[Red Hat JIRA] (WFLY-10863) MP Health is not available in domain mode
by Martin Stefanko (Jira)
[ https://issues.redhat.com/browse/WFLY-10863?page=com.atlassian.jira.plugi... ]
Martin Stefanko commented on WFLY-10863:
----------------------------------------
[~brian.stansberry], [~rsvoboda] can this be resolved as won't fix then?
> MP Health is not available in domain mode
> -----------------------------------------
>
> Key: WFLY-10863
> URL: https://issues.redhat.com/browse/WFLY-10863
> Project: WildFly
> Issue Type: Feature Request
> Components: MP Health
> Reporter: Rostislav Svoboda
> Assignee: Martin Stefanko
> Priority: Major
> Labels: domain-mode
>
> MP Health is not available in domain mode.
> Analysis is not saying that domain is out of scope, EAP7 RFE is not explicit about this either.
> We may resolve this just by making it explicit, that MP health is just fo standalone for now.
> For domain we should at least have a plan what to do and how
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 5 months
[Red Hat JIRA] (WFLY-14357) Sporadic ArrayIndexOutOfBoundsException on first few calls
by Peter Bilstein (Jira)
Peter Bilstein created WFLY-14357:
-------------------------------------
Summary: Sporadic ArrayIndexOutOfBoundsException on first few calls
Key: WFLY-14357
URL: https://issues.redhat.com/browse/WFLY-14357
Project: WildFly
Issue Type: Bug
Affects Versions: 21.0.0.Final
Reporter: Peter Bilstein
Assignee: Brian Stansberry
From time to time we get a sporadic failure when trying to login to keycloak 12.0.1 (on wildfly 21?!) via Oauth during test runs. This seems to happen on concurrent calls to the auth service:
{noformat}
[0m[0m09:40:59,607 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990
[0m[31m09:41:03,906 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-3) Uncaught server error: java.lang.ArrayIndexOutOfBoundsException: Index 34 out of bounds for length 33
at java.base/java.util.ArrayList.add(ArrayList.java:487)
at java.base/java.util.ArrayList.add(ArrayList.java:499)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.statistics.StatisticsControllerImpl.register(StatisticsControllerImpl.java:25)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.LocatorRegistry.processMethod(LocatorRegistry.java:66)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.LocatorRegistry.register(LocatorRegistry.java:49)
at org.jboss.resteasy.resteasy-jaxrs(a)3.13.2.Final//org.jboss.resteasy.core.LocatorRegistry.<init>(LocatorRegistry.java:41)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:104)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at javax.servlet.api@2.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.keycloak.keycloak-wildfly-extensions@12.0.1//org.keycloak.provider.wildfly.WildFlyRequestFilter.lambda$doFilter$0(WildFlyRequestFilter.java:41)
at org.keycloak.keycloak-services@12.0.1//org.keycloak.services.filters.AbstractRequestFilter.filter(AbstractRequestFilter.java:43)
at org.keycloak.keycloak-wildfly-extensions@12.0.1//org.keycloak.provider.wildfly.WildFlyRequestFilter.doFilter(WildFlyRequestFilter.java:39)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.2.2.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.2.2.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.2.2.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.core@2.2.2.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.2.2.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.2.2.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.2.2.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.2.2.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
at io.undertow.core@2.2.2.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
at io.undertow.core@2.2.2.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at io.undertow.core@2.2.2.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
at org.jboss.xnio@3.8.2.Final//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
at java.base/java.lang.Thread.run(Thread.java:834)
[0m[31m09:41:03,906 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-1) Uncaught server error: java.lang.ArrayIndexOutOfBoundsException: Index 34 out of bounds for length 33
at java.base/java.util.ArrayList.add(ArrayList.java:487)
at java.base/java.util.ArrayList.add(ArrayList.java:499)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.statistics.StatisticsControllerImpl.register(StatisticsControllerImpl.java:25)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.LocatorRegistry.processMethod(LocatorRegistry.java:66)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.LocatorRegistry.register(LocatorRegistry.java:49)
at org.jboss.resteasy.resteasy-jaxrs(a)3.13.2.Final//org.jboss.resteasy.core.LocatorRegistry.<init>(LocatorRegistry.java:41)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:129)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:104)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61)
at org.jboss.resteasy.resteasy-jaxrs@3.13.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at javax.servlet.api@2.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.keycloak.keycloak-wildfly-extensions@12.0.1//org.keycloak.provider.wildfly.WildFlyRequestFilter.lambda$doFilter$0(WildFlyRequestFilter.java:41)
at org.keycloak.keycloak-services@12.0.1//org.keycloak.services.filters.AbstractRequestFilter.filter(AbstractRequestFilter.java:43)
at org.keycloak.keycloak-wildfly-extensions@12.0.1//org.keycloak.provider.wildfly.WildFlyRequestFilter.doFilter(WildFlyRequestFilter.java:39)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.2.2.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.2.2.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.2.2.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.core@2.2.2.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.2.2.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.2.2.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.2.2.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.2.2.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
at io.undertow.core@2.2.2.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@21.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at io.undertow.servlet@2.2.2.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
at io.undertow.core@2.2.2.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at io.undertow.core@2.2.2.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at org.jboss.xnio@3.8.2.Final//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
at java.base/java.lang.Thread.run(Thread.java:834)
{noformat}
To me it looks like a concurrent access to StatisticsControllerImpl, which is not threadsafe itself. (see Stacktrace, where two threads access the StatisticsControllerImpl)
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 5 months
[Red Hat JIRA] (ELY-2074) SSO from FORM authentication required a distributed session
by Darran Lofthouse (Jira)
[ https://issues.redhat.com/browse/ELY-2074?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse updated ELY-2074:
----------------------------------
Description:
Presently SSO only works on failover if also have a distributed HTTP session.
The SSO support is supposed to be operating independently of the session otherwise we should have just used the session to replicate the identity. I suspect that when we attempt to restore the identity we check if we have a session scope but as it does not exist we skip attempting the restoration, we should be open to restoration being possible without a session.
Overall however it feels like this approach will require some clean up which may be needed for ELY-1626 - instead of the current approach which intercepts session access and converts to SSO we may be better making SSO a real scope or something similar so mechanisms can interact directly with it. The approach today where we wrap the scope access and intercept the calls means mechanisms can easily make invalid assumptions about scope availability such as in this case.
The following TRACE logging shows a successful failover where a web application is marked as being distributed:
{code:java}
2021-01-26 11:01:34,120 TRACE [org.wildfly.security.http.servlet] (default task-1) Created ServletSecurityContextImpl enableJapi=true, integratedJaspi=true, applicationContext=default-host /simple-webapp
2021-01-26 11:01:34,121 TRACE [org.wildfly.security.http.servlet] (default task-1) No AuthConfigProvider for layer=HttpServlet, appContext=default-host /simple-webapp
2021-01-26 11:01:34,121 TRACE [org.wildfly.security.http.servlet] (default task-1) JASPIC Unavailable, using HTTP authentication.
2021-01-26 11:01:34,158 TRACE [org.wildfly.security] (default task-1) No CachedIdentity to restore.
2021-01-26 11:01:34,158 TRACE [org.wildfly.security] (default task-1) Created HttpServerAuthenticationMechanism [org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1@4b6842ff] for mechanism [FORM]
2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Handling SocketAddressCallback
2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
2021-01-26 11:01:34,160 TRACE [org.wildfly.security.http.form] (default task-1) Trying to re-authenticate session 3t7EGcnmInMeUYH3-thjyQpTyOanRdoX3Dm-BcS6. Request URI: [http://localhost:8080/simple-webapp/secured], Context path: [/simple-webapp]
2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Principal assigning: [alice], pre-realm rewritten: [alice], realm name: [example-realm], post-realm rewritten: [alice], realm rewritten: [alice]
2021-01-26 11:01:34,165 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [alice] -> decoded roles [Users, user] -> domain decoded roles [] -> realm mapped roles [Users, user] -> domain mapped roles [Users, user]
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing principal alice.
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing against the following attributes: [groups] => [user, Users]
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing against the following runtime attributes: [Source-Address] => [127.0.0.1]
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Permission mapping: identity [alice] with roles [Users, user] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorization succeed
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Handling CachedIdentityAuthorizeCallback: principal = alice authorizedIdentity = SecurityIdentity{principal=alice, securityDomain=org.wildfly.security.auth.server.SecurityDomain@61f54c5f, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='example-realm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@78079856}, creationTime=2021-01-26T11:01:34.165503Z}
2021-01-26 11:01:34,167 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: succeed
2021-01-26 11:01:34,167 TRACE [org.wildfly.security] (default task-1) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=alice, securityDomain=org.wildfly.security.auth.server.SecurityDomain@61f54c5f, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='example-realm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@78079856}, creationTime=2021-01-26T11:01:34.165503Z}
2021-01-26 11:01:34,168 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [alice] -> decoded roles [Users, user] -> domain decoded roles [] -> realm mapped roles [Users, user] -> domain mapped roles [Users, user] {code}
Where the web application is not distributed the following is logged instead:
{code:java}
2021-01-26 11:26:14,189 INFO [org.infinispan.CLUSTER] (thread-10,ejb,nodea) ISPN100001: Node nodeb left the cluster
2021-01-26 11:26:59,400 TRACE [org.wildfly.security.http.servlet] (default task-1) Created ServletSecurityContextImpl enableJapi=true, integratedJaspi=true, applicationContext=default-host /simple-webapp
2021-01-26 11:26:59,400 TRACE [org.wildfly.security.http.servlet] (default task-1) No AuthConfigProvider for layer=HttpServlet, appContext=default-host /simple-webapp
2021-01-26 11:26:59,400 TRACE [org.wildfly.security.http.servlet] (default task-1) JASPIC Unavailable, using HTTP authentication.
2021-01-26 11:26:59,402 TRACE [org.wildfly.security] (default task-1) No CachedIdentity to restore.
2021-01-26 11:26:59,402 TRACE [org.wildfly.security] (default task-1) Created HttpServerAuthenticationMechanism [org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1@71dc2149] for mechanism [FORM]
2021-01-26 11:26:59,404 TRACE [org.wildfly.security] (default task-1) Handling SocketAddressCallback
2021-01-26 11:26:59,404 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
2021-01-26 11:26:59,404 TRACE [org.wildfly.security.http.form] (default task-1) Trying to re-authenticate. There is no session attached to the following request. Request URI: [http://localhost:8080/simple-webapp/secured], Context path: [/simple-webapp]
2021-01-26 11:26:59,404 TRACE [org.wildfly.security] (default task-1) Handling CachedIdentityAuthorizeCallback: principal = null authorizedIdentity = null {code}
was:
Presently SSO only works on failover if also have a distributed HTTP session.
The SSO support is supposed to be operating independently of the session otherwise we should have just used the session to replicate the identity. I suspect that when we attempt to restore the identity we check if we have a session scope but as it does not exist we skip attempting the restoration, we should be open to restoration being possible without a session.
Overall however it feels like this approach will require some clean up which may be needed for ELY-1626 - instead of the current approach which intercepts session access and converts to SSO we may be better making SSO a real scope or something similar so mechanisms can interact directly with it. The approach today where we wrap the scope access and intercept the calls means mechanisms can easily make invalid assumptions about scope availability such as in this case.
The following TRACE logging shows a successful failover where a web application is marked as being distributed:
{code:java}
2021-01-26 11:01:34,120 TRACE [org.wildfly.security.http.servlet] (default task-1) Created ServletSecurityContextImpl enableJapi=true, integratedJaspi=true, applicationContext=default-host /simple-webapp
2021-01-26 11:01:34,121 TRACE [org.wildfly.security.http.servlet] (default task-1) No AuthConfigProvider for layer=HttpServlet, appContext=default-host /simple-webapp
2021-01-26 11:01:34,121 TRACE [org.wildfly.security.http.servlet] (default task-1) JASPIC Unavailable, using HTTP authentication.
2021-01-26 11:01:34,158 TRACE [org.wildfly.security] (default task-1) No CachedIdentity to restore.
2021-01-26 11:01:34,158 TRACE [org.wildfly.security] (default task-1) Created HttpServerAuthenticationMechanism [org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1@4b6842ff] for mechanism [FORM]
2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Handling SocketAddressCallback
2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
2021-01-26 11:01:34,160 TRACE [org.wildfly.security.http.form] (default task-1) Trying to re-authenticate session 3t7EGcnmInMeUYH3-thjyQpTyOanRdoX3Dm-BcS6. Request URI: [http://localhost:8080/simple-webapp/secured], Context path: [/simple-webapp]
2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Principal assigning: [alice], pre-realm rewritten: [alice], realm name: [example-realm], post-realm rewritten: [alice], realm rewritten: [alice]
2021-01-26 11:01:34,165 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [alice] -> decoded roles [Users, user] -> domain decoded roles [] -> realm mapped roles [Users, user] -> domain mapped roles [Users, user]
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing principal alice.
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing against the following attributes: [groups] => [user, Users]
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing against the following runtime attributes: [Source-Address] => [127.0.0.1]
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Permission mapping: identity [alice] with roles [Users, user] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorization succeed
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Handling CachedIdentityAuthorizeCallback: principal = alice authorizedIdentity = SecurityIdentity{principal=alice, securityDomain=org.wildfly.security.auth.server.SecurityDomain@61f54c5f, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='example-realm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@78079856}, creationTime=2021-01-26T11:01:34.165503Z}
2021-01-26 11:01:34,167 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: succeed
2021-01-26 11:01:34,167 TRACE [org.wildfly.security] (default task-1) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=alice, securityDomain=org.wildfly.security.auth.server.SecurityDomain@61f54c5f, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='example-realm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@78079856}, creationTime=2021-01-26T11:01:34.165503Z}
2021-01-26 11:01:34,168 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [alice] -> decoded roles [Users, user] -> domain decoded roles [] -> realm mapped roles [Users, user] -> domain mapped roles [Users, user] {code}
> SSO from FORM authentication required a distributed session
> -----------------------------------------------------------
>
> Key: ELY-2074
> URL: https://issues.redhat.com/browse/ELY-2074
> Project: WildFly Elytron
> Issue Type: Bug
> Components: HTTP
> Affects Versions: 1.14.1.Final
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 1.14.2.CR1
>
>
> Presently SSO only works on failover if also have a distributed HTTP session.
> The SSO support is supposed to be operating independently of the session otherwise we should have just used the session to replicate the identity. I suspect that when we attempt to restore the identity we check if we have a session scope but as it does not exist we skip attempting the restoration, we should be open to restoration being possible without a session.
> Overall however it feels like this approach will require some clean up which may be needed for ELY-1626 - instead of the current approach which intercepts session access and converts to SSO we may be better making SSO a real scope or something similar so mechanisms can interact directly with it. The approach today where we wrap the scope access and intercept the calls means mechanisms can easily make invalid assumptions about scope availability such as in this case.
> The following TRACE logging shows a successful failover where a web application is marked as being distributed:
> {code:java}
> 2021-01-26 11:01:34,120 TRACE [org.wildfly.security.http.servlet] (default task-1) Created ServletSecurityContextImpl enableJapi=true, integratedJaspi=true, applicationContext=default-host /simple-webapp
> 2021-01-26 11:01:34,121 TRACE [org.wildfly.security.http.servlet] (default task-1) No AuthConfigProvider for layer=HttpServlet, appContext=default-host /simple-webapp
> 2021-01-26 11:01:34,121 TRACE [org.wildfly.security.http.servlet] (default task-1) JASPIC Unavailable, using HTTP authentication.
> 2021-01-26 11:01:34,158 TRACE [org.wildfly.security] (default task-1) No CachedIdentity to restore.
> 2021-01-26 11:01:34,158 TRACE [org.wildfly.security] (default task-1) Created HttpServerAuthenticationMechanism [org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1@4b6842ff] for mechanism [FORM]
> 2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Handling SocketAddressCallback
> 2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
> 2021-01-26 11:01:34,160 TRACE [org.wildfly.security.http.form] (default task-1) Trying to re-authenticate session 3t7EGcnmInMeUYH3-thjyQpTyOanRdoX3Dm-BcS6. Request URI: [http://localhost:8080/simple-webapp/secured], Context path: [/simple-webapp]
> 2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Principal assigning: [alice], pre-realm rewritten: [alice], realm name: [example-realm], post-realm rewritten: [alice], realm rewritten: [alice]
> 2021-01-26 11:01:34,165 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [alice] -> decoded roles [Users, user] -> domain decoded roles [] -> realm mapped roles [Users, user] -> domain mapped roles [Users, user]
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing principal alice.
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing against the following attributes: [groups] => [user, Users]
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing against the following runtime attributes: [Source-Address] => [127.0.0.1]
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Permission mapping: identity [alice] with roles [Users, user] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorization succeed
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Handling CachedIdentityAuthorizeCallback: principal = alice authorizedIdentity = SecurityIdentity{principal=alice, securityDomain=org.wildfly.security.auth.server.SecurityDomain@61f54c5f, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='example-realm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@78079856}, creationTime=2021-01-26T11:01:34.165503Z}
> 2021-01-26 11:01:34,167 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: succeed
> 2021-01-26 11:01:34,167 TRACE [org.wildfly.security] (default task-1) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=alice, securityDomain=org.wildfly.security.auth.server.SecurityDomain@61f54c5f, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='example-realm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@78079856}, creationTime=2021-01-26T11:01:34.165503Z}
> 2021-01-26 11:01:34,168 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [alice] -> decoded roles [Users, user] -> domain decoded roles [] -> realm mapped roles [Users, user] -> domain mapped roles [Users, user] {code}
>
> Where the web application is not distributed the following is logged instead:
> {code:java}
> 2021-01-26 11:26:14,189 INFO [org.infinispan.CLUSTER] (thread-10,ejb,nodea) ISPN100001: Node nodeb left the cluster
> 2021-01-26 11:26:59,400 TRACE [org.wildfly.security.http.servlet] (default task-1) Created ServletSecurityContextImpl enableJapi=true, integratedJaspi=true, applicationContext=default-host /simple-webapp
> 2021-01-26 11:26:59,400 TRACE [org.wildfly.security.http.servlet] (default task-1) No AuthConfigProvider for layer=HttpServlet, appContext=default-host /simple-webapp
> 2021-01-26 11:26:59,400 TRACE [org.wildfly.security.http.servlet] (default task-1) JASPIC Unavailable, using HTTP authentication.
> 2021-01-26 11:26:59,402 TRACE [org.wildfly.security] (default task-1) No CachedIdentity to restore.
> 2021-01-26 11:26:59,402 TRACE [org.wildfly.security] (default task-1) Created HttpServerAuthenticationMechanism [org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1@71dc2149] for mechanism [FORM]
> 2021-01-26 11:26:59,404 TRACE [org.wildfly.security] (default task-1) Handling SocketAddressCallback
> 2021-01-26 11:26:59,404 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
> 2021-01-26 11:26:59,404 TRACE [org.wildfly.security.http.form] (default task-1) Trying to re-authenticate. There is no session attached to the following request. Request URI: [http://localhost:8080/simple-webapp/secured], Context path: [/simple-webapp]
> 2021-01-26 11:26:59,404 TRACE [org.wildfly.security] (default task-1) Handling CachedIdentityAuthorizeCallback: principal = null authorizedIdentity = null {code}
>
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 5 months
[Red Hat JIRA] (ELY-2074) SSO from FORM authentication required a distributed session
by Darran Lofthouse (Jira)
[ https://issues.redhat.com/browse/ELY-2074?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse updated ELY-2074:
----------------------------------
Description:
Presently SSO only works on failover if also have a distributed HTTP session.
The SSO support is supposed to be operating independently of the session otherwise we should have just used the session to replicate the identity. I suspect that when we attempt to restore the identity we check if we have a session scope but as it does not exist we skip attempting the restoration, we should be open to restoration being possible without a session.
Overall however it feels like this approach will require some clean up which may be needed for ELY-1626 - instead of the current approach which intercepts session access and converts to SSO we may be better making SSO a real scope or something similar so mechanisms can interact directly with it. The approach today where we wrap the scope access and intercept the calls means mechanisms can easily make invalid assumptions about scope availability such as in this case.
The following TRACE logging shows a successful failover where a web application is marked as being distributed:
{code:java}
2021-01-26 11:01:34,120 TRACE [org.wildfly.security.http.servlet] (default task-1) Created ServletSecurityContextImpl enableJapi=true, integratedJaspi=true, applicationContext=default-host /simple-webapp
2021-01-26 11:01:34,121 TRACE [org.wildfly.security.http.servlet] (default task-1) No AuthConfigProvider for layer=HttpServlet, appContext=default-host /simple-webapp
2021-01-26 11:01:34,121 TRACE [org.wildfly.security.http.servlet] (default task-1) JASPIC Unavailable, using HTTP authentication.
2021-01-26 11:01:34,158 TRACE [org.wildfly.security] (default task-1) No CachedIdentity to restore.
2021-01-26 11:01:34,158 TRACE [org.wildfly.security] (default task-1) Created HttpServerAuthenticationMechanism [org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1@4b6842ff] for mechanism [FORM]
2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Handling SocketAddressCallback
2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
2021-01-26 11:01:34,160 TRACE [org.wildfly.security.http.form] (default task-1) Trying to re-authenticate session 3t7EGcnmInMeUYH3-thjyQpTyOanRdoX3Dm-BcS6. Request URI: [http://localhost:8080/simple-webapp/secured], Context path: [/simple-webapp]
2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Principal assigning: [alice], pre-realm rewritten: [alice], realm name: [example-realm], post-realm rewritten: [alice], realm rewritten: [alice]
2021-01-26 11:01:34,165 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [alice] -> decoded roles [Users, user] -> domain decoded roles [] -> realm mapped roles [Users, user] -> domain mapped roles [Users, user]
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing principal alice.
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing against the following attributes: [groups] => [user, Users]
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing against the following runtime attributes: [Source-Address] => [127.0.0.1]
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Permission mapping: identity [alice] with roles [Users, user] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorization succeed
2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Handling CachedIdentityAuthorizeCallback: principal = alice authorizedIdentity = SecurityIdentity{principal=alice, securityDomain=org.wildfly.security.auth.server.SecurityDomain@61f54c5f, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='example-realm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@78079856}, creationTime=2021-01-26T11:01:34.165503Z}
2021-01-26 11:01:34,167 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: succeed
2021-01-26 11:01:34,167 TRACE [org.wildfly.security] (default task-1) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=alice, securityDomain=org.wildfly.security.auth.server.SecurityDomain@61f54c5f, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='example-realm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@78079856}, creationTime=2021-01-26T11:01:34.165503Z}
2021-01-26 11:01:34,168 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [alice] -> decoded roles [Users, user] -> domain decoded roles [] -> realm mapped roles [Users, user] -> domain mapped roles [Users, user] {code}
was:
Presently SSO only works on failover if also have a distributed HTTP session.
The SSO support is supposed to be operating independently of the session otherwise we should have just used the session to replicate the identity. I suspect that when we attempt to restore the identity we check if we have a session scope but as it does not exist we skip attempting the restoration, we should be open to restoration being possible without a session.
Overall however it feels like this approach will require some clean up which may be needed for ELY-1626 - instead of the current approach which intercepts session access and converts to SSO we may be better making SSO a real scope or something similar so mechanisms can interact directly with it. The approach today where we wrap the scope access and intercept the calls means mechanisms can easily make invalid assumptions about scope availability such as in this case.
> SSO from FORM authentication required a distributed session
> -----------------------------------------------------------
>
> Key: ELY-2074
> URL: https://issues.redhat.com/browse/ELY-2074
> Project: WildFly Elytron
> Issue Type: Bug
> Components: HTTP
> Affects Versions: 1.14.1.Final
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Major
> Fix For: 1.14.2.CR1
>
>
> Presently SSO only works on failover if also have a distributed HTTP session.
> The SSO support is supposed to be operating independently of the session otherwise we should have just used the session to replicate the identity. I suspect that when we attempt to restore the identity we check if we have a session scope but as it does not exist we skip attempting the restoration, we should be open to restoration being possible without a session.
> Overall however it feels like this approach will require some clean up which may be needed for ELY-1626 - instead of the current approach which intercepts session access and converts to SSO we may be better making SSO a real scope or something similar so mechanisms can interact directly with it. The approach today where we wrap the scope access and intercept the calls means mechanisms can easily make invalid assumptions about scope availability such as in this case.
> The following TRACE logging shows a successful failover where a web application is marked as being distributed:
> {code:java}
> 2021-01-26 11:01:34,120 TRACE [org.wildfly.security.http.servlet] (default task-1) Created ServletSecurityContextImpl enableJapi=true, integratedJaspi=true, applicationContext=default-host /simple-webapp
> 2021-01-26 11:01:34,121 TRACE [org.wildfly.security.http.servlet] (default task-1) No AuthConfigProvider for layer=HttpServlet, appContext=default-host /simple-webapp
> 2021-01-26 11:01:34,121 TRACE [org.wildfly.security.http.servlet] (default task-1) JASPIC Unavailable, using HTTP authentication.
> 2021-01-26 11:01:34,158 TRACE [org.wildfly.security] (default task-1) No CachedIdentity to restore.
> 2021-01-26 11:01:34,158 TRACE [org.wildfly.security] (default task-1) Created HttpServerAuthenticationMechanism [org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1@4b6842ff] for mechanism [FORM]
> 2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Handling SocketAddressCallback
> 2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost' protocol='http'
> 2021-01-26 11:01:34,160 TRACE [org.wildfly.security.http.form] (default task-1) Trying to re-authenticate session 3t7EGcnmInMeUYH3-thjyQpTyOanRdoX3Dm-BcS6. Request URI: [http://localhost:8080/simple-webapp/secured], Context path: [/simple-webapp]
> 2021-01-26 11:01:34,160 TRACE [org.wildfly.security] (default task-1) Principal assigning: [alice], pre-realm rewritten: [alice], realm name: [example-realm], post-realm rewritten: [alice], realm rewritten: [alice]
> 2021-01-26 11:01:34,165 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [alice] -> decoded roles [Users, user] -> domain decoded roles [] -> realm mapped roles [Users, user] -> domain mapped roles [Users, user]
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing principal alice.
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing against the following attributes: [groups] => [user, Users]
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorizing against the following runtime attributes: [Source-Address] => [127.0.0.1]
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Permission mapping: identity [alice] with roles [Users, user] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Authorization succeed
> 2021-01-26 11:01:34,166 TRACE [org.wildfly.security] (default task-1) Handling CachedIdentityAuthorizeCallback: principal = alice authorizedIdentity = SecurityIdentity{principal=alice, securityDomain=org.wildfly.security.auth.server.SecurityDomain@61f54c5f, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='example-realm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@78079856}, creationTime=2021-01-26T11:01:34.165503Z}
> 2021-01-26 11:01:34,167 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: succeed
> 2021-01-26 11:01:34,167 TRACE [org.wildfly.security] (default task-1) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=alice, securityDomain=org.wildfly.security.auth.server.SecurityDomain@61f54c5f, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='example-realm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@78079856}, creationTime=2021-01-26T11:01:34.165503Z}
> 2021-01-26 11:01:34,168 TRACE [org.wildfly.security] (default task-1) Role mapping: principal [alice] -> decoded roles [Users, user] -> domain decoded roles [] -> realm mapped roles [Users, user] -> domain mapped roles [Users, user] {code}
>
>
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 5 months
[Red Hat JIRA] (ELY-2074) SSO from FORM authentication required a distributed session
by Darran Lofthouse (Jira)
Darran Lofthouse created ELY-2074:
-------------------------------------
Summary: SSO from FORM authentication required a distributed session
Key: ELY-2074
URL: https://issues.redhat.com/browse/ELY-2074
Project: WildFly Elytron
Issue Type: Bug
Components: HTTP
Affects Versions: 1.14.1.Final
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: 1.14.2.CR1
Presently SSO only works on failover if also have a distributed HTTP session.
The SSO support is supposed to be operating independently of the session otherwise we should have just used the session to replicate the identity. I suspect that when we attempt to restore the identity we check if we have a session scope but as it does not exist we skip attempting the restoration, we should be open to restoration being possible without a session.
Overall however it feels like this approach will require some clean up which may be needed for ELY-1626 - instead of the current approach which intercepts session access and converts to SSO we may be better making SSO a real scope or something similar so mechanisms can interact directly with it. The approach today where we wrap the scope access and intercept the calls means mechanisms can easily make invalid assumptions about scope availability such as in this case.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 5 months
[Red Hat JIRA] (WFLY-14356) Infinispan heap-memory caches transcoding key/values unnecessarily
by Ryan Emerson (Jira)
Ryan Emerson created WFLY-14356:
-----------------------------------
Summary: Infinispan heap-memory caches transcoding key/values unnecessarily
Key: WFLY-14356
URL: https://issues.redhat.com/browse/WFLY-14356
Project: WildFly
Issue Type: Bug
Components: Clustering
Affects Versions: 21.0.2.Final
Reporter: Ryan Emerson
Assignee: Paul Ferraro
For local "heap-memory" caches, each key/value stored are being converted to a byte[] unnecessarily.
The reason that this conversion is taking place, is due to a combination of 1) the key/value encoding type of Wildfly's "heap-memory" caches not being explicitly configured. 2) Wildfly using Infinispan in server mode by configuring [1]. This causes Infinispan `StorageConfigurationManager`[2] to configure the storage media type as `application/unknown`, which results in the `application/x-java-object` key/values being converted to byte[] on every put operation.
The simplest solution is to update the "heap-memory" caches to explicitly configure the encoding as `application/x-java-object`. This will be mandatory in future versions anyway, as the `application/unknown` type has been deprecated.
[1] https://github.com/wildfly/wildfly/blob/2bed1cae0c56d697ee0fc80b7f3390...
[2] https://github.com/infinispan/infinispan/blob/0454c2368ad8365c93042a9e...
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 5 months
[Red Hat JIRA] (DROOLS-5512) Unsaved changes dialog for a Test Scenario executed right after creation
by Jozef Marko (Jira)
[ https://issues.redhat.com/browse/DROOLS-5512?page=com.atlassian.jira.plug... ]
Jozef Marko updated DROOLS-5512:
--------------------------------
Fix Version/s: 7.49.0.Final
> Unsaved changes dialog for a Test Scenario executed right after creation
> ------------------------------------------------------------------------
>
> Key: DROOLS-5512
> URL: https://issues.redhat.com/browse/DROOLS-5512
> Project: Drools
> Issue Type: Bug
> Components: Scenario Simulation and Testing
> Affects Versions: 7.41.0.Final
> Reporter: Jan Stastny
> Assignee: Yeser Amer
> Priority: Major
> Labels: drools-tools
> Fix For: 7.49.0.Final
>
>
> There is once again an Unsaved Changes dialog presented to user even though no changes has been made.
> This time it is when user creates Test Scenario, fills in facts and values, saves and executes the test scenario right away. When clicking save and trying to close again it does not appear again. There us not commit in niogit connected with the second save.
> When user closes and reopens editor between save and run, all works fine.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)
3 years, 5 months