-1.12.1.Final-redhat-00001.jar
> {code}
>
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (DROOLS-5578) Kie Server uses obselete/to be deleted Java APIs
by Steve Davidson (Jira)
[ https://issues.redhat.com/browse/DROOLS-5578?page=com.atlassian.jira.plug... ]
Steve Davidson commented on DROOLS-5578:
----------------------------------------
[https://github.com/kiegroup/droolsjbpm-integration/pull/2197]
+Currently skipped:+
drools-ha/ha-core-infra/src/main/java/org/kie/hacep/core/infra/election/LeaderElectionImpl.java
uses deprecated method java/math/BigDecimal::divide(Ljava/math/BigDecimal;II)Ljava/math/BigDecimal;
This is a fairly recent update to the Kie Code base. I will have a handler and update for this ready in the next day or so.
+java/security/acl/Group+
An API schedule for removal in JDK 14. Used/implemented by:
./kie-tomcat-integration/src/main/java/org/kie/integration/tomcat/SimpleRolePrincipal.java
./kie-tomcat-integration/src/main/java/org/kie/integration/tomcat/JACCValve.java
./kie-server-parent/kie-server-services/kie-server-services-common/src/main/java/org/kie/server/services/impl/security/JACCIdentityProvider.java
./kie-server-parent/kie-server-services/kie-server-services-common/src/main/java/org/kie/server/services/impl/security/adapters/JMSSecurityAdapter.java
Possibly related discussions:
https://issues.redhat.com/browse/JBWS-4133
https://issues.redhat.com/browse/ELY-1744
While this issue isn't one that lends itself to automated fixes, I may be able to assist depending on what is decided for the fix.
> Kie Server uses obselete/to be deleted Java APIs
> ------------------------------------------------
>
> Key: DROOLS-5578
> URL: https://issues.redhat.com/browse/DROOLS-5578
> Project: Drools
> Issue Type: Component Upgrade
> Components: kie server
> Affects Versions: 7.38.0.Final, 7.39.0.Final, 7.40.0.Final, 7.41.0.Final
> Reporter: Steve Davidson
> Assignee: Mario Fusco
> Priority: Minor
> Labels: Kie-Server, kie, kie-server
>
> Kie Server is using several deprecated and soon to be restricted/deleted Java APIs. Much of this has been cleaned up over the last year or so, but there are still a few instances of old Java APIs in use.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (DROOLS-5578) Kie Server uses obselete/to be deleted Java APIs
by Steve Davidson (Jira)
Steve Davidson created DROOLS-5578:
--------------------------------------
Summary: Kie Server uses obselete/to be deleted Java APIs
Key: DROOLS-5578
URL: https://issues.redhat.com/browse/DROOLS-5578
Project: Drools
Issue Type: Component Upgrade
Components: kie server
Affects Versions: 7.41.0.Final, 7.40.0.Final, 7.39.0.Final, 7.38.0.Final
Reporter: Steve Davidson
Assignee: Mario Fusco
Kie Server is using several deprecated and soon to be restricted/deleted Java APIs. Much of this has been cleaned up over the last year or so, but there are still a few instances of old Java APIs in use.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months
[JBoss JIRA] (DROOLS-5578) Kie Server uses obselete/to be deleted Java APIs
by Steve Davidson (Jira)
[ https://issues.redhat.com/browse/DROOLS-5578?page=com.atlassian.jira.plug... ]
Steve Davidson commented on DROOLS-5578:
----------------------------------------
I have an automated tool that should be able to handle most of this. A pull request should be along shortly.
> Kie Server uses obselete/to be deleted Java APIs
> ------------------------------------------------
>
> Key: DROOLS-5578
> URL: https://issues.redhat.com/browse/DROOLS-5578
> Project: Drools
> Issue Type: Component Upgrade
> Components: kie server
> Affects Versions: 7.38.0.Final, 7.39.0.Final, 7.40.0.Final, 7.41.0.Final
> Reporter: Steve Davidson
> Assignee: Mario Fusco
> Priority: Minor
> Labels: Kie-Server, kie, kie-server
>
> Kie Server is using several deprecated and soon to be restricted/deleted Java APIs. Much of this has been cleaned up over the last year or so, but there are still a few instances of old Java APIs in use.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 11 months