January 2021 - jboss-jira - Jboss List Archives

[Red Hat JIRA] (WFLY-14269) Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file

by Marton Csukas (Jira)

[ https://issues.redhat.com/browse/WFLY-14269?page=com.atlassian.jira.plugi... ] Marton Csukas updated WFLY-14269: --------------------------------- Description: I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: 127.0.0.1 myappname.company.com …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. Full request source: {code:java} GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null HTTP/1.1 Host: myappname.company.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" Accept: application/json, text/plain, */* Authorization: Bearer masked sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://myappname.company.com/anotherPage Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9 Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} Server log excerpt with TRACE level logging attached. The faulty request is */rest/v3/news/_lite* - it can be seen in one of the TRACE logs with | (pipe) symbol in its query string, but then it doesn't get "deeper", doesn't get processed at all, doesn't get logged by {{io.undertow.request.dump}} either. The error I get on DEBUG level: {code:java} 2021-01-08 01:32:20,660 DEBUG [io.undertow.request.io] (default I/O-7) Sending rststream on channel Http2Channel peer /127.0.0.1:50355 local /127.0.0.1:443[ No Receiver [] -- [] -- []] stream 1: java.nio.channels.ClosedChannelException at io.undertow.core@2.2.2.Final//io.undertow.protocols.http2.Http2Channel.sendRstStream(Http2Channel.java:1059) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleRequests(Http2ReceiveListener.java:135) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:115) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:73) at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:952) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932) at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener$1.run(AbstractFramedChannel.java:963) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:939) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932) at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.jboss.xnio@3.8.2.Final//org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1211) at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$1.run(SslConduit.java:180) at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$2.run(SslConduit.java:195) at org.jboss.xnio.nio@3.8.2.Final//org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:612) at org.jboss.xnio.nio@3.8.2.Final//org.xnio.nio.WorkerThread.run(WorkerThread.java:479){code} was: I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: 127.0.0.1 myappname.company.com …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. Full request source: {code:java} GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null HTTP/1.1 Host: myappname.company.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" Accept: application/json, text/plain, */* Authorization: Bearer masked sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://myappname.company.com/anotherPage Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9 Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} Server log excerpt with TRACE level logging attached. The faulty request is */rest/v3/news/_lite* - it can be seen in one of the TRACE logs with | (pipe) symbol in its query string, but then it doesn't get "deeper", doesn't get processed at all. The error I get on DEBUG level: {code:java} 2021-01-08 01:32:20,660 DEBUG [io.undertow.request.io] (default I/O-7) Sending rststream on channel Http2Channel peer /127.0.0.1:50355 local /127.0.0.1:443[ No Receiver [] -- [] -- []] stream 1: java.nio.channels.ClosedChannelException at io.undertow.core@2.2.2.Final//io.undertow.protocols.http2.Http2Channel.sendRstStream(Http2Channel.java:1059) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleRequests(Http2ReceiveListener.java:135) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:115) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:73) at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:952) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932) at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener$1.run(AbstractFramedChannel.java:963) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:939) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932) at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.jboss.xnio@3.8.2.Final//org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1211) at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$1.run(SslConduit.java:180) at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$2.run(SslConduit.java:195) at org.jboss.xnio.nio@3.8.2.Final//org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:612) at org.jboss.xnio.nio@3.8.2.Final//org.xnio.nio.WorkerThread.run(WorkerThread.java:479){code} > Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file > ------------------------------------------------------------------------------------------------------------ > > Key: WFLY-14269 > URL: https://issues.redhat.com/browse/WFLY-14269 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 21.0.0.Final, 21.0.1.Final, 21.0.2.Final > Reporter: Marton Csukas > Assignee: Flavia Rainone > Priority: Major > Attachments: server log (trace).txt > > > I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. > {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. > However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. > Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. > > The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. > The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). > However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: > 127.0.0.1 myappname.company.com > …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. > Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? > We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. > The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. > > Full request source: > {code:java} > GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null > HTTP/1.1 > Host: myappname.company.com > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" > Accept: application/json, text/plain, */* > Authorization: Bearer masked > sec-ch-ua-mobile: ?0 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 > Sec-Fetch-Site: same-origin > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > Referer: https://myappname.company.com/anotherPage > Accept-Encoding: gzip, deflate, br > Accept-Language: en-GB,en;q=0.9 > Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} > > Server log excerpt with TRACE level logging attached. The faulty request is */rest/v3/news/_lite* - it can be seen in one of the TRACE logs with | (pipe) symbol in its query string, but then it doesn't get "deeper", doesn't get processed at all, doesn't get logged by {{io.undertow.request.dump}} either. > The error I get on DEBUG level: > {code:java} > 2021-01-08 01:32:20,660 DEBUG [io.undertow.request.io] (default I/O-7) Sending rststream on channel Http2Channel peer /127.0.0.1:50355 local /127.0.0.1:443[ No Receiver [] -- [] -- []] stream 1: java.nio.channels.ClosedChannelException > at io.undertow.core@2.2.2.Final//io.undertow.protocols.http2.Http2Channel.sendRstStream(Http2Channel.java:1059) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleRequests(Http2ReceiveListener.java:135) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:115) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:73) > at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:952) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932) > at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener$1.run(AbstractFramedChannel.java:963) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:939) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932) > at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.jboss.xnio@3.8.2.Final//org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1211) > at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$1.run(SslConduit.java:180) > at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$2.run(SslConduit.java:195) > at org.jboss.xnio.nio@3.8.2.Final//org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:612) > at org.jboss.xnio.nio@3.8.2.Final//org.xnio.nio.WorkerThread.run(WorkerThread.java:479){code} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14269) Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file

by Marton Csukas (Jira)

[ https://issues.redhat.com/browse/WFLY-14269?page=com.atlassian.jira.plugi... ] Marton Csukas updated WFLY-14269: --------------------------------- Description: I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: 127.0.0.1 myappname.company.com …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. Full request source: {code:java} GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null HTTP/1.1 Host: myappname.company.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" Accept: application/json, text/plain, */* Authorization: Bearer masked sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://myappname.company.com/anotherPage Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9 Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} Server log excerpt with TRACE level logging attached. The faulty request is */rest/v3/news/_lite* - it can be seen in one of the TRACE logs with | (pipe) symbol in its query string, but then it doesn't get "deeper", doesn't get processed at all. The error I get on DEBUG level: {code:java} 2021-01-08 01:32:20,660 DEBUG [io.undertow.request.io] (default I/O-7) Sending rststream on channel Http2Channel peer /127.0.0.1:50355 local /127.0.0.1:443[ No Receiver [] -- [] -- []] stream 1: java.nio.channels.ClosedChannelException at io.undertow.core@2.2.2.Final//io.undertow.protocols.http2.Http2Channel.sendRstStream(Http2Channel.java:1059) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleRequests(Http2ReceiveListener.java:135) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:115) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:73) at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:952) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932) at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener$1.run(AbstractFramedChannel.java:963) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:939) at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932) at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.jboss.xnio@3.8.2.Final//org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1211) at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$1.run(SslConduit.java:180) at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$2.run(SslConduit.java:195) at org.jboss.xnio.nio@3.8.2.Final//org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:612) at org.jboss.xnio.nio@3.8.2.Final//org.xnio.nio.WorkerThread.run(WorkerThread.java:479){code} was: I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: 127.0.0.1 myappname.company.com …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. Full request source: {code:java} GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null HTTP/1.1 Host: myappname.company.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" Accept: application/json, text/plain, */* Authorization: Bearer masked sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://myappname.company.com/anotherPage Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9 Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} Server log excerpt with TRACE level logging attached. The faulty request is */rest/v3/news/_lite* - it can be seen in one of the TRACE logs with | (pipe) symbol in its query string, but then it doesn't get "deeper", doesn't get processed at all. > Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file > ------------------------------------------------------------------------------------------------------------ > > Key: WFLY-14269 > URL: https://issues.redhat.com/browse/WFLY-14269 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 21.0.0.Final, 21.0.1.Final, 21.0.2.Final > Reporter: Marton Csukas > Assignee: Flavia Rainone > Priority: Major > Attachments: server log (trace).txt > > > I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. > {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. > However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. > Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. > > The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. > The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). > However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: > 127.0.0.1 myappname.company.com > …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. > Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? > We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. > The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. > > Full request source: > {code:java} > GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null > HTTP/1.1 > Host: myappname.company.com > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" > Accept: application/json, text/plain, */* > Authorization: Bearer masked > sec-ch-ua-mobile: ?0 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 > Sec-Fetch-Site: same-origin > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > Referer: https://myappname.company.com/anotherPage > Accept-Encoding: gzip, deflate, br > Accept-Language: en-GB,en;q=0.9 > Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} > > Server log excerpt with TRACE level logging attached. The faulty request is */rest/v3/news/_lite* - it can be seen in one of the TRACE logs with | (pipe) symbol in its query string, but then it doesn't get "deeper", doesn't get processed at all. > The error I get on DEBUG level: > {code:java} > 2021-01-08 01:32:20,660 DEBUG [io.undertow.request.io] (default I/O-7) Sending rststream on channel Http2Channel peer /127.0.0.1:50355 local /127.0.0.1:443[ No Receiver [] -- [] -- []] stream 1: java.nio.channels.ClosedChannelException > at io.undertow.core@2.2.2.Final//io.undertow.protocols.http2.Http2Channel.sendRstStream(Http2Channel.java:1059) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleRequests(Http2ReceiveListener.java:135) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:115) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.http2.Http2ReceiveListener.handleEvent(Http2ReceiveListener.java:73) > at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:952) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932) > at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener$1.run(AbstractFramedChannel.java:963) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:939) > at io.undertow.core@2.2.2.Final//io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:932) > at org.jboss.xnio@3.8.2.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) > at org.jboss.xnio@3.8.2.Final//org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) > at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1211) > at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$1.run(SslConduit.java:180) > at io.undertow.core@2.2.2.Final//io.undertow.protocols.ssl.SslConduit$2.run(SslConduit.java:195) > at org.jboss.xnio.nio@3.8.2.Final//org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:612) > at org.jboss.xnio.nio@3.8.2.Final//org.xnio.nio.WorkerThread.run(WorkerThread.java:479){code} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14269) Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file

by Marton Csukas (Jira)

[ https://issues.redhat.com/browse/WFLY-14269?page=com.atlassian.jira.plugi... ] Marton Csukas updated WFLY-14269: --------------------------------- Description: I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: 127.0.0.1 myappname.company.com …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. Full request source: {code:java} GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null HTTP/1.1 Host: myappname.company.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" Accept: application/json, text/plain, */* Authorization: Bearer masked sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://myappname.company.com/anotherPage Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9 Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} Server log excerpt with TRACE level logging attached. The faulty request is */rest/v3/news/_lite* - it can be seen in one of the TRACE logs with | (pipe) symbol in its query string, but then it doesn't get "deeper", doesn't get processed at all. was: I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: 127.0.0.1 myappname.company.com …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. Full request source: {code:java} GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null HTTP/1.1 Host: myappname.company.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" Accept: application/json, text/plain, */* Authorization: Bearer masked sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://myappname.company.com/anotherPage Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9 Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} > Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file > ------------------------------------------------------------------------------------------------------------ > > Key: WFLY-14269 > URL: https://issues.redhat.com/browse/WFLY-14269 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 21.0.0.Final, 21.0.1.Final, 21.0.2.Final > Reporter: Marton Csukas > Assignee: Flavia Rainone > Priority: Major > Attachments: server log (trace).txt > > > I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. > {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. > However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. > Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. > > The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. > The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). > However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: > 127.0.0.1 myappname.company.com > …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. > Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? > We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. > The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. > > Full request source: > {code:java} > GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null > HTTP/1.1 > Host: myappname.company.com > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" > Accept: application/json, text/plain, */* > Authorization: Bearer masked > sec-ch-ua-mobile: ?0 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 > Sec-Fetch-Site: same-origin > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > Referer: https://myappname.company.com/anotherPage > Accept-Encoding: gzip, deflate, br > Accept-Language: en-GB,en;q=0.9 > Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} > > Server log excerpt with TRACE level logging attached. The faulty request is */rest/v3/news/_lite* - it can be seen in one of the TRACE logs with | (pipe) symbol in its query string, but then it doesn't get "deeper", doesn't get processed at all. -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14269) Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file

by Marton Csukas (Jira)

[ https://issues.redhat.com/browse/WFLY-14269?page=com.atlassian.jira.plugi... ] Marton Csukas updated WFLY-14269: --------------------------------- Attachment: server log (trace).txt > Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file > ------------------------------------------------------------------------------------------------------------ > > Key: WFLY-14269 > URL: https://issues.redhat.com/browse/WFLY-14269 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 21.0.0.Final, 21.0.1.Final, 21.0.2.Final > Reporter: Marton Csukas > Assignee: Flavia Rainone > Priority: Major > Attachments: server log (trace).txt > > > I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. > {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. > However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. > Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. > > The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. > The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). > However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: > 127.0.0.1 myappname.company.com > …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. > Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? > We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. > The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. > > Full request source: > {code:java} > GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null > HTTP/1.1 > Host: myappname.company.com > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" > Accept: application/json, text/plain, */* > Authorization: Bearer masked > sec-ch-ua-mobile: ?0 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 > Sec-Fetch-Site: same-origin > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > Referer: https://myappname.company.com/anotherPage > Accept-Encoding: gzip, deflate, br > Accept-Language: en-GB,en;q=0.9 > Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFCORE-5240) Add a ManagementResourceRegistration.registerSubModelIfAbsent method

by Brian Stansberry (Jira)

[ https://issues.redhat.com/browse/WFCORE-5240?page=com.atlassian.jira.plug... ] Brian Stansberry commented on WFCORE-5240: ------------------------------------------ I think the use case needs a bit more of a think. In the datasource and resource-adapter subsystem use cases, a putIfAbsent semantic may not be correct. The semantic is only correct if the provided ResourceDefinition is equivalent to the one the resulted in the existing MRR. And that may not be the case; e.g. in the r-a case (and I think datasources too) the ResourceDefinition details depend on what stats are provided by a particular rar. But the registration is, for example, against {code} /subsystem=resource-adapters/resource-adapter=*/connection-definition=foo {code} You can have services from two RAs that use competely different rars with very different statistics both invoking that. That should not work. For that to be safe, the registration would need to be against a concrete resource-adapter address, not the wildcard: {code} /subsystem=resource-adapters/resource-adapter=bar/connection-definition=foo {code} But if that was the address, multiple calls is likely a bug, and a putIfAbsent semantic (even the broken one currently used) would be wrong. > Add a ManagementResourceRegistration.registerSubModelIfAbsent method > -------------------------------------------------------------------- > > Key: WFCORE-5240 > URL: https://issues.redhat.com/browse/WFCORE-5240 > Project: WildFly Core > Issue Type: Enhancement > Components: Management > Reporter: Brian Stansberry > Assignee: Brian Stansberry > Priority: Major > > Subsystems, particularly datasources and resource-adapters, have code like this that's called from service start methods: > https://github.com/wildfly/wildfly/blob/master/connector/src/main/java/or... > This is basically trying for a quasi putIfAbsent semantic. But it's not really reliable, particularly if multiple services are doing the same thing during boot. > So, add a proper putIfAbsent-type submodel registration method to ManagementResourceRegistration. -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (DROOLS-5787) [DMN Designer] Show parameters list for Decision Services - Blog post

by Guilherme Gomes (Jira)

[ https://issues.redhat.com/browse/DROOLS-5787?page=com.atlassian.jira.plug... ] Guilherme Gomes updated DROOLS-5787: ------------------------------------ Sprint: (was: 2020 Week 52-03 (from Dec 21)) > [DMN Designer] Show parameters list for Decision Services - Blog post > --------------------------------------------------------------------- > > Key: DROOLS-5787 > URL: https://issues.redhat.com/browse/DROOLS-5787 > Project: Drools > Issue Type: Task > Components: DMN Editor > Reporter: Guilherme Gomes > Assignee: Guilherme Gomes > Priority: Major > > Blog post on http://blog.kie.org about this feature. -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (DROOLS-5787) [DMN Designer] Show parameters list for Decision Services - Blog post

by Guilherme Gomes (Jira)

[ https://issues.redhat.com/browse/DROOLS-5787?page=com.atlassian.jira.plug... ] Guilherme Gomes reassigned DROOLS-5787: --------------------------------------- Assignee: Daniel José dos Santos (was: Guilherme Gomes) > [DMN Designer] Show parameters list for Decision Services - Blog post > --------------------------------------------------------------------- > > Key: DROOLS-5787 > URL: https://issues.redhat.com/browse/DROOLS-5787 > Project: Drools > Issue Type: Task > Components: DMN Editor > Reporter: Guilherme Gomes > Assignee: Daniel José dos Santos > Priority: Major > > Blog post on http://blog.kie.org about this feature. -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (DROOLS-5750) [DMN Designer] Decision Service is missing inputData element in model with multiple DRDs

by Guilherme Gomes (Jira)

[ https://issues.redhat.com/browse/DROOLS-5750?page=com.atlassian.jira.plug... ] Guilherme Gomes reassigned DROOLS-5750: --------------------------------------- Assignee: Daniel José dos Santos (was: Guilherme Gomes) > [DMN Designer] Decision Service is missing inputData element in model with multiple DRDs > ---------------------------------------------------------------------------------------- > > Key: DROOLS-5750 > URL: https://issues.redhat.com/browse/DROOLS-5750 > Project: Drools > Issue Type: Bug > Components: DMN Editor > Affects Versions: 7.46.0.Final > Reporter: Jan Stastny > Assignee: Daniel José dos Santos > Priority: Major > Attachments: call centre drd.dmn > > > When model has multiple DRDs and tries to reuse a decision component by adding it into a Decision Service node, the resulting Decision Service node has no *inputData* definitions. > In multiple DRDs models the ultimate decision components representation should reflect all the relations merged from their occurrences - i.e. in this case it should not matter that the Input is not defined directly in the DRD with the Decision Service. The Decision Service should inherit the inputData elements based on what inputs do the included decisions have. > See [^call centre drd.dmn] . > That's a multiple DRD model with Decision Service *office accepts the call* which suffers from this issue, in the file the fix is already applied - by adding the > {code:xml} > <dmn:inputData href="#_4208DF15-2342-46EA-8EFF-E402FDDC2F5E"/> > {code} > so that the resulting decisionService definition is > {code:xml} > <dmn:decisionService id="_D36C61E4-C5DB-4375-855B-D58A0269A570" name="office accepts the call"> > <dmn:extensionElements/> > <dmn:variable id="_EDEE0B3D-2B82-4FDE-B725-4ECFBE8F8768" name="office accepts the call" typeRef="boolean"/> > <dmn:outputDecision href="#_25C72B4D-63EF-406F-89C6-612B2090E984"/> > <dmn:encapsulatedDecision href="#_4F791054-DEBD-4EA7-95BA-9E4695239822"/> > <dmn:encapsulatedDecision href="#_606C3BEC-097B-4DA4-9209-9BBA72EBCEF1"/> > <dmn:inputData href="#_4208DF15-2342-46EA-8EFF-E402FDDC2F5E"/> > </dmn:decisionService> > {code} > When the decision endpoint is invoked (before applying the workaround) the evaluation fails and log contains following: > {code} > ERROR [org.kie.dmn.core.ast.DMNDecisionServiceFunctionDefinitionEvaluator] (default task-35) Parameter count mismatch invoking decision service function 'office accepts the call' > {code} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14189) The RunAs annotation doesn't work in EJBs with Elytron

by Diana Vilkolakova (Jira)

[ https://issues.redhat.com/browse/WFLY-14189?page=com.atlassian.jira.plugi... ] Diana Vilkolakova reassigned WFLY-14189: ---------------------------------------- Assignee: Diana Vilkolakova > The RunAs annotation doesn't work in EJBs with Elytron > ------------------------------------------------------ > > Key: WFLY-14189 > URL: https://issues.redhat.com/browse/WFLY-14189 > Project: WildFly > Issue Type: Bug > Components: EJB, Security > Affects Versions: 21.0.0.Final > Reporter: Alessandro Moscatelli > Assignee: Diana Vilkolakova > Priority: Major > Labels: ejb, elytron, regression, runas, security, startup > Attachments: standalone-full-ha.new.xml, test.zip > > > Role is not correctly assigned when using @RunAs annotation and Elytron Security Domain. Everything works correctly with legacy picketbox Security Domain. > Wildfly is configured to use default "other" application-security-domain, also using default security domain ApplicationDomain. > This exception is rised when deploying the application. > Caused by: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract void org.visiontech.test.TestInterface.test() of bean: Test2 is not allowedCaused by: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract void org.visiontech.test.TestInterface.test() of bean: Test2 is not allowed at org.jboss.as.ejb3@21.0.0.Final//org.jboss.as.ejb3.security.JaccInterceptor.hasPermission(JaccInterceptor.java:120) > Test/Sample project: [^test.zip] -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (DROOLS-5936) [DMN Designer] Decision Services - The parameters order in the properties panel is not correct

by Guilherme Gomes (Jira)

Guilherme Gomes created DROOLS-5936: --------------------------------------- Summary: [DMN Designer] Decision Services - The parameters order in the properties panel is not correct Key: DROOLS-5936 URL: https://issues.redhat.com/browse/DROOLS-5936 Project: Drools Issue Type: Bug Components: DMN Editor Reporter: Guilherme Gomes Assignee: Daniel José dos Santos The parameters order in the properties panel is different from the persisted order. Here's how the decision service is persisted: !Screen Shot 2021-01-07 at 18.43.56.png|width=300! ..and here's how the order of the parameters appear in the component: !Screen Shot 2021-01-07 at 18.41.50.png|width=500! And here's the reproducer: [^call centre drd invocation.dmn] -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2021