[JBoss JIRA] (JBIDE-23173) Missing validation of @SecurityParameterBinding
by Lukáš Valach (JIRA)
Lukáš Valach created JBIDE-23173:
------------------------------------
Summary: Missing validation of @SecurityParameterBinding
Key: JBIDE-23173
URL: https://issues.jboss.org/browse/JBIDE-23173
Project: Tools (JBoss Tools)
Issue Type: Bug
Components: cdi-extensions
Affects Versions: 4.4.1.Final
Reporter: Lukáš Valach
Attachments: SecurityBindingType-Log.txt, securityParameterBinding.zip
CDI extension DeltaSpike allows to create custom @SecurityParameterBinding types.
These types allows to inject parameters values from the method invocation to authorizer bean. (See [documentation of Deltaspike/Security Module|https://deltaspike.apache.org/documentation/security.html#Simplein...]).
When I create my own security parameter
{code:java}
@SecurityParameterBinding
public @interface MySecurityParameter {
}
{code}
...and authorizer
{code:java}
public class CustomAuthorizer {
@Secures
@CustomSecurityBinding()
public boolean check(@MySecurityParameter String parameter) {
return true;
}
}
{code}
...then I can secure some methods, but these methods must have appropriate input parameter with correct type and with the annotation
{code:java}
public class SecuredBean {
//OK
@CustomSecurityBinding()
public SecuredBean doSomething(@MySecurityParameter String parameter) {
return null;
}
//Not-OK (Missing @MySecurityParameter annotation)
@CustomSecurityBinding()
public SecuredBean doSomething2(String parameter) {
return null;
}
//Not-OK (Bad type - Integer)
@CustomSecurityBinding()
public SecuredBean doSomething3(@MySecurityParameter Integer parameter) {
return null;
}
}
{code}
Methods doSomething 2 and 3 cause an exception "SecurityDefinitionException: No matching authorizer found for security". Validator doesn't detect any problems.
The attached project can be use to reproduce this issue [^securityParameterBinding.zip].
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (JBIDE-23039) Need an interactive terminal that fits specific requirements
by Martin Malina (JIRA)
[ https://issues.jboss.org/browse/JBIDE-23039?page=com.atlassian.jira.plugi... ]
Martin Malina commented on JBIDE-23039:
---------------------------------------
[~rob.stryker], I tried the PR on Mac. I started CDK 2.2 rc3. I disabled the SUB_ variables, so it asked me for credentials during startup. This worked as expected, I was able to enter them in the Terminal view. Everything seemed just fine:
{code}
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'cdkv2'...
==> default: Matching MAC address for NAT networking...
==> default: Setting the name of the VM: rhel-ose_default_1473941651986_62531
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Remote connection disconnect. Retrying...
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Registering box with vagrant-registration...
default: Would you like to register the system now (default: yes)? [y|n]y
default: username: mmalina1(a)redhat.com
default: password:
==> default: Registration successful.
==> default: Checking for guest additions in VM...
default: No guest additions were detected on the base box for this VM! Guest
default: additions are required for forwarded ports, shared folders, host only
default: networking, and more. If SSH fails on this machine, please install
default: the guest additions and repackage the box to continue.
default:
default: This is not an error message; everything may continue to work properly,
default: in which case you may ignore this message.
==> default: Configuring and enabling network interfaces...
==> default: Copying TLS certificates to /Users/rasp/jbossqa/cdk2.2.rc3/cdk/components/rhel/rhel-ose/.vagrant/machines/default/virtualbox/docker
==> default: Mounting SSHFS shared folder...
==> default: Mounting folder via SSHFS: /Users/rasp => /Users/rasp
==> default: Checking Mount..
==> default: Checking Mount..
==> default: Folder Successfully Mounted!
==> default: Docker service configured successfully...
==> default: Running provisioner: shell...
default: Running: inline script
==> default: Running provisioner: shell...
default: Running: inline script
==> default: Running provisioner: shell...
default: Running: inline script
==> default:
==> default: Successfully started and provisioned VM with 2 cores and 3072 MB of memory.
==> default: To modify the number of cores and/or available memory set the environment variables
==> default: VM_CPU respectively VM_MEMORY.
==> default: You can now access the OpenShift console on: https://10.1.2.2:8443/console
==> default: To use OpenShift CLI, run:
==> default: $ vagrant ssh
==> default: $ oc login
==> default:
==> default: Configured users are (<username>/<password>):
==> default: openshift-dev/devel
==> default: admin/admin
==> default:
==> default: If you have the oc client library on your host, you can also login from your host.
{code}
But after it finished, I got an error pop up:
Server Container Development Environment failed to start.
An exception stack trace is not available.
And then the tooling stopped the box.
> Need an interactive terminal that fits specific requirements
> ------------------------------------------------------------
>
> Key: JBIDE-23039
> URL: https://issues.jboss.org/browse/JBIDE-23039
> Project: Tools (JBoss Tools)
> Issue Type: Feature Request
> Components: server
> Affects Versions: 4.4.1.AM2
> Reporter: Rob Stryker
> Assignee: Rob Stryker
> Fix For: 4.4.2.AM1
>
> Attachments: vagranttty.png
>
>
> CDK Tools requires a terminal that allows interactivity of i/o. The full set of requirements is a bit difficult to find a solution for.
> 1) I must be able to get a Process or IProcess object when a command is run
> 2) I must be able to get an event or know when the process terminates
> 3) The terminal or console must be interactive and allow user input when prompted.
> 4) It must behave as in 3) for 'vagrant' commands and any and all associated plugins.
> These three requirements thus far seem impossible to solve. Solutions that have been attempted are:
> 1) Creating a java Process by myself via Runtime.exec. The interactive prompts never arrive and there is no API for Process to know when it is waiting for input.
> 2) Using the external-tools launch configuration. When running a command like mvn, the console that pops up seems to allow input from the user, and functions as expected. However, when running a command such as vagrant, such prompts are not provided. In our usecase, the following behavior is observed:
> a) During vagrant-registration prompts, the console indicates it is not a TTY terminal and cannot allow input
> b) During a landrush prompt for superuser status, no prompt is made, no TTY message is listed, and the process appears to have frozen
> 3) Launching / Opening a tm.terminal view. This solution fails requirements 1 and 2. We are not able to get a Process or an IProcess when a command is launched in a proper interactive terminal. This means we can have no way to know when the process has completed.
> Other options have been explored but ended up at dead ends and not worth mentioning. The real question is why interactive behavior is visible when using external-tools launch config for maven, but is not visible when running vagrant.
> Is this a function of the way the vagrant commands display or prompt for input? Why does vagrant-registration require a TTY terminal, but maven does not? Is this something that can be fixed upstream?
> No other obvious solutions have presented themselves in the past year.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (JBIDE-23125) CDK server adapter: NPE when trying to find cdk connection
by Marián Labuda (JIRA)
[ https://issues.jboss.org/browse/JBIDE-23125?page=com.atlassian.jira.plugi... ]
Marián Labuda updated JBIDE-23125:
----------------------------------
Component/s: cdk
(was: openshift)
> CDK server adapter: NPE when trying to find cdk connection
> ----------------------------------------------------------
>
> Key: JBIDE-23125
> URL: https://issues.jboss.org/browse/JBIDE-23125
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: cdk
> Affects Versions: 4.4.0.Final
> Reporter: Andre Dietisheim
> Assignee: Rob Stryker
> Fix For: 4.4.2.AM1
>
>
> This was automatically reproted in aeri https://redhat.ctrlflow.com/reviewers#!/problems/57c68f6be4b0fd7621ccda10
> {code}
> Bundle: org.eclipse.jface 3.12.0.v20160518-1929
> Message: Problems occurred when invoking code from plug-in: "org.eclipse.jface".
> Exception:
> java.lang.NullPointerException: null
> at org.jboss.tools.openshift.cdk.server.core.internal.listeners.CDKDockerUtility.findDockerConnection(CDKDockerUtility.java:39)
> at org.jboss.tools.openshift.cdk.server.ui.internal.view.CDKActionProvider$ShowInDockerViewAfterStartupAction.adaptToViewItem(CDKActionProvider.java:104)
> at org.jboss.tools.openshift.cdk.server.ui.internal.view.CDKActionProvider$ShowInViewAfterStartupAction.accept(CDKActionProvider.java:182)
> at org.eclipse.wst.server.ui.internal.view.servers.AbstractServerAction.selectionChanged(AbstractServerAction.java:85)
> at org.jboss.tools.openshift.cdk.server.ui.internal.view.CDKActionProvider$ShowInViewAfterStartupAction.selectionChanged(CDKActionProvider.java:198)
> at org.eclipse.ui.actions.SelectionProviderAction.selectionChanged(SelectionProviderAction.java:144)
> at org.eclipse.jface.viewers.Viewer$1.run(Viewer.java:158)
> at org.eclipse.core.runtime.SafeRunner.run(SafeRunner.java:42)
> at org.eclipse.ui.internal.JFaceUtil$1.run(JFaceUtil.java:50)
> at org.eclipse.jface.util.SafeRunnable.run(SafeRunnable.java:173)
> at org.eclipse.jface.viewers.Viewer.fireSelectionChanged(Viewer.java:155)
> at org.eclipse.jface.viewers.StructuredViewer.updateSelection(StructuredViewer.java:2191)
> at org.eclipse.jface.viewers.StructuredViewer.handleSelect(StructuredViewer.java:1229)
> at org.eclipse.ui.navigator.CommonViewer.handleSelect(CommonViewer.java:463)
> at org.eclipse.jface.viewers.StructuredViewer$4.widgetSelected(StructuredViewer.java:1258)
> at org.eclipse.jface.util.OpenStrategy.fireSelectionEvent(OpenStrategy.java:242)
> at org.eclipse.jface.util.OpenStrategy.access$4(OpenStrategy.java:236)
> at org.eclipse.jface.util.OpenStrategy$1.handleEvent(OpenStrategy.java:405)
> at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84)
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (JBIDE-23039) Need an interactive terminal that fits specific requirements
by Hardy Ferentschik (JIRA)
[ https://issues.jboss.org/browse/JBIDE-23039?page=com.atlassian.jira.plugi... ]
Hardy Ferentschik commented on JBIDE-23039:
-------------------------------------------
Have you tried to set the _VAGRANT_DETECTED_OS_ environment variable for the process you create? You do something like {{VAGRANT_DETECTED_OS=cygwin}} on Windows when running from a Cygwin terminal. I could imagine that in the case where you launch the process from Java you might need to set this variable as well. Something like {{export VAGRANT_DETECTED_OS="$(uname)"}} (not sure whether $(uname) works in this case). See also
* https://github.com/mitchellh/vagrant/issues/6026
> Need an interactive terminal that fits specific requirements
> ------------------------------------------------------------
>
> Key: JBIDE-23039
> URL: https://issues.jboss.org/browse/JBIDE-23039
> Project: Tools (JBoss Tools)
> Issue Type: Feature Request
> Components: server
> Affects Versions: 4.4.1.AM2
> Reporter: Rob Stryker
> Assignee: Rob Stryker
> Fix For: 4.4.2.AM1
>
> Attachments: vagranttty.png
>
>
> CDK Tools requires a terminal that allows interactivity of i/o. The full set of requirements is a bit difficult to find a solution for.
> 1) I must be able to get a Process or IProcess object when a command is run
> 2) I must be able to get an event or know when the process terminates
> 3) The terminal or console must be interactive and allow user input when prompted.
> 4) It must behave as in 3) for 'vagrant' commands and any and all associated plugins.
> These three requirements thus far seem impossible to solve. Solutions that have been attempted are:
> 1) Creating a java Process by myself via Runtime.exec. The interactive prompts never arrive and there is no API for Process to know when it is waiting for input.
> 2) Using the external-tools launch configuration. When running a command like mvn, the console that pops up seems to allow input from the user, and functions as expected. However, when running a command such as vagrant, such prompts are not provided. In our usecase, the following behavior is observed:
> a) During vagrant-registration prompts, the console indicates it is not a TTY terminal and cannot allow input
> b) During a landrush prompt for superuser status, no prompt is made, no TTY message is listed, and the process appears to have frozen
> 3) Launching / Opening a tm.terminal view. This solution fails requirements 1 and 2. We are not able to get a Process or an IProcess when a command is launched in a proper interactive terminal. This means we can have no way to know when the process has completed.
> Other options have been explored but ended up at dead ends and not worth mentioning. The real question is why interactive behavior is visible when using external-tools launch config for maven, but is not visible when running vagrant.
> Is this a function of the way the vagrant commands display or prompt for input? Why does vagrant-registration require a TTY terminal, but maven does not? Is this something that can be fixed upstream?
> No other obvious solutions have presented themselves in the past year.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months
[JBoss JIRA] (JBIDE-23016) When starting CDK 2.2 with landrush for the first time, user will be prompted for sudo password
by Hardy Ferentschik (JIRA)
[ https://issues.jboss.org/browse/JBIDE-23016?page=com.atlassian.jira.plugi... ]
Hardy Ferentschik commented on JBIDE-23016:
-------------------------------------------
To add my 0.02$. As already mentioned, we have to differentiate between OS X / Linux and Windows. On the former Landrush uses sudo to make some changes to system files ({{/etc/resolver}} for OS X and {{/etc/dnsmasq.d}} resp. {{/etc/resolv.conf}}). This changes are required in order to (re-)-configure the host DNS in order to resolve the OpenShift IP. If the {{vagrant up}} process is not interactive this is an issue. Can it be made interactive? As a workaround, the user would indeed need to start the system once from the command line to create/modify the necessary files. After that {{vagrant up}} will also work from Eclipse.
On Windows, the case it different. One also needs admin privileges, but there is no concept of sudo. There some Windows tools are executed which require admin privileges to be run. In order to do that, the Ruby script which calls these tools will try to elevate to admin mode. If the user has admin privileges this will be transparent (you might see a window pop up and disappear, but no interaction required). If the user does not have the privileges, the default Windows dialog to provide admin credentials pops up. It is unfortunate that this happens multiple times, but as mentioned it is not only Landrush which required admin privileges, but also VirtualBox. Personally, I would expect to have admin privileges on the development machine, but I guess in some corporate settings this might be wishful thinking. However, in this case they might not even mind that they have to provide credentials multiple times.
{quote}
BTW, does anybody know how to get back to the state where landrush needs to make these changes which require admin permissions? I mean how to recreate the first time use of landrush.
{quote}
* OS X - Remove the file created in {{/etc/resolver/}}
* Linux - Remove generated file in {{/etc/dnsmasq.d}} and revert {{/etc/resolv.conf}}
> When starting CDK 2.2 with landrush for the first time, user will be prompted for sudo password
> -----------------------------------------------------------------------------------------------
>
> Key: JBIDE-23016
> URL: https://issues.jboss.org/browse/JBIDE-23016
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: cdk
> Affects Versions: 4.4.1.AM3
> Reporter: Martin Malina
> Assignee: Rob Stryker
> Priority: Critical
> Fix For: 4.4.2.AM1
>
>
> The problem is that the first time you do vagrant up with cdk that has landrush set up, you will be asked to provide your sudo password so that landrush can be set up (unless you used it elsewhere already).
> This is definitely true on Mac, most likely on Linux also. On Windows, I expect that you will probably just be shown the system prompt for agreeing that the process uses admin rights.
> When I did this yesterday (while testing cdk 2.2 rc1), I actually started it from terminal first, so I could enter my password in the console. But I'm pretty sure this wouldn't work in Eclipse. So we need to figure out how to handle this scenario and also test what happens on Windows after installing devsuite and then starting cdk from devstudio - that is our most important use case.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
9 years, 6 months